Calvin’s Hub

Phishing scams are crimes using spam, malicous websites, email messages or instant messages to trick people into divulging private information. It is essentially an online con game where phishers are typically identity thieves.

So if you’re wondering how somebody was able access to your e-mail or other online accounts, you may have already been a victim of a phishing scam.

So how does a phishing scam work?

Here’s an example that I got from my e-mail recently (sometimes it’s via social networks or instant messaging). This one is supposed to be from Google AdWords.

Some scams will use other popular web services like Yahoo! Mail, eBay, PayPal, GMail, Facebook, etc. as their bait.

E-mails will typically come from a legit looking address but it’s quite easy to mask your e-mail address. In my case its AdWords@google.com. Sounds legit right?

The message will usually ask you to update your information or log in to your account to avoid being deactivated and will provide an authentic looking link for you to click. However upon hovering on the link, you will see the real address it’s pointing to.

Whoops! www.google-aw.com? Sounds dubious already. Notice the wrong spelling for “Sincerley” too. You can simply put this to your spam folder or delete it. But let’s indulge it for a bit and see where it leads us.

If I click on the link, here’s the page that will appear:

Now does that look like the real thing or what?

If you use Firefox 3 or IE8, the site will be blocked and be reported as a phishing site. I am using Google Chrome to open the link by the way.

If you play around with the page, you will learn that all the links are pointing to the official Google sites. The Start now button won’t do anything.

What the scammers are hoping for is that you key in your account details and once you press Sign in, they will have your information.

So what will happen if you actually try to log in?

I typed in a bogus e-mail and password and when I clicked Sign in, I was redirected to the official Google AdWords page. This will let you think that you may have just entered your details incorrectly and try again but when in fact they already have it.

If you aren’t that tech savvy (like my dad), it’s very easy to fall for this scam. You may think it’s just Google AdWords, no big deal. But what if all your details are the same throughout your other online accounts? Or what if it’s your PayPal or eBay account?

So before logging in to any site or clicking any link from e-mails, better check and double check the authenticity first.

It’s helpful if your browser has anti-phishing features but if nobody has reported the scam site yet, it would be useless.

I would suggest an anti-virus with a good community that can bring as close to real-time anti-phising protection as it gets. I just moved to Norton Internet Security 2010 recently. $44.50 for a 3-PC yearly license of one of the premium antivirus around, not a bad investment.

• Free Skittles Candy Sample is one brilliant scam
• Create your online shopping site with Ashop Commerce
• Finally my site is back online
• Having an online presence need not be expensive

Filed under: Tips n' Trix