Avoid and Report Identity Theft from Phishing

2009 June 2
tags: , , , ,
by Kit Kaplan

What is Phishing?

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent web site that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent web sites may contain malicious code.

How do I know if an email is a scam?

If you are in anyway suspicious, an easy test is to take the web address (the info after the @ symbol) and put it into your browser and  see if the site is real. Usually it is not. Even if it is, do not respond to the email or click on any links. Instead go to the site the email claims to be from (your bank, PayPal, your hosting service, etc) and login to see if there is a message or a problem. Contact them if necessary.

Here is a sample scam email:

From: yahoo-account-services-@cc.yahoo-inc.com
Date: May 25, 2009 10:37:50 PM EDT
To: xxx@xxxx.com
Subject: Your Yahoo! account information has changed
Reply-To: yahoo-account-services-@cc.yahoo-inc.com

The following was added to your account:
new secret questions

You can use the email address(es) in your Yahoo! account to reset your password. To ensure that your account information remains accurate and secure we notify you whenever this information changes.

Your email address was added to the Yahoo! ID: mi*********. If this Yahoo! ID does not belong to you, or you did not recently add your email address to this Yahoo! ID, you may permanently stop receiving messages for this Yahoo! ID at this email address. Please visit the following link:
https://edit.yahoo.com/commchannel/disavow?p=

PFQp9ozhZwt0.oUcIIE1QMRSkRY2r1XSBMjHFEcPOeiLsIpTPd7HgIde61HYeOgz

Forward the suspected email to the Department of Homeland Security at phishing-report@us-cert.gov or visit the Department of Homeland Security for more information.

The site “cc.yahoo-inc.com” does not exist.

How do I report phishing?

from → Free Stuff & Resources

4 Responses leave one →
  1. 2009 July 17
    Zulu permalink

    You said “the site “cc.yahoo-inc.com” does not exist”, that’s not correct. The example is an authentic Yahoo notification.

    The spammers use this trick to verify your address. First they add your email to their Yahoo ID, when you receive the notice from Yahoo (as in your example) and you click the link to block the spammers, they know your email is alive.

    Reply
  2. 2009 July 17
    Kit Kaplan permalink

    Thanks so much for the clairfication!

    Reply
  3. 2009 August 21
    Clara permalink

    HI

    I also received an email from the spammers on how to reset my password.
    I have not reset the password.
    But Iam not able to login to my yahoo id at all. I tried many times.

    I need to access my email at yahoo very urgently.

    Can u pls help

    Thanks
    Clara

    Reply

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS