The Home of C&P Software on the Web

5 Tips to Detect Phishing

What is Phishing?

Phishing is the act of using the internet to gain knowledge of private and usually money related information from a ton of people.  So phishing is like me asking you for all your credit card information using a good cover.  (i.e.: I call you up and tell you that I am with Wachovia Bank and that we are calling to make sure that you did not make certain charges.  - I ask your account number, expiry date and CVV number (3 digits at the back of the card) to verify that this is you and then tell you the charges will be reemoved immediately.  In the meantime, I have all the info I need to use your credit card on the internet whenever I want ...  That was easy.  But you say that you do not have a Wachivia account - I say sorry must have the wrong number and move on to the next person.
 
Another easy way is the send bulk emails that effectively so that you visit a website and enter information that I want.  Check out - http://www.cp-soft.com/wachovia/AuthService.htm.  If you enter the username and password and press Login - I thank you cause you just emailed that information to me and I re-directed you to the real wachivia site...
 
OK so how do you know that it's not really wachovia bank, ebay, or paypal? Here are 5 tips that will be sure fire clues that you are NOT dealing with honest people and should just hang up the phone or delete the emails.

The Tips

 
Tip #1: Be very wary of email you get. If you’re really uncertain about an email, you can learn a lot by using the message headers to find out where it got started.  No one will ever ask you for your password, social security number or credit card information in an email.  It is not safe to send this kind of information in an email because it is not secure. 
 
Tip #2: Banks, sites like Ebay and Amazon, never never send bulk emails that say something like:  Dear Sir (or Madam), your account seems to be...  Ebay and the like will always call you by name and direct you to their website to enter your username and password (see Tip #3)
 
Tip #3: Check the URLs of the links that you are asked to click on. Earlier I asked you to go to http://www.cp-soft.com/wachovia/AuthService.htm and you saw what you though was the login page for wachivia but look the website you visited was www.cp-soft.com: that should be a big clue.  Of course Phishing emails will normally only send you to sites that have an IP address (like: 68.67.234.135) because these sites are up for 5-10 days and then taken down so no one can trace them.  So if the site does not match the URL do NOT click on it.

Tip #4: As well as checking that an email actually sends you to the right website, you can check that it came from the proper place.  If you look at the email headers (check your favorite email client to find out how to see the headers).  Here are the headers from an email that I received "apparently" from Barned and Noble:

Received: from mta.email.bn.com ([198.31.62.91])
 by ns105.101sitehosting.net with esmtp (Exim 4.67)
 (envelope-from <BarnesandNobleEmail@email.bn.com>)
 id 1IiQZ1-0007q4-W3
 for pafortin@cp-soft.com; Thu, 18 Oct 2007 01:17:08 -0700
 
If you check line that says "(envelope-from <BarnesandNobleEmail@email.bn.com>)" you can determine that in fact the email DID come from Barnes and Noble and is most likely authentic.  If it had said something like: "(envelope-from <XXX@XXX.XXX>)", most likely this is a fraud email and you can forward it to your ISP for investigation.

Tip #5: How do you really know that it's really the police department asking for a donation?  Ask the person on the phone to send you their requests in writing.  You see the postal department is an expert fraude investigation agency while the phone company, well, they are not so good.  Fraunds and the like will never send anything in the mail for fear of getting caught by uncle Sam.

Conclusion

If you have already provided information in response to an email or filled out a web form that you are no longer sure is legitimate after reading this article, contact your bank or credit card company immediately an dhave youre credit and bank cards changed.

By now most larger corporations have been the object of some phishing scam remmeber that they are also the victims and that they are willing to help you with these problems so call them report it and they will help you and also do their own investigation which hopefully will lead to some arrests.

Have a great day and practice safe surfing...

Paul