Phishing: Catch of the Day

Don't get Hooked! (cc by laurelrusswurm)Unlike the Nigerian Scams that try to con people out of money by dangling a large mysterious financial windfall that the grifter will send after you give them a wad of cash, a “Phishing” attack uses bait to hook people, so they can get your personal information for Identity Fraud.

One things you can do to protect yourself when getting email that looks legitimate but that asks you to do something you shouldn’t ~ like giving personal information to a stranger ~ is to hover your cursor over the link you are supposed to click. If the text of the link is different than the actual link, don’t do it.

Phishing attacks pretend to come from someone we trust.  In Canada we pay our taxes to the Canada Revenue Service, so when a Canadian gets an email from them we pay attention.  Thiis is a phishing email I received that pretends to be from CRA:

*Claim Your Tax Refund Online*
We identified an error in the calculation of your tax from the last payment, amounting to $ 146.00.  In order for us to return the excess payment, you need to create a Tax Gateway account after which the funds will be credited to your specified bank account.

Please click “Get Started” below to claim your refund:

Get Started <>

We are here to ensure the correct tax is paid at the right time, whether this relates to payment of taxes received by the department or entitlement to benefits paid.

An email from the Canada Revenue Agency is likely to make us a little nervous, because most of us will wonder what we have done wrong on our tax return.  But when we read this, we discover it isn’t anything terrible, but an error in our favor which brings welcome relief.  The amount owing isn’t big enough to look fishy, just a small correction.

The crooks who sent this hope our little bit of fear followed by relief will cloud our judgement, so we will click on the link that will take us to a place where they can extract our personal information.  After all, we will be giving the information to the government.

The “Get Started” link actually will send you to a different web page… which hovering reveals leads to www Cunning Ruse dot com.

If your bank, or the government, or any reputable retailer wants your personal information, they will not ask for it through email, because email is not safe, private or secure. Anyone who asks for your personal information in unencrypted email is either foolish or a setting you up for a scam.

Don’t do it.  Privacy Matters.