As a geek I’ve always wondered why people fall for phishing schemes. It’s never made sense to me how regular smart people manage to give away their information to anyone with a mail spoofer, up until last week. I didn’t fall for any phishing attempts, but I now sympathize with those who have.
Backstory: A couple of weeks ago a buddy of mine accidently sent $3,500 into my paypal account while attempting to purchase some equipment from a guy on Craigslist. The guy from Craigslist had used an e-mail address on his paypal very similar to mine and autocomplete did the rest. He gave me a buzz and I sent him the money back, minus the transaction fees.
Last week I received an e-mail in my Gmail account stating that Paypal has seen weird activity in my account and that my account will be suspended unless I login and file a reason. Because of the timing of the e-mail, the fact that Google hadn’t recognized it as a phishing attempt AND the fact that there had been weird activity in my paypal account I immediately opened up another browser and logged into paypal to see if there were instructions on how to file a discrepency report.
Upon logging in, everything looked normal. I decided to check the headers of the e-mail that I had recieved. Sure enough, that e-mail was a spoof, a phishing attempt, complete with an obfuscated link directing users to a third party site. As a geek I never trust links in e-mail. I always open up another browser and type in the address myself. My personal information was saved because of this. However this made me come to the realization that phishers aren’t only effective against the non-technical, he had gotten a reaction out of me. The geek in me kept my information safe, but nonetheless he successfully fooled me hook, line and sinker.
As such i thought I’d put up some tips for people reading on how to keep your information safe from phishers.
1) If you are directed to DO ANYTHING from a company you do business with (in my case Paypal), always type the address in by hand. Open up another tab or window and go there, bookmark these sites to save some time if you wish. With html mail it is very easy to make one link look like another, EX http://www.yahoo.com
2) Occasionally you may sign up for something that requires e-mail confirmation, which will send you a link to follow. Always cut and paste the plain text url, do not follow the html link. It’s just good practice to not trust html links in e-mail.
3) If you use Gmail, always click "More Options / Report Phishing Attempt" when you receive these e-mails, it will make the detection more accurate.
4) Anything that asks you to confirm existing information from any institution that you do business with should be ignored
5) If any of the e-mails you received cause concern about ignoring them, make the time to verify by calling or e-mailing the source. For example, if Company X asks you to confirm your information on file, and you feel uneasy ignoring it then e-mail or call Company X and ask.
These 5 simple tips should keep your information safe from phishing attempts. Even when I thought there was a problem with my paypal, I still managed to not divulge any information to a phisherman!