Jim Doty - Photo Blog

Photography: Photos, News, and Tips
Wednesday, January 28, 2004

California Poppies, Photo (c) Jim Doty, Jr.


NEVER give credit card numbers, bank account numbers, pin numbers, or any other personal information to someone that emails you and asks for it.

Unscrupulous people set up bogus sites that imitate the web sites of real companies, and then they send out emails to get people to go to the website and enter personal information. This practice is called phishing (pronounced like fishing). When they acquire personal information, they use it to open accounts in the name of the person they stole the information from.

I received this email today (I omitted the sender's email address and most of the link I was supposed to click):

**** ****

_Dear_ Citibank-Online Member_,

_This E-MAIL was _sent_ by_the_ CitibankOnline serevrs to
veerify _your_ Email addres_.
You muust ceomtlpe this psocers by clicking on _the link
below and enteering in the smal winddow your _citibank
Atm_ Card Nummber and _PIN that you use_ on_the Atm Machine.
That is done - for_your poectrtion -K- becourse some of our
memmbers no legonr have acsces to their email adeesrsds
and we must verify it.

http://citi-card.org . . . . . . .

To veerify your _E-MAIL_ addres and acccess your_ _citibank_
account, clik on the_link _bellow_.


**** ****

Notice the bad grammar and spelling that indicates that this originated from a non-English speaking country. Definite tip offs to a phishing expedition. I do not even have a Citibank account.

Citibank has a link to report suspicious emails on this page. It so happens that the suspicious email I received is already on their list.

Not all phishing emails are this poorly done. I received a very well worded and well prepared email telling me my Yahoo account was about to expire. I clicked on the link and it took me to a very good imitation of the Yahoo website, complete with the Yahoo logo, colors, and page layouts. Even the website address in the status bar was a Yahoo address, but it was not a Yahoo site. It was all a fake, including the Yahoo address. Yahoo does not send out emails and ask you to go to a their website to verify personal information.

Yahoo has a page with information about password scams and how to tell the fakes Yahoo sites from the real Yahoo site. Many other companies that do business online have similar information.

When in doubt, don't click that link.

Be wary of any email asking for personal information. Someone may want to go phishing in your financial pond.


  This page is powered by Blogger, the easy way to update your web site.  

Home  |  Archives