Phishing? What's Phishing?

Helping people with computers... one answer at a time.

Phishing is a way that internet scammers trick you into providing your personal and financial details. Phishing opens the door to identity theft, and more.

I've received an email from "suspend@msn.net" asking for billing details and threatening the end of my MSN service. Contacting MSN resulted in referral to a support alias, but no answer. Is this a problem, or a forgery?

•

Phishing is a word you hear a lot in the news these days, and this question brought it to mind.

You're right to be suspicious: this definitely sounds like a phishing expedition.

•

Phishing is very much like fishing, except that you're the fish and that threatening email is the bait. If you bite, you run the very real risk of account or identity theft and all the hassle that entails.

Here's how it works:

"... legitimate businesses never ask you for your private information via email. It's that simple."

The bad guys, or "phishers", create an email that looks VERY much like an official email from some important entity, like eBay, MSN, Paypal, or perhaps a bank. The email asks you to visit some site that also looks very official and proper. At that site you're then prompted to enter all your personal information, typically in the guise of "verification".

The problem is that you've just handed over all your personal information to a thief.

The single biggest clue is simple: legitimate businesses never ask you for your private information via email. It's that simple.

The second clue is the link they're asking you to click on. It may look like it links to eBay, but in fact is goes somewhere else entirely. Here's an example:

http://www.ebay.com/

That's a link to eBay, right?

No, it's not.

In most browsers if you hover the mouse over that link, you'll see that it does not go to eBay at all, (you'll see the real destination either in popup text, or in the browser's status line near the bottom of the window). But it certainly looks like it does. If you click on it, you'll be taken somewhere else entirely.

These same tricks work in HTML formatted email, which is what most of these phishing attempts use.

In the example above, it's obvious you're not at eBay if you click through. But if the destination site also looked like eBay, you could be fooled into thinking it was legitimate. Even more so, if the domain "kinda sorta" looked like an ebay domain. Maybe something like http://www.ebay.verification.somerandomservice.com - you might look at that and see the "www.ebay" and stop reading - and yet it's the stuff at the other end of the domain name - somerandomservice.com in this example - that tells you the most about where that link might really go.

So if you're tempted at all, hover your mouse over the link, and look before you click:

The actual destination should match what you expect. Exactly. If the link claims to be eBay, http://ebay.hacker.com is not where you want to go. Nor is http://www.ebay.cc (note that it's not ".com"). In the original question, "msn.net" as a return address is not the same as "msn.com". That's a big red flag.
The actual destination should be a name, not a number. If the destination of the link takes you a link that has numbers, such as http://72.3.133.152, chances are it's not valid.
The actual destination should be secure. That means it should begin with https:. If the target destination for anything that claims to be secure, or account validation related begins with the regular, unsecured http:, chances are it's not legitimate.

The single, most important rule regarding these emails is simple: if they provide a link to click on, ignore the link - do not click on it. Never click a link in the email itself.

If you must satisfy your curiosity, or just want to double check what might be going on then type what you know to be the correct URL into your browser by hand, and login to your account as you normally would. If there's something you need to do or verify, then you'll probably see it then.

And if you're still not sure, then give the institution a call or contact their support line or search their support site. Trust me, they'd much rather have you ask than have to deal with the possibility of identity or account theft.

For another approach to phishing that uses only email, check out Is Windows Live Hotmail about to close my account? I also discuss there some additional signs that an email message may not be legitimate.

(This is an update to an article originally published February, 2005.)

Article C2276 - November 28, 2009

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

Can I prevent phishing attacks by using a bookmark? You can prevent phishing attacks several ways; the most common is to never click on an emailed link. Bookmarks can be also be used to prevent phishing.
Why does my anti-malware software say a link is suspected phishing? Anti-malware software examines links to see if they go where they claim to go. The problem is that valid links can be mislabeled as phishing attempts.
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.

Recent Comments

16 Comments

Go to http://www.sonicwall.com/phishing/index.html for a phishing test. I answered nine of the ten questions but chose "no answer" for one of them, giving me a score of eight out of ten. The "Explain Answer" links on the test results page have some helpful pointers for detecting phishing.

Posted by: Merna B. at December 2, 2009 2:17 PM

Merna, I went to sonicwall.com to take the phishing test, and I got nine out of ten right. Thx for the educational tip!

Posted by: Lee Nelson Guptill at December 7, 2009 7:47 AM

So, I feel like a moron. I got an email from a guy named Mark Savorn regarding a rental, shortly after emailing several people who had rentals posted on craigslist. In Savorn's email, he made no reference to the listing number, number of bedrooms, location, or any other identifying factor or way in which I could link this email to any particular rental listing on the site. There was however, a very reasonable tone about his email and what seemed like a harmless request to fill out a credit report. I wasn't sure what to think, but despite the fact that I was a little suspicious, I clicked on the link! uh--whoops! so now i'm wondering how bad it is to click? I didn't fill anything out, just looked at the site, then left it. I don't do any online banking, but occasionally make purchases online so what are my chances of not being screwed here? I got smart just a minute too late and googled the guys name, and it's plastered all over flakelist.org! Help!

Posted by: Rosemary at September 4, 2010 3:03 PM

I am so desperate looking for a house I did not even think to check the link location. I filled out personal information on what seemed to be a credit checking site. I'm wondering where I go from here now that the information has already been accepted.

Posted by: A-K at October 1, 2010 6:09 PM

Hi everyone, Hi Leo.
I've got a question to you Leo( or everyone who can answer my question), it could be that my question is totally stupid but, how did you do that 'www.ebay.com' , so that it leads to another website? Can you teach me how to do it? so i can do something similar to prank my friends?(btw:i have my own subdomain, so it would like to give an existing link to my friends that leads to my own site..) Bye and thanks in advance

I'd recommend learning basic HTML as the best way to learn how to do this kind of thing.

15-Jul-2011

Posted by: Alex at July 15, 2011 8:09 AM

See all 16 comments...

Post a comment on "Phishing? What's Phishing?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/phishing_whats_phishing.html