A lot has been written about all known kinds of scams including "Phishing". But criminals keep on throwing their nets and having quite a good take. Therefore we have to continue exposing the phishing attempts. And since "it is better to see once than hear 10 times" I want to share with you 2 emails that I have recently received.
These are really similar letters (in fact it is almost the same one with tiny differences). The letter(s) are as follows:
1. We were unable to authorize charges to the Credit Card Number you provided.
2. Your Amazon Account will be Closed!
"Dear AOL Client, (Dear Client)
As part of our security measures, we regularly screen activity in our network.
We recently noticed the following issue on your account: A recent review of your transaction history determined that we require an update of your account in order to provide you with secure services.
We apologize for any inconvenience this may cause.
You must click the link below and fill in the form on the following page to complete the verification process.
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.
AOL (Amazon) Billing Department"
As said, I clicked the link and saw a "secure" form asking for my name, address, credit card details and so on. It is clear that filling out this form would cause me a substantial financial loss. But how do I know that these letters are phishing? Simple: I am not and have never been a client of AOL. And how would l know if it weren't, say, a letter "from my bank"?
In reality, it is very difficult to reveal a scam without special knowledge. But a normal person cannot be expected to know all the technical details. Besides, even a great amount of knowledge doesn't always help to prevent deception. As in O'Henry's story "The Gentle Grafter. Modern Rural Sports", a most technologically educated person can be duped by cunning swindlers playing on the person's primary instincts and emotions.
So I will not elaborate on the techie methods. I would only like to note that the links in the letters are spoofed: in the letter, the "Amazon" link location is in India! What I recommend is to be armed with COMMON SENSE and follow a number of IRON rules:
- Legitimate companies do not send impersonal letters (they know your name/ID, while the phishers - do not);
- Legitimate companies do not ask for sensitive information via email;
- NEVER give your personal or financial information to an organization that you don't know;
- NEVER give your sensitive information if you have not initiated the interaction (since you cannot know who the correspondents really are);
- NEVER send via email your personal or financial information (it is not a secure method);
- Regularly check your bank account and credit card statements;
- If you received a phishing letter forward it to email@example.com.
Be careful !
The Author: Samuel Stambler. Owner of http://www.readerspot.com