How to Spot a Phishing Scam

12 responses so far ↓

• David // Nov 14, 2007 at 4:26 pm

  Good find - I just re-blogged this - I know a lot of people know about this stuff already, but the more people that put the word around, the safer people are

  David
  Web Mash

• David Bradley // Nov 14, 2007 at 4:40 pm

  Indeed!

• pwnt // Nov 15, 2007 at 12:34 am

  Good stuff, I already knew about this but the typical person doesn’t.

  Also as a reminder most websites especially those that involve financial transactions use a SSL lock. The phishing site will most likely not have one. But always look at the domain first, and then check for the SSL lock to reassure yourself.

• David Bradley // Nov 15, 2007 at 8:17 am

  pwnt, it’s important to educate people about domain and IP spoofing too. Just because the address bar displays what looks like the bank’s address, doesn’t mean you’re actually visiting the site. It’s even possible for phishers of men (and women) to spoof the SSL lock.

• pwnt // Nov 15, 2007 at 9:34 pm

  True, what I said is a very basic and quick way to detect a phishing since, and as you said it’s not enough to truly to be safe that the site is legit.

  The most common one that looks like the real deal is the:

  domain4phishing.com/targetsite.com/-insertgibberishhere-/

  Taking a quick glance at that you might think it’s real, as for the SSL being spoofed, I believe FireFox tells you that it’s not authentic automatically right? Or perhaps there’s a more advanced way to do it, that I’m not aware of, that would even trick FireFox into thinking the SSL session is legit. Either way, the best way to avoid getting phished is to type in the URL yourself.

• Hax0R // Dec 9, 2007 at 11:40 pm

  Dude Even If You Copy It It’s Still The Same
  R.

• David Bradley // Dec 10, 2007 at 6:47 am

  HaxOR, you’re right, of course. What I was alluding to is the fact that clicking what looks like a legitimate link in an email does not necessarily deliver you to that address because the actual link beneath the text may be different. You might click what looks like “http://www.safesitelink.com” but that text may actually link to “http://www.phishingsite.com” whereas if you type in “www.safesitelink.com” at least you know that that’s where your browser’s heading. Of course, “www.safesitelink.com” may turn out to be dangerous too. You have been warned.

• Joy Viloria // Apr 21, 2008 at 2:28 pm

  Madam/Sir:
  I just wanted to know if this letter from the bank of Africa is a scam or not. Please help me.
  Thanks.

  OUR REF BOF/SGN/GTC/022/016
  REV.DR.DOUGLAS GOLDMAN,
  BANK OF AFRICA,
  17th OF APRIL 2008

  ATTN: Mary Joy Viloria

  [The remainder of the letter which amounts to send me all your money and you can get very rich has been deleted, db]

• David Bradley // Apr 21, 2008 at 4:15 pm

  Joy, Joy, Joy! Haven’t you been listening. Of course it is? Do you really think some ex-government official’s wife’s cousin’s daughter’s goat is Nigeria is really going to send you millions of dollars for nothing? Send any of the requested details to one of these con artists and you will find you bank account empties within days and foreclosure notices placed on your property. “Rip it up” and get back to work or play.

  db

• Joy Viloria // Apr 21, 2008 at 4:56 pm

  thank you sir

• hassan // Jul 12, 2008 at 7:50 pm

  i have forgotton my password and the alternat email and the secret answer is there any way to get around this to reset my password?
  plez help

• David Bradley // Jul 14, 2008 at 8:11 am

  @Hassan Not as far as I know.

Leave a Comment