Tip #3798 - It's Phishing Time
Printer Friendly Version | E-Mail This Tip
It's
Phishing Time
I almost got hooked
the other day by a company trying to find out my personal information
through a scam called phishing. Not familiar with phishing? Well, in order
to understand what I am about to cover, we first have to understand what
phishing means. Read here
for a complete description.
Okay, once you've
got that handled, here is an example of what I'm talking about. I was
checking my e-mail when I received this message in my Inbox (I removed
the hyperlinks for this example):
**PLEASE READ
THIS IMPORTANT EMAIL REGARDING YOUR LISTING(S)**
We would like
to let you know that we removed your listing because the intellectual
property rights owner notified us, under penalty of perjury, that your
listing or the item itself infringes their copyright, trademark or other
rights.
We have temporarily
suspended activity on your account in order to allow us to investigate
this matter further. If you believe that this action may have been taken
in error or if you feel that your account may have been tampered with,
please contact our Live Help team so that we can provide additional information
and work with you to resolve this issue.
We have credited
any associated fees to your account. We have also notified the bidders
that the listing(s) was removed and that they are not obligated to complete
the transaction.
If you believe
your listing was ended in error or have questions regarding the removal
of this listing, please click here or contact the intellectual property
rights owner directly at: Entertainment Software Association.
Ebay is available
to answer questions, but since it is the rights owner that requested the
removal of your listing(s), we encourage you to contact them first.
For more information
on Ebay's cooperation with rights owners through the VeRO Program and
a list of rights owners that have created About Me pages, please visit:
https;//pages.ebay.com/vero-removed-listing.html
https;//pages.ebay.com/help/community/vero-aboutme.html
Thank you for
your cooperation.
Regards,
Customer Support
(Trust and Safety Department)
Ebay, Inc.
Well, to someone who
doesn't know any better, this may look like a legitimate e-mail. So, they
would probably click on the links and fill out their personal information.
Unfortunately, that is the wrong thing to do, because that is the whole
purpose of phishing. If you do that, you're giving the hackers exactly
what they want.
Phishing typically
comes in the form of e-mails targeting a recipient. There are some scams
that just ask the person to update their information, but this specific
one was informing me that the activity on my Ebay account was temporarily
suspended and that I needed to visit the links they provided.
Well, when I clicked
on the link above, this is what I got:
The picture above
looks like an Ebay sign up, but take a closer look at the Web address
it gave me when I clicked on it:
If you look at that
link, it's obvious it isn't from Ebay at all. This is often called a spoof
link. It cloaked the true destination of the link. So, a good
way to tell if it is a legit site or not is to look where the link takes
you in your browser's address bar.
The actual Web page
above would be what we would call a hoax Web page. This
term simply means that the page is made up of graphics stolen from the
actual Web pages and an interface made up to steal a person's identity.
So, what happened
when I clicked on one of the links? Well, it took me to the sign in page
shown above, which is the hoax Web page that this particular Ebay scam
uses. That page is a gateway that someone created and tailored to make
it look like a legit Ebay page, just to get your personal information.
If I would have went
through the entire form and actually filled everything out and sent it
in, it wouldn't have gone to Ebay. Rather, it would have went to whoever
is behind this scam. As a result of me falling for this scam, someone
would now have all the information they needed to commit identity theft,
using my good name. A good name and a good credit history that took me
a lifetime to build up, could be all destroyed in the blink of an eye
and that is very scary to even think about.
So, the best thing
to do to avoid falling for a scam like this one is the following:
You need to look for
any kind of spelling or grammatical errors, because that is a real tip
off. If they don't know their English very well, there will, more than
likely, be some errors. Also, if it asks you to fill in information regarding
your bank account information or even your username and password, it's
fake, because Ebay (or any other sites, for that matter) would never ask
for that kind of information.
If it asks you to
verify your username or password, it is most likely not a genuine site.
If it asks you to do this, just type in the URL that it's known to be
associated with and any information they want you to verify will be brought
to your attention. Be sure to look at the hyperlinks for any weird characters
or anomalies that you normally wouldn't see in a Web address as well.
With this information
in hand, you will be able to see through e-mails like these for what they
truly are: a scam. I tend to follow a general rule of thumb if I get e-mails
like this. I just log into my account from the known Web address and check
my account to see if I do actually have any issues that need to be addressed.
Lastly, please keep
this in mind: If Ebay needed to contact you, they would have a message
appear when you log into your account informing you of anything that needs
your attention. If you find one of these e-mails, please inform the legitimate
company's help line or IT department as soon as possible.
If you have any questions,
contact Ebay and address it as pertaining to the phishing scam you received
and/or your account.
Until next time, keep
your shields up!
~ Shawn
Want To Comment On This Tip? Click Here! We'd love to hear from you :-)
Like These Tips? Get 'Em Free In Your E-mail
