There’s a new way to steal your identity. There’s a trick used to steal people’s credit card information that’s been in use for about one year. It’s called “Phishing” — the word is fishing spelling with a “ph” instead of an “f”. And it’s very easy to fall prey to, if you don’t know what to look for.
Phishing is not only used to steal credit card information, but it’s also used to steal people’s entire identity. Just a few minutes ago, I saw what is probably one of the most devious attempts at Phishing I’ve ever seen.
If you don’t know how to detect Phishing, your personal info will be stolen. You need to be aware of what Phishing is, and how to detect and protect yourself from it. It’s important that you read and make it a point to understand the rest of this article. If you don’t, you can be very sure that your credit card information (and quite possibly your identity) will be stolen.
How Phishing works. Phishing begins when a crook creates an email that looks like it was sent from a reputable company. The emails that are sent look very real — down to the smallest detail. They are created by professionals that are in the business of stealing your information and turning it into cash. The organizations that these emails purport to be from are companies such as CitiBank, eBay, Go Daddy and PayPal.
Here’s a vicious example of Phishing. To give you an idea of just how real these emails look, and how persuasive they can be,
just click on this link to see the Phishing email I received today that pretended to be from PayPal.
As you can see, the crooks behind the PayPal Phishing email are attempting to steal your entire identity. Not only are they looking for every bit of your credit card information, but they also want everything else — right down to your bank, checking account number, pin number, social security number, date of birth, mother’s maiden name, etc. If anyone is unfortunate enough to complete the form embedded in this email and send it off, they are literally screwed.
What we were able to learn from the Phishing email. Here’s what we know about the source of the above email. This message was sent from a server at a small ISP called Amacom Inc. http://www.amacominc.com/. We assume this was either a server that was compromised, or the server was relaying it for one of the ISP's customers that was compromised. There is no way for us to trace the message back further, other than that the message originated with that server. The server owner would have to do an analysis to tell who created it.
The information submitted by victims is not, of course, going to PayPal. Instead, it is going to an email account at Yahoo! — ccspania@yahoo.com —via what looks like another compromised server in a school district in Texas, http://www.port-aransas.k12.tx.us/. Again, the trail for us ends there. Where it goes from there only Yahoo! knows.
What happens to your information once it is stolen? So what happens to this information once it is provided to the Phishing crooks? Typically, it is immediately spirited someplace overseas, quite often (but not necessarily) to third world countries. Once there, the crooks will begin using the information (perhaps charging your credit card, perhaps applying for more bogus cards or loans, perhaps debiting money out of your checking account). This typically takes place within a few hours. In the meantime, you have no idea that this is taking place. There’s an old saying that applies here. By the time you realized you’ve been stabbed, your shoes are full of blood.
It’s a cat and mouse game with these crooks. Go Daddy blocks most Phishing attempts from ever getting to our customers’ email accounts. We do this using proprietary algorithms that detect certain things we know about Phishing emails. However, like us, the crooks come to work very early and stay very late. They are always doing something new, and chasing their attempts down is a constant cat and mouse game. So you can’t just rely on your email source to protect you.
When it comes to Phishing, assume you are on your own! You also can’t rely on the authorities to come to your rescue. If you’re a victim, you should report the crime; however, because most of it is across international borders, and because the volume of it is overwhelming — don’t look for any help from that end. So the sad truth here is that you’re pretty much on your own. As I’ve said time and again, as of this day and age, the Internet is a very lawless place. You’ve simply got to provide your own protection.
How to detect Phishing. So how do you tell if an email being sent to you is a Phishing attempt? Fortunately, there are a number of rules you can follow and they are very simple:
1. Assume any email requesting that you verify your credit card, password or other information — is Phishing. You need to be disciplined about this, because the crooks will use all sorts of 'alarming' reasons to get your data. They’ll say someone else accessed your account, or there’s been suspicious activity in your account. Ignore all of this. If you have to mitigate the concern, then do so by following the next rule.
2. Do not visit a company’s website by clicking on the link in the email. Instead, simply type that company’s web address into your browser. That way, you’re much more assured of going to the company’s real website, and not a sham website setup by some crook.
3. If you receive an email that simply does not contain your name, but instead refers to you as "Dear Customer", or doesn’t refer to you at all –- you should assume that it’s Phishing.
I believe that if you follow the above three rules, you’ll be safe from the Phishing attempts of which I’m aware.
The Anti-Phishing Working Group.GoDaddy.com belongs to an industry group call
The Anti-Phishing Working Group (“APWG”). This group has done quite a bit of work in fighting the Phishing threat. The APWG has its' own set of
rules you can follow to avoid Phishing attempts. You should read and follow them religiously. They also provide a
checklist of what you should do in the event you are unfortunate enough to fall victim to a Phishing scam.
The APWG is working hard to help defeat Phishing. It’s doing so by educating consumers, lawmakers and law enforcement. It also provides a forum where information about this threat can be exchanged. As of this writing,
GoDaddy.com is the only registrar that belongs to this group. If you haven’t taken a look at the APWG website, you owe it to yourself to check it out. You can find it at
www.antiphishing.org/.
You must understand the Phishing threat. So that’s what Phishing is all about. If you’re going to spend any time at all on the Internet, you owe it to yourself to understand this new threat inside and out. The crooks are working hard to steal and misuse your personal information. If you’re smart, there’s no reason this should ever happen. But you’ve got to be smart. If we all work together we can put these Phishing bastards out of business.
How to see our new commercials. To see all of our new, current and past commercials, as well as the Internet-only version of our Super Bowl commercial, just click on the following link:
www.godaddy.com/gdshop/superbowl05/landing.aspIf you're not listening to Radio Go Daddy, you should be! On Wednesday, at 7 pm PST/10 pm EST Radio Go Daddy will be broadcasting its 11th Show. The show is available on Satellite (XM and Sirius) and via live audio stream. It’s best to listen on the internet audio stream by clicking the "listen" button at RadioGoDaddy.com. The "listen" icon appears on the
www.RadioGoDaddy.com page 9 minutes before the show starts. Full details on each show are always available at
www.RadioGoDaddy.com.
Here’s the lineup for this week’s show: •
Internet2. It's a better and faster internet, and it's coming your way soon.
•
WiFi access on airplanes is here! Can cell phone usage on the entire flight be far behind? Why this might be a very bad idea.
•
The real estate bubble and the internet. It's not going to go on forever. What you need to know.
This week's special guests. We've got two unrelated and very special guests. One is the Prophet Yahweh who summons UFO's. That's right. That what he claims to be able to do. Our other special guest is Nancy Leider. Nancy claims to be a channel who channels messages for the Zetas a race of extraterrestrials. Hopefully we'll find out what the Zetas think of
Radio Go Daddy.
Everything you need to know about this week's show. So for more information concerning this week’s show, please visit
www.RadioGoDaddy.com. We suggest you listen to the live internet feed. It’s easy. A monkey could do it, but then again, a monkey just might not understand everything we’re saying. So go to the
www.RadioGoDaddy.com web page and click on the Listen button.
There are added bonuses for those who listen on the internet feed. • There's a live chat room where you can chat with other Radio Go Daddy listeners (as well as Radio Go Daddy staff) during the show. Just click the live chat button at
www.RadioGoDaddy.com.
• There are no commercials on the internet only stream.
• There’s an uncensored “internet only” discussion where we talk about some of the strange domains registered at GoDaddy.com and why we think they’re weird.
• We talk “uncensored” about other unusual and hilarious things.
Plus there's a half hour of bonus coverage for the internet feed group. Nima and I will talk uncensored about bloggers getting fired for writing about their employers, the time traveler convention recently held at M.I.T., and other weird and unusual stuff.
Who to blame. This week's show is produced by
David Lawrence and yours truly,
Bob Parsons.
In case you miss this week's or any week's show. You can listen to any show at any time you choose by visiting our archives at
www.RadioGoDaddy.com. Just go to the site and click on the show you want to check out. There are full descriptions of each show at the archives.
Comments
