Monday, April 18, 2011

An Easy Way To Detect Phishing Sites...

Is a site legit or just a look-alike trying to harvest your e-mail address and password - or worse yet, bank account information?  There are easy ways to find out.

I recently received an e-mail from MICROSOFT  HOTMAIL telling me to "renew your Microsoft Hotmail Plus!"  They asked me to click on a link in the e-mail to "verify" my Credit Card information.

This looked suspicious for two reasons:
1.  First, the MICROSOFT  HOTMAIL was in ALL CAPS and there were two spaces in the name and it looked cut-and-pasted in the e-mail.

2.  Second, the e-mail asked me to click on an embedded link to access the Microsoft Billing site.
Most legitimate online vendors tell you to NEVER, EVER click on an embedded link in an e-mail!  But Microsoft, being its usual lame self, decided to ignore its own warning and sent out this e-mail.  Yes, it was legitimate, believe it or not.  (UPDATE:  I dumped hotmail and switched to gmail.  Damn your eyes, Google!)

And increasingly, companies are sending out e-mails with embedded links, for the simple reason that they get responses.  Yahoo! sent one out recently asking me to "reconnect" with my Yahoo address (they sent me an e-mail, but don't have my address?).  The "scam" was that they wanted me to sign up for some sort of Social Networking site they are starting.

And yes, Social Networking must be dead by now, as evidenced by the fact that everyone is trying to get into the act - Microsoft, Yahoo, Google, You-Name-It.  And of course, this at a time when at least I have figured out that "Social Networking" is a personal and business dead end.  There is no "there" there and it is very fad-like.  You get bored with facebook pretty quickly.

Once again, I digress.

Anyway, if you get these phishing e-mails, one way to tell if they are scams, is to intentionally enter the wrong data on the site they link to.  So you enter a fake user name and a made-up password.  If it is a fake site, it will "accept" them, as it is harvesting username and password data, and you have given away nothing.

But if it is the REAL site, it will say "username not found" or "password incorrect".

Although, I suppose that some clever Russian coder could create a program that would try the username and password on the legitimate site and then feedback if they were faked.

The best defense, of course, is to never go to an embedded link in an e-mail.  Open a new browser window or tab and enter the URL, or better yet, use your bookmarked URL that you use for that vendor or site.