By Bryan Dorr
Oct. 17, 2007, 9:56 a.m. PDT
An e-mail arrives in your inbox, saying you need to update your account information by “clicking here.” Does that link really go to your bank or credit union’s Website? Most likely, it does not.
Something smells “phishy” here.
A phishing e-mail is disguised to emulate a legitimate website, but the information provided actually goes to illegitimate sites to siphon personal and financial information to commit identity theft and fraud.
In a HTML e-mail, the type of email that provides fancy fonts and splendid graphics, the link simply says “click here.” There may be a pop-up feature that may display the link or the link address in the status bar, usually at the bottom left corner of the window, but usually goes unnoticed.
Some e-mail programs can disable hyperlinks, depending on the program’s security settings.
In the world of boring, generic plain text e-mail, phishing e-mails are easier to spot. Usually next to the word “click here” is the actual link address which one will be directed to provide all the personal information to the illegitimate Website.
In this case, a credit union in Oregon was requesting account information updates or otherwise the account would be deleted. In the plain text e-mail, the link clearly showed the link being directed to a Website address based in Mexico.
If one were to click on the link in the e-mail while viewing in HTML, a Web page would appear as the credit union’s legitimate login page. A good indicator that a visitor is not on the legitimate page is to look at the URL address at the top of the browser in the address bar. In this case, the page was located on the same Website based in Mexico.
E-mail programs can be set to read incoming e-mail in plain text. Mail readers usually have the option to convert the e-mail into HTML while reading the mail. Plain text mail, however, don’t usually indicate photo attachments which may go missed on legitimate e-mails.
In this case, I found that all available links, such as locations, contact and help were redirecting the visitor back to the illegitimate login page.
If you suspect a phishing e-mail, here are some basic tips:
• Do not reply back to the e-mailer at the e-mail address provided.
• Do not click on any links. Links may contain viruses or spywares that can monitor keystrokes.
• Do not enter and submit in any personal information.
• Contact your financial institution by telephone to verify or report the e-mail.
To learn more about phishing, visit OnGuard Online at http://www.onguardonline.gov/phishing.html.