THE HOLY BOOK OF UNIVERSAL TRUTHS,
K. U. P.
(Kimball's Unauthorized Perversion)
1. Generic greetings. Many phisher emails begin with a general greeting, such as: "Dear member." If you do not see your first and last name, be suspicious.
2. A fake sender's address. A phisher email may include a forged email address in the "From" field. This field is easily altered.
3. A false sense of urgency. Many phisher emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim they’re updating their accounts and need your information fast.
4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a phisher website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.
5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information.
6. Deceptive URLs. Only enter your EarthLink password on EarthLink pages. These begin with https://www.earthlink.net/, ...my.earthlink.net, ...webmail.earthlink.net, etc.
- Even if a URL contains the word "EarthLink," it may not be an EarthLink site. Examples of deceptive URLs include: www.earthlinksupport.com, www.earth1ink.com, www.accounts-earthlink.com, and www.earthlinkcom.net.
7. Misspellings and bad grammar. Phisher emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
(By gaps in logic, I assume they mean those cases when I get an e-mail claiming to be from a bank I have never heard of. It cracks me up when they say they need my account number. Who are they trying to kid?)
8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
9. Pop-up boxes in an email are not secure. Don’t enter personal information into them.
10. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment unless you know the person that sent it to you. Most people become infected by clicking on some sort of attachment that causes them to download spyware or a virus. (See what I wrote about attachments elsewhere in this chapter.)
I hung up after arguing for half a minute. Too many warning signals were touched off by that call. First, there were too many voices in the background; it sounded more like a boiler room operation than your typical customer service center. Second, in the past I have gotten technical support from an Indian company called iYogi, but when they call, they use a toll-free number, not a number from the 202 area code. IYogi's technicians speak better English, too. Third, no American phone number starts with a zero; they probably masked the real number from my caller ID. Fourth, I have used Microsoft products since the mid-1990s, but I can't remember Microsoft ever calling me; I always called them.
Just to be on the safe side, I gave my computer a complete virus scan afterwards. It didn't surprise me a bit when no bugs or malware turned up. I also Googled the phone number, and found others reporting it as coming from a scam artist. I'm sure that if I had complied with the caller's demands, they would have taken control of my computer, for whatever mischief they had in mind.
Aside from the phisher calling me, this is the same type of scam as phishing by e-mail; the goal is identity theft, or to infect another computer. Fortunately my antivirus software is up to date, and I have identity theft protection for a worst case scenario.
Support this site!