Click here for the home page 

The Xenophile Historian

K. U. P.

(Kimball's Unauthorized Perversion)

Don't Become Phish Food

It seems that whenever I figure out how to deal with one online menace, something worse comes along. First I posted a rant on urban legends, and along came spam to jam the highways of cyberspace. Then I managed to reduce the amount of spam coming in each day to single-digit figures, and now we have a sub-category of spam called "phishing," which can do real harm to those who respond to it. I don't know what phishing has to do with Phish, the band that became the Grateful Dead of the 1990s, but it is a serious problem, a new way for scammers to commit the crime of identity theft. In 2005 sent me an e-mail listing ten ways to recognize a letter from a "phisher." For your benefit, I am forwarding that list to you. The comments in Italics are mine:

1. Generic greetings. Many phisher emails begin with a general greeting, such as: "Dear member." If you do not see your first and last name, be suspicious.

2. A fake sender's address. A phisher email may include a forged email address in the "From" field. This field is easily altered.

3. A false sense of urgency. Many phisher emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim they’re updating their accounts and need your information fast.

4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
- Direct you to a phisher website that tries to collect your personal data.
- Install spyware on your system. Spyware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
- Cause you to download a virus that could disable your computer.

5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information.

6. Deceptive URLs. Only enter your EarthLink password on EarthLink pages. These begin with,,, etc.
- Even if a URL contains the word "EarthLink," it may not be an EarthLink site. Examples of deceptive URLs include:,,, and

7. Misspellings and bad grammar. Phisher emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
(By gaps in logic, I assume they mean those cases when I get an e-mail claiming to be from a bank I have never heard of. It cracks me up when they say they need my account number. Who are they trying to kid?)

8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.

9. Pop-up boxes in an email are not secure. Don’t enter personal information into them.

10. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment unless you know the person that sent it to you. Most people become infected by clicking on some sort of attachment that causes them to download spyware or a virus. (See what I wrote about attachments elsewhere in this chapter.)

(2012 update) Phishing can happen over the phone, as well as by e-mail. Case in point: Recently I got a strange phone call that showed up on my caller ID as 202-011-3341. When I answered it, a guy with a heavy Indian accent told me he was from "Microsoft Windows Help," claimed that my computer was infected with a virus, and said that I needed to turn it on.

I hung up after arguing for half a minute. Too many warning signals were touched off by that call. First, there were too many voices in the background; it sounded more like a boiler room operation than your typical customer service center. Second, in the past I have gotten technical support from an Indian company called iYogi, but when they call, they use a toll-free number, not a number from the 202 area code. IYogi's technicians speak better English, too. Third, no American phone number starts with a zero; they probably masked the real number from my caller ID. Fourth, I have used Microsoft products since the mid-1990s, but I can't remember Microsoft ever calling me; I always called them.

Just to be on the safe side, I gave my computer a complete virus scan afterwards. It didn't surprise me a bit when no bugs or malware turned up. I also Googled the phone number, and found others reporting it as coming from a scam artist. I'm sure that if I had complied with the caller's demands, they would have taken control of my computer, for whatever mischief they had in mind.

Aside from the phisher calling me, this is the same type of scam as phishing by e-mail; the goal is identity theft, or to infect another computer. Fortunately my antivirus software is up to date, and I have identity theft protection for a worst case scenario.

(2013 update) I just got another call like the above one. This time the bogus number was 253-802-0309 and they called at 10:49 PM, for crying out loud!

Support this site!

© Copyright 2016 Charles Kimball

Return to Chapter 7

Remember to check out the rest of the content on this site.