Phishing For Humans

If the title of this article sounds a little phishy to you, it’s because it is.

What is phising you might ask?  The long and short of it is this.  It is an illegal attempt by a cybercriminal to steal sensitive information from an unsuspecting victim, using email manipulation.  Now that we’ve gotten the fancy terminology out of the way, let’s break it down.

Analyzing the con:  The Ebay Phish

The victim receives an email for example purposes from – fraudalert@ebaybillingdept.com-

The good cybercriminal will even have real images included in this message to make you think it came from the actual site ( http://www.Ebay.com) .  There is usual some compelling message to try and get the user to part with his/her personal details.  For example the message might read:  We are sorry to inform you that we have had a security breach in our department and in order to keep your account details secure please update them on our new server.  Failure to do so may result in losses to you the account holder that “we will not “, be held liable for.  For your safety, please update your account information within 24hrs.  Once again, we are sorry for any inconvenience that this may have caused you.  We value you as a consumer and look forward to your business.  To show you our appreciation, once your account has been updated we will credit your account with $50 that can be used towards paying auction posting fees.

The problem is while the email and the email address looks official and the letter sounds promising it is all a scam.  A person would see that the letter is from fraudalert@ebaybillingdept.com and just assume that it is from ebay especially when the corresponding message is along the same lines.

The same scam can come in different forms.  Rather it be from a look-a-like   http://www.Paypal.com or from your bank or credit card company the same rules apply.  In the event that you think this message may be authentic, here is what you do.  Open up a new browser and type the real website address in yourself.  Then email support and ask if they sent out such a message.  I’m willing to bet my left leg, right ear, and half my heart that they didn’t.

Do not give up your information.  I repeat do not give up your information.  They may try and scare you and say your account will shut down tomorrow.  Do not be fooled.  In fact, the message should be treated like exactly what it is, SPAM.  And we all know what to do with SPAM right?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: