Misc: New phishing scam trick (take II)

Subject: Misc: New phishing scam trick (take II)
From: Geoff Hart <ghart -at- videotron -dot- ca>
To: CEL <copyediting-l -at- listserv -dot- indiana -dot- edu>, TECHWR-L <techwr-l -at- lists -dot- techwr-l -dot- com>
Date: Mon, 08 May 2006 14:19:30 -0400

A few folks have noted, privately or online, that it's best to simply delete messages from banks, Paypal, and so on. This is generally sound advice, but it's important to note that doing so runs the risk of missing important information. For example, I've signed up to be notified by e-mail of Paypal policy changes, and every so often, my bank or credit card company does contact me by e-mail.

That's why my advice remains valid: "...go to that location yourself: manually type the URL in your browser. Don't ever click on the link in an e-mail, since (as this example shows), the phishers can be exceptionally clever at tricking us." In many cases, as is true for my bank, there's a special message area that I see as soon as I'm safely logged in. Or I can call the local branch and ask what's up.

Janice Gelb noted: <<Actually, the safest thing to do is not to pay attention at all, no matter how legitimate the mail looks, unless the email has your specific customer name as the addressee (e.g., "Dear Geoff Hart" or "Attention: Janice Gelb"). Online contacts that are legitimate always put the customer name in the message; phishers obviously can't.>>

Wish it were that simple, but it's not. I've received a goodly number of phishing messages containing my full name and occasional ones containing the names of colleagues. Names are easy to generate automatically from name databases or to harvest by trolling newsgroups; indeed, some of the spam I get makes it look like someone is feeding Web site addresses into the "Whois" service to extract the names of Web site owners.

I get many messages per week "misaddressed" to someone else, presumably in the vain hope that I'll contact the sender and say "you sent this to the wrong guy", thereby revealing myself as the kind of person who responds to these messages. I don't. If I recognize the person's name, I'll contact them myself. If not... trash the message and ignore it.

Janice concluded: <<If you're really concerned, log in to your account normally from another window unrelated to the spam at all. Or, just ignore it. If something's really wrong, they'll contact you again.>>

Agreed. Of course, if you're running Windows* and use online banking, credit card management, Paypal, or the like, you should make regular antispyware scans (and updates of your software) part of your regimen. And you should probably replace Internet Explorer with Firefox for such transactions. Typing your confidential information into a browser window won't do you much good if your system is infected by a keystroke logger or if (as is the case for IE) your browser is about as secure as a paper bag filled with water.

* Not to start a Mac vs. Windows war. Thus far, there is no documented Mac spyware and only a handful (literally... no more than 5 at last count) of viruses for OS X. By way of comparison, the software on my PC has a scan database rapidly approaching 50K entries. Macs will eventually be hit too, but for now, it's Windows users who have to be excruciatingly cautious.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --
Geoff Hart ghart -at- videotron -dot- ca
(try geoffhart -at- mac -dot- com if you don't get a reply)
www.geoff-hart.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

WebWorks ePublisher Pro for Word features support for every major Help
format plus PDF, HTML and more. Flexible, precise, and efficient content delivery. Try it today!. http://www.webworks.com/techwr-l
Doc-To-Help includes a one-click RoboHelp project converter. It's that easy. Watch the demo at http://www.DocToHelp.com/TechwrlList

---
You are currently subscribed to TECHWR-L as archive -at- infoinfocus -dot- com -dot-
To unsubscribe send a blank email to techwr-l-unsubscribe -at- lists -dot- techwr-l -dot- com
or visit http://lists.techwr-l.com/mailman/options/techwr-l/archive%40infoinfocus.com


To subscribe, send a blank email to techwr-l-join -at- lists -dot- techwr-l -dot- com

Send administrative questions to lisa -at- techwr-l -dot- com -dot- Visit
http://www.techwr-l.com/techwhirl/ for more resources and info.


Follow-Ups:

References:
Misc: New phishing scam trick: From: Geoff Hart
Re: Misc: New phishing scam trick: From: Janice Gelb

Previous by Author: Text Aloud and Voice Narration Recommendations Requested?
Next by Author: Looking for re-packaging publishing app?
Previous by Thread: Re: Misc: New phishing scam trick
Next by Thread: Re: Misc: New phishing scam trick (take II)


What this post helpful? Share it with friends and colleagues:


Sponsored Ads