Compu-Jive
GPro Design Client Advice and Tutorials

← Back to Compu-Jive

Phishing? It’s not as relaxing as it used to be, Grandpa

First off, this may be a term you know and it may not, so let’s start there…

What is phishing?

The answer is fairly simple, Phishing is the most common and most destructive attempt to steal your personal information online. The 2 most common ways of phishing are through malicious web sites and email. Ah yes… that lovely spam monster will never go away unfortunately. But that’s another discussion.

Luckily with most companies updating browsers fairly regularly for security purposes, adding malicious websites to their blacklists to protect users like you and I, the website aspect of Phishing has become a far more difficult process for hackers. However, it still traps those not willing to listen to their browser’s advice or use web surfing alternates that just don’t have the same protections as big name companies.

We won’t get into a browser discussion here, but we encourage you to use one of the “Big 5”: Internet Explorer, Firefox, Safari, Chrome, and Opera. There are plenty of excellent modded browsers out there, but once you go there you run the risk of loopholes and backdoors. Not really worth it for minute user interface differences. Come on… it’s the same internet ( If you don’t know what I mean by “modded” or half of this is over your head, DEFINITELY use one of the “Big 5”! ).

So we’re as covered as we can be generally speaking. Safe web surfing practices rely on common sense, but the built-in safe-guards of these browsers will help protect you from having your information “phished”.

Far more dangerous and far less reported is Email Phishing.

Now this is a very specific and tricky way of trying to get your information. Who knows how this hacker or his pet bot got your email address. Maybe you gave it to a “trusted” source, maybe they used a bot to farm the server that hosts your email address… who knows. Frankly it doesn’t matter. Don’t be afraid. I don’t care who you are. If you have email, you get spam. Phishing Emails are very very specific. Their sole purpose is to trick you into giving them your information willingly.

Whaaaat?! Why would you ever do that? You’d be surprised.

It all ultimately comes down to making money of course, so the more frequent phishing emails are in regards to something you are personally associated with that either gives, makes or takes money from you. I have personally seen phishing emails of many kinds in my inbox from fake IRS emails ( which is a federal offense if it came from inside the US ), to PayPal “updates” to the number one culprit in my world: World of Warcraft. I haven’t played in ages, but I get emails saying that I need to “renew my account” or the more genius “someone’s trying to hack your account! click here to prevent this!”

Make no mistake, many of these emails are quite well put together actually. A few of them have actually fooled even me, but luckily I never ever ever click links in emails unless I am 100% certain that it’s safe, AND YOU SHOULDN’T EITHER! This is an example of that “web common sense” I mentioned earlier. That’s how you get viruses and get your identity stolen.

Here are some tips and tricks to help keep you from falling prey to Email Phishing:

#1 AND MOST IMPORTANT – Listen to Yourself
If your gut reaction to the email is that something is shady and/or weird, LISTEN! What’s the absolute worst thing that could happen? The IRS isn’t going to send you one email and then show up to haul you off to jail for not responding. You’ll get another email from them for sure!

#2 – Look for Misspellings or Indifference
Misspellings are insanely common in phishing emails. That’s mainly because a lot of phishing emails come from non-native speakers, but whatever the reason, this is a super easy way to determine the email’s validity. Another glaring mistake is indifference. For example: “To whom it may concern!!! Someone has been trying to access your PayPal account! Please click here now to prevent it”. If you signed up for PayPal, they know your name and will always use it… just like most other legitimate companies.

#3 – Check the Email Address that Sent You the Email
Now this can be a super easy indicator in instances where they use an email address that clearly is not related to the content; i.e. no one with a Yahoo email account is going to be emailing me about my Facebook account status. I would get an email from Facebook. Sometimes this can get tricky because phishers will do what is called “spoofing”. This makes it appear on the surface that you are receiving the email from a real source like “support@facebook.com”, but don’t worry, there is still an easy way to double-check this as well! In most email programs like Mail, Outlook, Thunderbird, etc., there is either a “view source” button or you can right-click on the email and select “view source”. This makes the email look like gibberish and kind of scary, but just scroll all the way to the top and double-check the email address. Simple as that :)

#4 – Go Directly to the Supposed Problem Website
Let’s say they have convinced you of absolutely everything above, or it’s close enough that you’re thinking “I don’t want to lose my Free Realms account.” No problem :) Open your browser and go to the website as you normally would. Once you log in, there will be a warning message for you, or a pop up for information if there is a problem. Believe me – no company is going to hide a problem from you that may prevent them from getting your business lol If you log in to the supposed “problem” website and there’s no obvious problem, well now you know that it was indeed a phishing Email.

Those four steps will literally protect you from Email Phishing entirely because the concept requires that you offer them your information willingly by using their information portals (links within their emails that are fake).

Now before you think this article is over…

THE MOST IMPORTANT THING THAT YOU CAN DO IS REPORT PHISHING EMAILS!!! ICANN and other companies that battle spam/phishing emails can’t do their job without information from users like you and I, and it is SO easy to do!

90% of major online corporation find out about these scams from users like you and consequently most companies also have an email address specifically for the purpose of reporting Email Phishing. Unfortunately they aren’t always the best at making the information obvious to the public, so we dug up a bunch of these elusive email addresses for you!

I probably took you about 10 minutes to read this blog post, so do everyone, including yourself, a favor and take 5 more to enter these emails into your address book for your email program, or just favorite this page so you can reference these reporting emails whenever you need!

All you have to do to report Email Phishing is select the phishing email, click the “Forward” button in your email program, type in the appropriate anti-phishing email above, and press send! That’s it :) With those literal seconds of effort, you just took a proactive step to protect yourself and others in the future of email and the web, and we thank you from the bottom of our hearts.

Here are a few common Email Addresses for Reporting Phishing to get you started:

IRS – phishing@irs.gov
PayPal – spoof@paypal.com
Blizzard (World of Warcraft and other games)hacks@blizzard.com
Check out your local bank for their Phishing email policies

Check out this Facebook post for an even larger list of Email Addresses for Reporting Phishing: http://www.facebook.com/topic.php?uid=318727122785&topic=12404

← Back to Compu-Jive