Phishing For Humans

August 25, 2008

If the title of this article sounds a little phishy to you, it’s because it is.

What is phising you might ask?  The long and short of it is this.  It is an illegal attempt by a cybercriminal to steal sensitive information from an unsuspecting victim, using email manipulation.  Now that we’ve gotten the fancy terminology out of the way, let’s break it down.

Analyzing the con:  The Ebay Phish

The victim receives an email for example purposes from – fraudalert@ebaybillingdept.com-

The good cybercriminal will even have real images included in this message to make you think it came from the actual site ( http://www.Ebay.com) .  There is usual some compelling message to try and get the user to part with his/her personal details.  For example the message might read:  We are sorry to inform you that we have had a security breach in our department and in order to keep your account details secure please update them on our new server.  Failure to do so may result in losses to you the account holder that “we will not “, be held liable for.  For your safety, please update your account information within 24hrs.  Once again, we are sorry for any inconvenience that this may have caused you.  We value you as a consumer and look forward to your business.  To show you our appreciation, once your account has been updated we will credit your account with $50 that can be used towards paying auction posting fees.

The problem is while the email and the email address looks official and the letter sounds promising it is all a scam.  A person would see that the letter is from fraudalert@ebaybillingdept.com and just assume that it is from ebay especially when the corresponding message is along the same lines.

The same scam can come in different forms.  Rather it be from a look-a-like   http://www.Paypal.com or from your bank or credit card company the same rules apply.  In the event that you think this message may be authentic, here is what you do.  Open up a new browser and type the real website address in yourself.  Then email support and ask if they sent out such a message.  I’m willing to bet my left leg, right ear, and half my heart that they didn’t.

Do not give up your information.  I repeat do not give up your information.  They may try and scare you and say your account will shut down tomorrow.  Do not be fooled.  In fact, the message should be treated like exactly what it is, SPAM.  And we all know what to do with SPAM right?

Hello world!

August 25, 2008

Welcome to cybercriminal.  Each week I will try to explore the different scams that are out there, and make you aware of not only what they are, but what you can do to prevent yourself from becoming a victim.  Who better to tell you what not to do, than a cybercriminal himself.  The time it will take for you to read these short but very informative articles should take you no more than 3 minutes per article.  What you need to ask yourself, Is protecting my entire life savings worth 3 minutes?  If not, feel free to skip over this blog for latest celebrity gossip.  I know of ten cybercriminals that will thank you.


Follow

Get every new post delivered to your Inbox.