Phishing: Catch of the Day

Don't get Hooked! (cc by laurelrusswurm)Unlike the Nigerian Scams that try to con people out of money by dangling a large mysterious financial windfall that the grifter will send after you give them a wad of cash, a “Phishing” attack uses bait to hook people, so they can get your personal information for Identity Fraud.

One things you can do to protect yourself when getting email that looks legitimate but that asks you to do something you shouldn’t ~ like giving personal information to a stranger ~ is to hover your cursor over the link you are supposed to click. If the text of the link is different than the actual link, don’t do it.

Phishing attacks pretend to come from someone we trust.  In Canada we pay our taxes to the Canada Revenue Service, so when a Canadian gets an email from them we pay attention.  Thiis is a phishing email I received that pretends to be from CRA:

*Claim Your Tax Refund Online*
We identified an error in the calculation of your tax from the last payment, amounting to $ 146.00.  In order for us to return the excess payment, you need to create a Tax Gateway account after which the funds will be credited to your specified bank account.

Please click “Get Started” below to claim your refund:

Get Started <>

We are here to ensure the correct tax is paid at the right time, whether this relates to payment of taxes received by the department or entitlement to benefits paid.

An email from the Canada Revenue Agency is likely to make us a little nervous, because most of us will wonder what we have done wrong on our tax return.  But when we read this, we discover it isn’t anything terrible, but an error in our favor which brings welcome relief.  The amount owing isn’t big enough to look fishy, just a small correction.

The crooks who sent this hope our little bit of fear followed by relief will cloud our judgement, so we will click on the link that will take us to a place where they can extract our personal information.  After all, we will be giving the information to the government.

The “Get Started” link actually will send you to a different web page… which hovering reveals leads to www Cunning Ruse dot com.

If your bank, or the government, or any reputable retailer wants your personal information, they will not ask for it through email, because email is not safe, private or secure. Anyone who asks for your personal information in unencrypted email is either foolish or a setting you up for a scam.

Don’t do it.  Privacy Matters.

the SPAMbucket #1

When I receive email like this from a total stranger:

“Sorry to disturb you ,
I have a question- have you seen this picture of yours in attachment??
Three facebook friends sent it to me today… why did you put it online? wouldn’t it harm your job? what if parents see it? you must be way cooler than I thought about you man :))))”

. . . the stranger’s intent is clearly to get me to open the attachment. Doing this is guaranteed to be good for the spammer, and bad for me.

I don’t want malware, spyware, viruses etc on my computer.

Don’t do it.


Rule of thumb:

NEVER open an attachment

in an unsolicited email from a stranger.

Also: I’ve just turned off comments on this blog due to absurd quantities of comment spam. For reasons I don’t understand, the Wordpress blacklist isn’t working, so I can’t even train it to filter.

If you want to post a real comment, send me an email, and I’ll post it.