We've all gotten the e-mails for Viagra and penis enlargers, and from the poor deposed Nigerian royalty asking us to cash his bank check in exchange for which he will give us a percentage (ok maybe only I get the ones for Viagra and penis enlargers). Only a rube who fell off the turnip truck would respond to these.
But I, who consider myself a very Internet-savvy guy, got phished this morning.
Here's how it works. You get a perfectly legitimate-looking e-mail from a web site with whom you have an existing account, like eBay, Amazon, Yahoo, your bank, etc. It catches your attention with some alarming statement such as a missed payment or compromised account security, and has a link for you to click to log in and fix it. So you do. It presents a page that looks for all the world like the site you're accustomed to. You log in with your name and password like you always do. And then you see something that isn't right, and you realize you've just given away your password.
In my case, it was eBay. A few days ago I sold five dead notebook computers. All the buyers paid me. I boxed the computers up and shipped them off. But this morning, I got an e-mail on my Yahoo account that was a message forwarded from eBay from the buyer of one of the computers. It said, essentially, "I paid for this several days ago I've gotten no shipping information from you what gives?" It looked for all the world like every other message e-mail I've ever gotten from eBay as the result of an auction, with the familiar logos, fonts, and color schemes. It even showed a picture of the computer being auctioned.
So I clicked the "respond" button in the e-mail, which took me to eBay like it always does. I logged in with my eBay ID and password, and then saw a screen asking me to confirm my identity by entering in the credit card number used to support this eBay account.
That's not right.
Suddenly the red light went on.
Phished! Shit! Piss!! FUCK!!!
I IMMEDIATELY went to eBay (the REAL eBay), logged in, changed my password, and logged back out. I logged back in with the changed password, checked my messages within eBay, and of course there was no such message.
I then went back to the fake e-mail and used my mouse to hover over the "respond" button. Doing this lets you see the URL address that the link will take you too. Needless to say, it showed an address that was NOT eBay.
I've previously warned Maire Anne and the kids about phishing, and shown them this trick of using the mouse to hover over a link, but this one caught me. The safe thing to do is NEVER click on these links within an e-mail, and instead ALWAYS go directly to the web site (eBay, PayPal, Amazon, whoever) and check your account status.
So now, with my guard back up, I'll try and relax. Maybe listen to "Sample in a Jar."
No comments:
Post a Comment