My WHAT is about to expire? (phishing and your information…)
November 14th, 2008At the end of last month I started to get some interesting e-mails. You see, when you have customers and submit their information to so many search engines and sites, you’ve got to understand that interesting e-mails are pretty normal. But these mails were ones that caught my attention - because they were claiming that a domain name was about to expire. Below is an example of one of the ones I received, but all you need to see is one because everything else pretty much was the same.
When these were being received hot and heavy in my inbox (and I’m certain there were thousands of other folks getting these as well) Network Solutions had a great alert and warning on this growing issue. By the time I’m typing these words, that warning is no longer a ‘top news’ item. But it gives me the chance to share some information with you on the practice of phishing.
Wikipedia starts their definition of phishing with these words: In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. (Full Wikipedia information here)
How did I know?
Well, it was pretty easy for me. I don’t use Network Solutions as my domain name provider. So my curiosity was in how did I become the recipient. And that wasn’t too hard to figure out (and it wasn’t what you may think). At first, I thought someone just did a ‘whois‘ lookup and sent mail to the contact information that the query returned. But looking at some of the mails I received, that was not the case at all. It looked like a normal spambot attack where e-mail addresses are spammed and the return address is spoofed. So this is nothing new or special - it happens all too often to all of us!
What can help me?
If you noticed in the image I included above, I happen to have all these mails go to a Gmail account. They do a great job of putting up that red banner that gives a warning that something has been tampered with - in other words, spoofing has taken place. So if you want (or need) to check out a super and free (did I mention FREE?) mail account with over 7Gb of space, maybe you will give Gmail a try.
But not everything requires a tool for help. The first line of defense is you, and your thinking. Take your hand off the mouse (so you don’t click on any links). Take a hard look at what your mail says - it may seem legitimate. But then, look to see who it is from - and by that I mean examine the header information. I’ll assume you know how to do that, but if you don’t - be sure to check the help files in your e-mail client you use. It will tell you how to do this. You see, that name that shows up may give a legitimate name you trust, but the actual respond to address may be different.
The money (or the catch) is that these folks are trusting you to click on a link in the body of the e-mail. It matters not who is in the respond to line, it’s all about clicking on links in the body of the e-mail. So restrain yourself. Don’t do it, just keep your finger off the mouse! Once you’ve clicked, you may be launching some bad installer to put malware on your computer.
I hope this helps someone - if you have information or insight that will assist others, why not leave a comment? Thanks for reading!












