Reader Phil sells on eBay, and has a specific e-mail address that’s only for use with PayPal. The only people he has given this address to are eBay/PayPal itself, and to his customers. That’s why he was surprised to receive a phishing e-mail specifically addressed to his business name and his PayPal address, and wondered where the baddies got it. [More]
If you spend a lot of time online, you’re probably aware of phishing scams and know what to look out for. In other words, you’re not one of those ignorant types who clicks on links and starts entering personal information without hesitation. Writer and blogger Cory Doctorow is what you might call hyper-vigilant–he keeps unique passwords, uses a VPN when going online in public, and generally knows not to trust strangers. Still, he got phished a couple of weeks ago. [More]
Since 2007, the FBI and authorities in Egypt have been running an investigation they’ve called “Operation Phish Phry,” sigh, and this week it paid off with 53 charges against U.S. defendants and 47 against people in Egypt. Three of the 53 in the U.S. have been arrested, and the FBI are looking for the other 50. To prove you’re not one of the remaining 50, please send the FBI your login credentials to your bank. Ha ha, we kid.
PC World notes that phishers are now targeting Steam account holders. Games are an easy target because you can make quick money off of them and the security isn’t as high as with, say, credit cards. The site that first reported this, SpywareGuide, demonstrates two examples—steamgift.com and steamverification.com—that will attempt to trick you into giving them access to your digital library of games.
Phishing attacks are pretty cleverly designed, because they skip most virus checkpoints altogether and go for the true weak spot in human-computer interaction, the human. Lorrie Faith Cranor, a computer security researcher at Carnegie Mellon University, has been studying phishing attacks to identify new ways to fight them.
The various takeovers and mergers in the financial fallout give phishers a new opportunity to try to scam you into giving over your bank account warns the FTC. As most of you know, any unexpected email message that looks like it came from a financial institution, asking you to “update,” “validate,” or “confirm” your account information is invariably a scam. Unwitting victims are redirected to a login site that looks like it’s for their bank, but is really just a way to steal your account logins and/or personal information for use in further identity theft. Here’s the FTC’s tips for getting “hooked” by the “phishers” (gotta love it when the Feds pun)…
Phishers have a new target: your Google Calendar. Nigerian-419-type scammers are spamming sending their messages as meeting invites on people’s Google’s Calendars. This happened to me a few days ago. One way to combat it is to change the “Automatically Add Invites To My Calendar” setting from Yes to No.
Oh, this is just classic. Phishers are now trying to capitalize on the PIN block crisis.
Dan writes in a story of a lady pretending to be Capitol One and asking for his social security information. The callerID showed up as a number registered to Capitol One.