After dozens of years online, I thought I was too smart to get caught with a phishing email – but no one is immune. See what happened – and what saved me. And be sure to share YOUR experiences with phishing emails!
Phishing Email Catches Me!
Comments
Leave a Reply
Look Who's Talking
-
Connie Ragen Green: So much excellent and actionable information here, Jeanette! Thank you for sharing.
-
admin: Stacy I understand. It’s always easier to write in the way you are comfortable. So I would recommend...
-
Stacy: I am writing book which is my autobiography. My daughter think it would be better to write on my first...
-
Darrell Williams: What formatting company do you use for your ebooks? I love your books and the way it’s...
-
Janet Wahl: Hi Jeanette, Thanks for your response. My books are “textbooks” or books that will be used...
Jeanette, Thank you so much for sharing your experience. None of us wants to get caught in that kind of set-up. Too bad those brilliant people aren’t using their “powers” for good.
I agree! It seems like such a waste! But I guess it pays or they wouldn’t continue to do it.
Hi Jeanette:
Thank you for a most informative video on phishing. I will be much more alert about the links in emails from now on as a result of what you shared.
There is another way to prevent phishing: With the PC described at http://theultimatevirusandspywarekillerpc.com.
Check it out.
You might like it.
I look forward to meeting you at Big Seminar 13.
Best regards.
Clive
http://alivewithclive.tv
Cute video, Clive! Thanks for sharing it.
Look forward to seeing you in Vegas at Big Seminar!
Jeanette
so did you feel you had to do anything because you’d clicked on it and typed in what you thought was your info? or would that only be if you had actually gotten in to the site?
i thought the risk was clicking on it but it seems as if it’s actually logging in?
Thanks for showing this to us
Terrie
Yes, the danger is actually being able to log in. Since I couldn’t log in they may have gotten some of my info, but it didn’t match the actual account so I don’t think it will do them any good. Since I depend so heavily on Roboform I was looking for my auto-login rather than guessing multiple ideas.
I don’t think there is much risk in the click, unless it downloads a virus – and I have an alert on my computer that tells me if I’m heading to a dangerous site. So I think I’m safe.
Phishing scams are everywhere. Glad you caught this one!
One thing comes to mind though… you did immediately change your password for that site, right?
People need to know that simply by attempting to login at one of these phony pages their name and password have just been swiped by the fake page. Don’t feel safe just because you were unable to actually log in. The crime happens the second you click submit after filling in your name and password.
If this happens to you, and you suspect anything is amiss, be safe and CHANGE YOUR PASSWORD right away.
Great advice, Bob. In this case, I had guessed the wrong login info anyway, so they didn’t get the correct stuff. In fact, if I recall, I didn’t type anything because I couldn’t figure out why my roboform hadn’t logged me in automatically. The real hero was Roboform! (Wonder if Roboform knows Killer Tripod – I think I feel a new video coming on…https://jeanettecates.com/attack-of-the-tripod)
Thanks for confirming the dangers of phishing!
I’m so glad you shared that with everyone. Most people would have kept it to themselves (possibly out of embarrassment?) but as you point out, these schemes can get anyone. I’ve been had, too, but not recently, so I can’t recall any details. But what I’ve done in the past was to immediately log in to the real account in question and change my password. I am more cautious now, too, using the feature you mentioned with hovering the mouse over the link to get the “real” URL to display. I also forward those emails to the company mentioned. I seem to get a lot of phishing emails for my PayPal account, and I have become pretty efficient at sending those in (abuse AT paypal.com). PayPal always checks them and lets you know. I’ve had to send only a few to Yahoo Search Marketing, but it took a while to find the link to use. I hope they have made it more accessible to people so we can report these things as quickly as possible.
I think Terrie brings up a good point, too. It’s been a while since I clicked on one of these, but at one point I got angry and decided to let them have a taste of their own medicine and tried to spam them back. Didn’t work. Their links don’t go anywhere, but I’m sure they’re collecting key strokes or something. So of course, having better things to do, I abandoned my campaign for revenge. Plus, I later learned that doing that is hazardous, as they know more about it than we do. Best policy is to ignore them, report them, and never click on them.
Again, thanks for your efforts on this very important problem. I’m sure you’ve saved the day for many! If it’s OK with you, I’m going to share your video with my list.
Great to hear from you Roberta! Yes, if you’ve been online for any length of time, you’ve encountered these irritating phishing emails. And I, too, have sought revenge. Just goes to show we all go through the same cycle – 🙂 – and then we give up and go on about our business.
Sure – I’m happy to have you share this with your list. And encourage them to share their stories as well.
Hi Jeanette
I came very close to dibulging my paypal login details recently on a phisihing site it was lucky that at the last moment I noticed the url was not paypal’s but it gave me a headache and it was a very close call.
thanks for your video it’s easy to get scammed and skimmed.
thanks
Nikki
Phew! You do feel like you escaped a close one!
Hi Jeanette:
I would like your readers to be aware that the PC described at http://theultimatevirusandspywarekillerpc.com is configured with the Opera browser and the urls you specify for the sites at which you engage in financial transactions. So after you boot it up with the special mechanism it contains to eliminate viruses and spyware, and click on the urls you’ve specified for your financial transactions, like Paypal, Ebay or Amazon, you are 100% guaranteed to be on the correct site and have no risk whatsoever of being caught in a phishing scam.
Best regards.
Clive
I haven’t been caught yet.
I had one once when I just happened to have this spare credit card floating, since my bank cancelled it due to a UK merchant being compromised where I had used it over a year before.
(Now, what is a guy on the opposite side of the world doing keeping my CC number after a year?)
So I very kindly gave it to them 🙂
I do hope they used it.
He he he – sounds like you may have gotten the revenge others of us have just dreamed of. Good for you!
Your informative video shows just how sophisticated these phishing trips have become, Jeanette. In your case the phish was for the password to your account. I’ve noticed there are other types of phishing, namely for your personal information and your bank account numbers. These usually begin with an email that a close relative has died and that I, the recipient, am the sole beneficiary. All I have to do is provide my account numbers. As it is relatively easy to build up a personal profile of someone online, for instance, from websites that provide your personal information, including your date of birth, address and phone numbers, I believe these kind of phishing trips will become even more sophisticated in time. In their next phase they are taking the form of job offers.
Even back in the “olden days” before they invented spam we had the “relative to the kind of Timbuktu and you’ll inherit a gazillion dollars” if you just send me a few thousand to hold your account. And yet, people keep falling for them.
As you said, they are getting increasingly nervey and good at what they do – as I found out today! We just have to be continuously vigilant.
One of the easy ways I’ve found to identify them is when I’m checking my incoming emails in spamarrest – I can the same email subject line or a whole string of emails from the same address – so it’s easy to spot the patterns. Some days I’ll get 5 or 6 requests from “my bank” – none of which I bank at. It is an interesting study.
Jeanette, Another great post. It’s a shame that some people go to so much trouble with they have the talent to earn a honest living.
One thing I’ve seen on these emails is that they try to fool you with subdomains, for example http://paypal.com.paysite.net so your eye STILL sees the correct domain in the url at a quick glance and will catch you off guard with the knock off site when clicking as you mentioned.
Again great post!
Thanks, Frank. I appreciate it! Great point about the domain names!
I know a lot of our readers are new online, so let me take a minute to point out that looking at paypal.com.paysite.net – that the REAL domain name is paysite.net (the last one). The paypal.com in this case are subdomains – you can put anything in front of the actual domain name – but you’re still going to paysite.net in one form or another. So this is NOT the real paypal.com – that’s how tricky it is.
And I agree, Frank. You eye sees the domain in the URL and assumes it’s correct. These are particularly nasty.
Thanks for adding your two cents – always great contributions!
Thanks so much Jeanette and all of the others who commented. I got caught several years ago with this, but had not had many messages like it until a week ago. They have started to reappear.
I really appreciate all of the tips here and I retweeted out your article. I am also going to pass the note out to all of my contacts. We need to keep safer from these on line fraudsters.
Thanks for this great post. I have just discovered you and see I have a lot of reading to do to catch up with your advice.
S>
Welcome, Susan! Glad you dropped by. Certainly an intriguing URL, so I’ll have to check it out.
Yes, from the number and depth of comments seems this has struck a cord. We’ve all been caught at one time or another – hopefully it hasn’t caused damage, other than to your psyche. 🙂
Great reminder to us all to slow down and really pay attention to what is in the email. And to login directly to a website.
And I agree, RoboForm is the BEST thing to happen to my online business – 🙂 thanks for recommending it to me years ago!
I like the sound of “slow down” – oh yeah, you’re just talking about email. LOL!
I agree – can’t tell you how many times Roboform (I should have an affiliate link!) has saved me.
Jeanette, I have been told at a security seminar that it is dangerous to click through from an email.
You could copy the address and paste it in to a new browser window or (best) type in the address which you usually use.
Also, the proper Yahoo address seemed to have the Verisign backround color connfirmation of being a genuine site which, so far, the bad site does not have an imitation version of.
I could not see the bottom of the browser window to confirm if the lock symbol appeared there as well.
The time we lose by having to proceed slowly to financial and othr sites is significant but the possible alternative is disaster.
Also, I was told to always close any window after visiting a financial or other important passworded site. Don’t use the same window to go to any other site. Even sites you trust may have been compromised.
Thanks for the reminder and be careful out there,
John Williams
Nice pieces of advice, John. I think having Roboform and being spoiled to have it do my logins for me (at least to get me to the right site) saved me. While I do check to see where I’m going, I just don’t take the time to copy and paste URLs and especially to retype them. If I’m suspicious I use Roboform to get me to where I think I should be, then proceed from there.
Social comments and analytics for this post…
This post was mentioned on Twitter by jeanettecates: New!: Phishing Email Catches Me! http://bit.ly/18LlsB #techtamers…
Interesting service. I thought you might enjoy seeing what they do. Just click on the name and you’ll see the graph of reaction – plus the RTs and comments. Plus you can search their service for statistics on your topics of interest.
Jeanette, I have to disagree with your emphasis that Roboform saved you from this Phishing sceme. I am a security expert that interacts with victims of these schemes on a daily basis. This conversation is implying that without Roboform that you can’t protect yourself from these schemes, but in all honesty Roboform has less to do with protecting yourself and actually encourages you to be passive when it comes to online security habits. Please share the advice below and keep this comment here to help others!
1. Whenever you receive an email regarding any type of account notice, NEVER click on the link. ALWAYS open a new browser window, and type in the URL (such as http://www.ebay.com, http://www.paypal.com, etc) to access the site.
2. Once logged in, verify within your account what was stated in the email. Is your balance really low? Is your account really set to expire? This info will typically be easy to verify, but if you are not 100% sure, look for a support link to that site and talk to someone.
3. If you ever accidentally login to one of these sites, then IMMEDIATELY open a new browser window, visit the real site directly and change your password. When you accidentally login at the fake site, hackers often immediately attempt to login to the real site using this info. Even if you guessed the wrong password, they’ll make hundreds (sometimes thousands if it’s a “bot”) of attempts to login using variants of what you typed into their page.
In a recent vulnerability review, a client accidentally logged into a phishing site disguised as Ebay.com. Within 24 hours, we verified that the bot not only logged into their Ebay account, but also used variants of his credentials to access his 401k investment site, made hundreds of login attempts to his online banking account (bots will use your account to guess logins at nearly every major banking website) and ended up securing several secure pieces of information such as birth date, mother’s maiden name, place of birth, etc.
Several steps took place over a 4 day period to re-secure his accounts, but a great deal of damage had already been done. So Jeanette, even if your wrongly-typed passwords are legitimate ones at other sites, take action now to change passwords at other websites that use that password or variants of it. Take this advice seriously, I see hundreds of reports per day of these phishing bots logging into several other websites and accounts, not just the one listed in the phishing email.
In summary, you need to get in the habit of accessing secure sites directly, don’t rely on links within emails no matter how comfortable you are with them. By doing this, you don’t need to rely on a third-party tool to protect you. Make these steps a habit, because often times critical data is at stake.
Thank you,
Stan
Stan – what a wonderful lesson! It’s an article in itself.
I agree – Roboform is not meant as a security measure – it just happened to be the thing that kept me from using the wrong link to log in. You’ve given us lots of great steps to take to be sure we remain safe online. It’s so important when this is your business that you are not vulnerable to this type of malicious behavior.
Thank you for sharing your expertise!
What does a phishing Web site look like? Usually, like the real thing.
If you want to learn how to spot a phishing site, take the VeriSign Phishing challenge!
http://www.bit.ly/Phishing
Very cool! I appreciate your stopping by to share this. I hope our readers will take a minute to see the quiz – I got stumped on a couple of them, of course. Definitely worth the few minutes it takes to watch this short demo. You’ll learn several more things to watch for.