Summary: Phishing is a way that internet scammers trick you into providing your personal and financial details. Phishing opens the door to identity theft, and more.
I've received an email from "suspend@msn.net" asking for billing details and threatening the end of my MSN service. Contacting MSN resulted in referral to a support alias, but no answer. Is this a problem, or a forgery?
•
Phishing is a word you hear a lot in the news these days, and this question brought it to mind.
You're right to be suspicious: this definitely sounds like a phishing expedition.
•
Phishing is very much like fishing, except that you're the fish and that threatening email is the bait. If you bite, you run the very real risk of account or identity theft and all the hassle that entails.
Here's how it works:
The bad guys, or "phishers", create an email that looks VERY much like an official email from some important entity, like eBay, MSN, Paypal, or perhaps a bank. The email asks you to visit some site that also looks very official and proper. At that site you're then prompted to enter all your personal information, typically in the guise of "verification".
The problem is that you've just handed over all your personal information to a thief.
The single biggest clue is simple: legitimate businesses never ask you for your private information via email. It's that simple.
The second clue is the link they're asking you to click on. It may look like it links to eBay, but in fact is goes somewhere else entirely. Here's an example:
http://www.ebay.com/
That's a link to eBay, right?
No, it's not.
In most browsers if you hover the mouse over that link, you'll see that it does not go to eBay at all, (you'll see the real destination either in popup text, or in the browser's status line near the bottom of the window). But it certainly looks like it does. If you click on it, you'll be taken somewhere else entirely.
These same tricks work in HTML formatted email, which is what most of these phishing attempts use.
In the example above, it's obvious you're not at eBay if you click through. But if the destination site also looked like eBay, you could be fooled into thinking it was legitimate. Even more so, if the domain "kinda sorta" looked like an ebay domain. Maybe something like http://www.ebay.verification.somerandomservice.com - you might look at that and see the "www.ebay" and stop reading - and yet it's the stuff at the other end of the domain name - somerandomservice.com in this example - that tells you the most about where that link might really go.
So if you're tempted at all, hover your mouse over the link, and look before you click:
-
The actual destination should match what you expect. Exactly. If the link claims to be eBay, http://ebay.hacker.com is not where you want to go. Nor is http://www.ebay.cc (note that it's not ".com"). In the original question, "msn.net" as a return address is not the same as "msn.com". That's a big red flag.
-
The actual destination should be a name, not a number. If the destination of the link takes you a link that has numbers, such as http://72.3.133.152, chances are it's not valid.
-
The actual destination should be secure. That means it should begin with https:. If the target destination for anything that claims to be secure, or account validation related begins with the regular, unsecured http:, chances are it's not legitimate.
The single, most important rule regarding these emails is simple: if they provide a link to click on, ignore the link - do not click on it. Never click a link in the email itself.
If you must satisfy your curiosity, or just want to double check what might be going on then type what you know to be the correct URL into your browser by hand, and login to your account as you normally would. If there's something you need to do or verify, then you'll probably see it then.
And if you're still not sure, then give the institution a call or contact their support line or search their support site. Trust me, they'd much rather have you ask than have to deal with the possibility of identity or account theft.
For another approach to phishing that uses only email, check out Is Windows Live Hotmail about to close my account? I also discuss there some additional signs that an email message may not be legitimate.
(This is an update to an article originally published February, 2005.)
Related:
-
Can I prevent phishing attacks by using a bookmark? You can prevent phishing attacks several ways; the most common is to never click on an emailed link. Bookmarks can be also be used to prevent phishing.
-
Why does my anti-malware software say a link is suspected phishing? Anti-malware software examines links to see if they go where they claim to go. The problem is that valid links can be mislabeled as phishing attempts.
-
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
Article C2276 - November 28, 2009
Leo, How did you that?! I hovered my mouse over that sample ebay link in your Phishing article, just like you said to do, but it was really a Link to Latte for Leo!! Tell us how you did that! BTW, lattes are fattening! Michelle
Posted by: michelle at February 27, 2006 7:23 AMLeo Guess What!??
I've got too much time, and so found out that
http://www.ebay.cc is a real website.
Er...Well..It was.
Now it's for sale!
As I said, I've got too much free time.
Well,
see-ya later!!!
PS:
Posted by: jereme at August 8, 2006 9:55 PMMsn.net takes you to Msn.com
ebay.hacker.com takes you to sea.search.msn.com
my typing error of Ebat.cc also takes you to sea.search.msn.com
And http://72.3.133.152 takes you to a custom made 404 does not exist, by Plentic.
Dear Dr. Leo,
Posted by: Lily at December 12, 2007 11:46 PMThe phishing attacked my email address just in the same way as you described. I received an email which seems to come from Window Live... and ask me to supply my personal information to update my account, otherwise my account will be closed in a couple of days. To avoid any inconvenience, I updated my personal information. Since yesterday, I failed to log in my account. Subsequently, some of my friends informed me that they received an email from my hotmail account claiming that "I" was in trouble in a African country where I have never been and ask them to send "me" some money. Thank you for your informative help. I will never be a fish of "phishing".
When signing in to hotmail tonight, I was asked to verify my account and give my email address and password again. Then I was asked whether or not I agreed to hotmail live's terms of service and privacy policy. I clicked on yes, and got the same screen again. I completed it a second time. Then I could not log into hotmail and was told that my site might not be working at this time or my site might not be a certified windows live site. Your article makes it appear that this web site was actually phishing. Now what do I do?
Posted by: Jacki Richey at January 29, 2008 8:26 PMI've had my own experiences with phishing, which I have written about on my own site: http://www.geocities.com/terryhollett2003/Phishing.htm
Posted by: Terry Hollett at February 9, 2008 8:14 AMhi,
i would just like to say thank you,
i recently have been getting emails from according to email from the royal bank of scotland,
the email actually said:
Dear Royal Bank Of Scotland Customer,
Update and verify your information by clicking the link below:
">">https://www.rbsdigital.com/default.aspx?refererident/upgrade>
*Important*
NOTE: FAILURE CAN RESULT TO ACCOUNT SUSPENSION.
Posted by: kim at March 4, 2008 6:39 AMP. R. Crush
Security Advisor
The Royal Bank of Scotland © 2008.
i did click on the link but my security on the pc said that the site is a reported phishing website, so i typed what a phising site was on google and this is why im reading this article.
i didnt have a clue about it
I assume that the following (series) of emails to me are a scam, but Hotmail makes it almost impossible to verify. Can anybody help?
Thanks! -Rich
[LARGE collection of scam/phishing examples deleted.]
Here's the official word from Microsoft on this scam: Phishing Scam: Hotmail Warning (Verify Your Hotmail Account Now to Avoid it Closed)
Visiting Windows Live Help is always a good first step.
28-Jun-2009
Michelle,
You sound surprised that a link that says "www.ebay.com" to the user could actually go to buyleoalatte.com instead. But, think about it. How many times have you seen "click here to do something", and never thought "how does that do to a website not called "click here"?
The answer is simple... That's how HTML works. There is an HTML tag which says "when you click here, do this", and the text within it is what is displayed to the user.
Basically (hoping the formatting comes through):
<a target="_blank" href="phishing_site_URL">real site name</a>
Posted by: Ken B at November 30, 2009 9:26 AMGo to http://www.sonicwall.com/phishing/index.html for a phishing test. I answered nine of the ten questions but chose "no answer" for one of them, giving me a score of eight out of ten. The "Explain Answer" links on the test results page have some helpful pointers for detecting phishing.
Posted by: Merna B. at December 2, 2009 2:17 PMMerna, I went to sonicwall.com to take the phishing test, and I got nine out of ten right. Thx for the educational tip!
Posted by: Lee Nelson Guptill at December 7, 2009 7:47 AM