What is a phish?
A phish is an email that a computer user might receive to from a criminal ‘fishing’ for personal information.
What is the purpose of phishing?
Phishers phish to steal your money. According to wikipedia.org, Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.”
How do you know if you have been phished?
A phishing email is easy to spot. You just have to know what you are looking for.
Here is an example of a phishing email, as well as the common mistakes these criminals make.
Dear XXX Bank Customer, (This was easy for me to spot because I am not a Regions Bank Customer. In addition, a real bank would use the customer’s name)
We are maintaining physical, electronic and procedural safeguards that comply with federal guidelines to guard your personal information against unauthorized access.
At this time* we need you to renew your online account and update our existing database. As soon as our database will be updated* we will make a few anouncements* to our customers regarding this notification, so please renew your Online Services with no delay. (* indicates the numerous spelling and grammar errors such as missing punctuation or gross misspellings as indicated above. It seems that these criminals are not as smart as they think.)
Click the link bellow* to continue:
https://XXX.usersonlnet.com/asp//Ne… (Whenever you come to a link in a suspicious email, you can use it to find out if the email in genuine or not. You only need to right click on the email and choose “properties” and the actual link will be displayed. In this case, the link leads to http://211.67.177.81/images/clv/r… . Does that say XXX bank? No, I do not think so.)
Our database will be instantly updated.
At XXX Bank* we are dedicated to providing you with exceptional service and to ensuring your trust. If you have any questions regarding our services, please check the website or call our customer service. (Where is the contact information?)
(Phishing sample borrowed from random criminal who has no real affiliation with any bank. The bank is merely a target of this phisher.)
In Summation: When you receive an email from any banking institution, or other website that utilizes personal information you need to look for the following:
A phishing email will not address you by your name. They will either call you customer, or use your email address.
A phishing email will have grammar errors and misspellings, which indicated above by an asterisk
A link that is not genuine can be investigated by checking the properties.
A genuine email may tell you to go the website and sign in, instead of giving you a link to visit.
