We do everything we can to educate our members (ok, now you know I work at a credit union) and I thought, why not share some of what I know with anyone willing to take the time to put their eyes on my humble little blather.
I recevied an email in my home email the other day that kicked off this little diatribe and it serves as a really good example of a phishing scam. It also gives some really good examples of things to look for in these type of things. I'm going to copy the text directly into my post here and then I'll tell you what tipped me off. I guess I'm lucky that part of my job is to bust up this stuff, because except for a few small things this isn't a bad attempt.
Your Online Banking is Blocked
Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security. Please click on
Bank of America, N.A. Member FDIC. Equal Housing Lender © 2007 Bank of America Corporation. All rights reserved
There were lots and lots of official looking logos and all kinds of BofA propganda attached as well. The first thing that caught my eye was the fact that I do not have an account with B of A. Pretty much a dead give-away. But let's suspend that trivial factor and move on to the body of this piece of linguistic mastery. Two major grammatical errors in the first sentence and the fact that the "click here" link (removed for safety reasons) leads to the web address below:
Now what this link will lead you to is a site that in all probability looks JUST like the B of A sign in screen. So you sign in and bang right into online banking. What you didn't see happen was the hand off from the phisher's site to B of A where he, nice guy that he is, signed you in, leaving you none the wiser. BUT he now has a record of your user ID and password and as soon as you sign out, he signs in and sends himself a nice little gift. You go back to balance your check book and WTF?!?! you have no money. Neat huh?
This is just one way that they get you. And they have hundreds more. The best advice I can, and do give is:
1. always be suspicious, take every thing you get in an email as fiction unless YOU initiated the contact,
2. if you are concerned go to the website yourself, NEVER use the link provided in the email,
3. when in doubt call or go by your bank or credit union. They'd rather help you prevent this than have to help you recover from it.
4. use your brain. Most of these critters are banking on us being lemmings, and all to often they are, unfortuantely, right.
Hope this was worth the read and if it helps anyone avoid getting taken, then it was worth the write.