Anti-Phishing Tip

We all get those emails that look legit, but aren’t! It could come from a bank or your credit card company. Usually there’s a “problem with your account” and they need you to log in and give them some information or reset your password. My favorite is when they claim that through a computer mishap that they lost all my information, yet miracously they still have my email address. Also another dead giveaway is the first line that says “Dear Valued Customer.” If I was really your valued customer, wouldn’t you know my name and address me directly.

Even though the signs are clear in some cases, people get tricked into clicking the links, winding up on an fake site and divulging tons of private information.

Here’s a tip for Apple Mail users

If you’re an Apple Mail user (the mail app built-in to Mac OS X), then you’ve got a way of quickly verifying where a link goes without actually clicking on it. Take this “Bank of America” email that I got yesterday. Although I wasn’t even remotely tempted to click on the link, I was curious as to where it led to. So I simply hovered my mouse over the link to reveal a popup display that actually shows the REAL URL that you’d go to if you clicked on it. Needless to say, it wasn’t bankofamerica.com.

boaphishing

Although I didn’t click the link, I’m sure if I had it would have taken me to a website that looks just like bankofamerica.com.

This tip also works in Mail on the iPhone

As I wrote in my iPhone Book 2nd edition. You can do this same tip by holding down your finger on a link in the Mail app on the iPhone/iPod touch to see where the link is actually going to take you.

mail-spamhover

What if you don’t use Mail or are on a PC?

Even if you aren’t an Apple Mail app user, there’s a simple tip for you. DON’T CLICK ON LINKS IN EMAILS! If I thought that this email was legit, the safer thing to do would be to fire up my browser manually and key in the URL myself or use a bookmark. That way I’d know for sure what site I was headed to. Even if you are a Mail user a clever programmer can create a link that spoofs the original site. So bottom line, don’t click the links. Chances are if you get an email requesting that you go to a website, login and give them information, it’s an attempt to gain access to your information, passwords, user names, etc.

Be safe!

4 Replies to “Anti-Phishing Tip”

  1. Great tip.

    What if the email uses a third party email vendor that does tracking? Then a legit link will still not display correctly.

    I still wouldn’t click on the link anyway.

    1. philldo,
      which is why I said, “Even if you are a Mail user a clever programmer can create a link that spoofs the original site. So bottom line, don’t click the links.”

  2. I’d add that it’s a good idea to go to View>Message>Long Headers and then forward it to the company that the phishing email is attempting to copy. A quick google search for “phishing *company name*”, etc. will usually give you the address to forward it to (spoof@*company name*, for example).

    Although the tech community is pretty much in-the-know about not clicking on links in suspicious emails, Grandma and Grandpa are usually not as aware. This helps, however small, the companies trace and shut down these sites.

Comments are closed.