Ask Leo! by Leo A. Notenboom

Phishing? What's Phishing?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Home » EMail

Summary: Phishing is a way that internet scammers trick you into providing your personal and financial details. Phishing opens the door to identity theft, and more.

I've received an email from "suspend@msn.net" asking for billing details and threatening the end of my MSN service. Contacting MSN resulted in referral to a support alias, but no answer. Is this a problem, or a forgery?

Phishing is a word you hear a lot in the news these days, and this question brought it to mind.

You're right to be suspicious: this definitely sounds like a phishing expedition.

Phishing is very much like fishing, except that you're the fish and that threatening email is the bait. If you bite, you run the very real risk of account or identity theft and all the hassle that entails.

Here's how it works:

"... legitimate businesses never ask you for your private information via email. It's that simple."

The bad guys, or "phishers", create an email that looks VERY much like an official email from some important entity, like eBay, MSN, Paypal, or perhaps a bank. The email asks you to visit some site that also looks very official and proper. At that site you're then prompted to enter all your personal information, typically in the guise of "verification".

The problem is that you've just handed over all your personal information to a thief.

The single biggest clue is simple: legitimate businesses never ask you for your private information via email. It's that simple.

The second clue is the link they're asking you to click on. It may look like it links to eBay, but in fact is goes somewhere else entirely. Here's an example:

http://www.ebay.com/

That's a link to eBay, right?

No, it's not.

In most browsers if you hover the mouse over that link, you'll see that it does not go to eBay at all, (you'll see the real destination either in popup text, or in the browser's status line near the bottom of the window). But it certainly looks like it does. If you click on it, you'll be taken somewhere else entirely.

These same tricks work in HTML formatted email, which is what most of these phishing attempts use.

In the example above, it's obvious you're not at eBay if you click through. But if the destination site also looked like eBay, you could be fooled into thinking it was legitimate. Even more so, if the domain "kinda sorta" looked like an ebay domain. Maybe something like http://www.ebay.verification.somerandomservice.com - you might look at that and see the "www.ebay" and stop reading - and yet it's the stuff at the other end of the domain name - somerandomservice.com in this example - that tells you the most about where that link might really go.

So if you're tempted at all, hover your mouse over the link, and look before you click:

  • The actual destination should match what you expect. Exactly. If the link claims to be eBay, http://ebay.hacker.com is not where you want to go. Nor is http://www.ebay.cc (note that it's not ".com"). In the original question, "msn.net" as a return address is not the same as "msn.com". That's a big red flag.

  • The actual destination should be a name, not a number. If the destination of the link takes you a link that has numbers, such as http://72.3.133.152, chances are it's not valid.

  • The actual destination should be secure. That means it should begin with https:. If the target destination for anything that claims to be secure, or account validation related begins with the regular, unsecured http:, chances are it's not legitimate.

The single, most important rule regarding these emails is simple: if they provide a link to click on, ignore the link - do not click on it. Never click a link in the email itself.

If you must satisfy your curiosity, or just want to double check what might be going on then type what you know to be the correct URL into your browser by hand, and login to your account as you normally would. If there's something you need to do or verify, then you'll probably see it then.

And if you're still not sure, then give the institution a call or contact their support line or search their support site. Trust me, they'd much rather have you ask than have to deal with the possibility of identity or account theft.

For another approach to phishing that uses only email, check out Is Windows Live Hotmail about to close my account? I also discuss there some additional signs that an email message may not be legitimate.

(This is an update to an article originally published February, 2005.)

Related:

Helpful? Get new articles weekly by email in my FREE newsletter!

Your Name:
Your Email:


Why Subscribe?

Article C2276 - November 28, 2009

Was this article helpful? «Yes» «No»

Recent Comments
13 Comments

Leo, How did you that?! I hovered my mouse over that sample ebay link in your Phishing article, just like you said to do, but it was really a Link to Latte for Leo!! Tell us how you did that! BTW, lattes are fattening! Michelle

Posted by: michelle at February 27, 2006 7:23 AM

Leo Guess What!??
I've got too much time, and so found out that
http://www.ebay.cc is a real website.
Er...Well..It was.
Now it's for sale!
As I said, I've got too much free time.

Well,
see-ya later!!!

PS:
Msn.net takes you to Msn.com
ebay.hacker.com takes you to sea.search.msn.com
my typing error of Ebat.cc also takes you to sea.search.msn.com
And http://72.3.133.152 takes you to a custom made 404 does not exist, by Plentic.

Posted by: jereme at August 8, 2006 9:55 PM

Dear Dr. Leo,
The phishing attacked my email address just in the same way as you described. I received an email which seems to come from Window Live... and ask me to supply my personal information to update my account, otherwise my account will be closed in a couple of days. To avoid any inconvenience, I updated my personal information. Since yesterday, I failed to log in my account. Subsequently, some of my friends informed me that they received an email from my hotmail account claiming that "I" was in trouble in a African country where I have never been and ask them to send "me" some money. Thank you for your informative help. I will never be a fish of "phishing".

Posted by: Lily at December 12, 2007 11:46 PM

When signing in to hotmail tonight, I was asked to verify my account and give my email address and password again. Then I was asked whether or not I agreed to hotmail live's terms of service and privacy policy. I clicked on yes, and got the same screen again. I completed it a second time. Then I could not log into hotmail and was told that my site might not be working at this time or my site might not be a certified windows live site. Your article makes it appear that this web site was actually phishing. Now what do I do?

Posted by: Jacki Richey at January 29, 2008 8:26 PM

I've had my own experiences with phishing, which I have written about on my own site: http://www.geocities.com/terryhollett2003/Phishing.htm

Posted by: Terry Hollett at February 9, 2008 8:14 AM

hi,
i would just like to say thank you,
i recently have been getting emails from according to email from the royal bank of scotland,
the email actually said:

Dear Royal Bank Of Scotland Customer,

Update and verify your information by clicking the link below:
">">https://www.rbsdigital.com/default.aspx?refererident/upgrade>

*Important*

NOTE: FAILURE CAN RESULT TO ACCOUNT SUSPENSION.


P. R. Crush
Security Advisor
The Royal Bank of Scotland © 2008.
i did click on the link but my security on the pc said that the site is a reported phishing website, so i typed what a phising site was on google and this is why im reading this article.
i didnt have a clue about it

Posted by: kim at March 4, 2008 6:39 AM

I assume that the following (series) of emails to me are a scam, but Hotmail makes it almost impossible to verify. Can anybody help?
Thanks! -Rich

[LARGE collection of scam/phishing examples deleted.]

Those are all scams. They don't come from official Hotmail email addresses. The English in the messages is grammatically incorrect. They ask for personal information, which such a message would NEVER do.

Here's the official word from Microsoft on this scam: Phishing Scam: Hotmail Warning (Verify Your Hotmail Account Now to Avoid it Closed)

Visiting Windows Live Help is always a good first step.
- Leo
28-Jun-2009

Posted by: Rich Wenzel at June 27, 2009 9:09 AM

Michelle,

You sound surprised that a link that says "www.ebay.com" to the user could actually go to buyleoalatte.com instead. But, think about it. How many times have you seen "click here to do something", and never thought "how does that do to a website not called "click here"?

The answer is simple... That's how HTML works. There is an HTML tag which says "when you click here, do this", and the text within it is what is displayed to the user.

Basically (hoping the formatting comes through):

<a target="_blank" href="phishing_site_URL">real site name</a>

Posted by: Ken B at November 30, 2009 9:26 AM

Go to http://www.sonicwall.com/phishing/index.html for a phishing test. I answered nine of the ten questions but chose "no answer" for one of them, giving me a score of eight out of ten. The "Explain Answer" links on the test results page have some helpful pointers for detecting phishing.

Posted by: Merna B. at December 2, 2009 2:17 PM

Merna, I went to sonicwall.com to take the phishing test, and I got nine out of ten right. Thx for the educational tip!

Posted by: Lee Nelson Guptill at December 7, 2009 7:47 AM

Post a comment on "Phishing? What's Phishing?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

  • Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.

  • Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.

  • Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

  • Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.

  • Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.

  • I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Please wait. Your comment is being processed ...


Question? Ask Leo!