Helping people with computers... one answer at a time.
Phishing is a way that internet scammers trick you into providing your personal and financial details. Phishing opens the door to identity theft, and more.
I've received an email from "email@example.com" asking for billing details and threatening the end of my MSN service. Contacting MSN resulted in referral to a support alias, but no answer. Is this a problem, or a forgery?
Phishing is a word you hear a lot in the news these days, and this question brought it to mind.
You're right to be suspicious: this definitely sounds like a phishing expedition.
Phishing is very much like fishing, except that you're the fish and that threatening email is the bait. If you bite, you run the very real risk of account or identity theft and all the hassle that entails.
Here's how it works:
The bad guys, or "phishers", create an email that looks VERY much like an official email from some important entity, like eBay, MSN, Paypal, or perhaps a bank. The email asks you to visit some site that also looks very official and proper. At that site you're then prompted to enter all your personal information, typically in the guise of "verification".
The problem is that you've just handed over all your personal information to a thief.
The single biggest clue is simple: legitimate businesses never ask you for your private information via email. It's that simple.
The second clue is the link they're asking you to click on. It may look like it links to eBay, but in fact is goes somewhere else entirely. Here's an example:
That's a link to eBay, right?
No, it's not.
In most browsers if you hover the mouse over that link, you'll see that it does not go to eBay at all, (you'll see the real destination either in popup text, or in the browser's status line near the bottom of the window). But it certainly looks like it does. If you click on it, you'll be taken somewhere else entirely.
These same tricks work in HTML formatted email, which is what most of these phishing attempts use.
In the example above, it's obvious you're not at eBay if you click through. But if the destination site also looked like eBay, you could be fooled into thinking it was legitimate. Even more so, if the domain "kinda sorta" looked like an ebay domain. Maybe something like http://www.ebay.verification.somerandomservice.com - you might look at that and see the "www.ebay" and stop reading - and yet it's the stuff at the other end of the domain name - somerandomservice.com in this example - that tells you the most about where that link might really go.
So if you're tempted at all, hover your mouse over the link, and look before you click:
The actual destination should match what you expect. Exactly. If the link claims to be eBay, http://ebay.hacker.com is not where you want to go. Nor is http://www.ebay.cc (note that it's not ".com"). In the original question, "msn.net" as a return address is not the same as "msn.com". That's a big red flag.
The actual destination should be a name, not a number. If the destination of the link takes you a link that has numbers, such as http://220.127.116.11, chances are it's not valid.
The actual destination should be secure. That means it should begin with https:. If the target destination for anything that claims to be secure, or account validation related begins with the regular, unsecured http:, chances are it's not legitimate.
The single, most important rule regarding these emails is simple: if they provide a link to click on, ignore the link - do not click on it. Never click a link in the email itself.
If you must satisfy your curiosity, or just want to double check what might be going on then type what you know to be the correct URL into your browser by hand, and login to your account as you normally would. If there's something you need to do or verify, then you'll probably see it then.
And if you're still not sure, then give the institution a call or contact their support line or search their support site. Trust me, they'd much rather have you ask than have to deal with the possibility of identity or account theft.
For another approach to phishing that uses only email, check out Is Windows Live Hotmail about to close my account? I also discuss there some additional signs that an email message may not be legitimate.
(This is an update to an article originally published February, 2005.)
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.