Spammers, Scammers, and Phishers

Posted by Dave Klamet July 31, 2008 at 8:27 p.m.

I'm not a security expert, but I do the following to limit spams/scams, and phishing.1. Be very careful of anything that comes over email. Be really suspicious if it is a company you don't know and have never initiated any communication with.2. I use Firefox instead of Internet Explorer, and Thunderbird instead of Outlook. I consider them more secure and they do one important thing. If you hold your mouse over a link either in an email or on a web page, they show you the URL (aka web address) on the bottom bar.

For example you see cnn.com, but if you click it, it takes you to the "ljworld.com" That is a little trick phisher's use to trick you.

Both Firefox and Thunderbird can be obtained at www.mozilla.org.

So if you get an email from paypal saying you need to update your account (which they won't do), and you see the address is www.paypal.mxltplku.ru, that is surely a phishing scam. The address should be something like www.somestuff.paypal.com Where somestuff might be anything, but the important thing is that the address ENDS in "paypal.com". (That's not a real address, BTW)

I actually fell for a phishing scam one time. It happend when I got an email saying I need to change something on my account. It game me a link that said ...paypal.com However, that was just the text on the page and the link was a bogus link.

However, at the time I didn't notice. When I clicked on the link in the email, it took me to a page that looked just like a paypal page. I quickly typed in my username and password.

Wrong! As soon as I did, I looked up at the URL bar (at the top of the page, where you type in web addresses) and saw that it was a bogus web address.

That is what phishing is, where you're taken to a site that looks just like a real legitimate site, but it is really created by an scammer.

In this case, I quickly logged in to my real paypal account and changed my password. I also informed paypal of what had happened. So you can see, it can even happen to those of of that think we're too smart an knowledgeable to fall for stuff like that.

I like Firefox and Thunderbird because you can see the real address before you click. With IE, as far as I know, only shows you after you click.3. Create a separate email address on Yahoo or Google (or any other free mail service) Use that anytime you sign up for something on line, like forums, or anything that isn't by a well known company, like your bank. I have my real (sunflower) address, and a a couple on yahoo and google.

If I buy something online, I usually use my yahoo address. If I sign up for a forum or something who I think might sell my email address, I use my "junkmail" (yahoo or google account). For my bank or my account here at LJworld I use my "real" account (my sunflower acccount) as I believe neither of them will sell may email address.3. If something sounds too good to be true, it almost certainly is. Scammers/spammers/phishers are pretty smart, and they've had years now to experiment and learn all kinds of tricks.I understand why Eileen was frustrated, but these occur so often and are so numerous that there really is no point in reporting them, there are just too many.Phishers like for paypal or Phillips 66 Federal Credit union, might be worth reporting, but they probably already know about it from countless other victims.I've heard different statistics on how much actual email is spam, but it wouldn't surprise me if 90% of all email is spam. Scammers/spammers (those that sell Viagra and countless other things) send most of the email. They are costing you and I money for the bandwidth and storage that those spam emails use.

Copy and paste the link:

LJWorld.com doesn’t necessarily condone the comments here, nor does it review every post. Read our full policy. Also, read about banned accounts and harassing comments.

liggyon (David Lignell) says…

Dave,Just got the PayPal phishing scam on my hotmail account about 30 minutes ago. I had had so many bogus emails lately, that I was primed to suspect this one. Very unnerving, though. This one, like the USBank one, looks very official. Thanks for this post. I'm sure a lot of people will benefit from it.
July 31, 2008 at 10:55 p.m.
dklamet (Dave Klamet) says…

The paypal event happened over a year ago, but the phishers don't, and won't, stop trying.They can send these to hundreds of thousands of people and only a few need to be fooled for it to be worth their time.
July 31, 2008 at 11:01 p.m.
cds (anonymous) says…

"I use Firefox instead of Internet Explorer, and Thunderbird instead of Outlook. I consider them more secure and they do one important thing. If you hold your mouse over a link either in an email or on a web page, they show you the URL (aka web address) on the bottom bar."________________Windows Internet Explorer and Outlook do the same exact thing and have for many many years. It shows the real address for links at the bottom of the window. My personal choice and I believe a much more secure browser over both IE and Firefox is Opera, Located at http://www.opera.com/ .
August 1, 2008 at 6:11 p.m.
dklamet (Dave Klamet) says…

The version of IE I had, did not have the status bar turned on. Evidently that was the default setting and I see that it does display the actual web address as I described.Opera may well be a better browser than Firefox, which is, I believe a better browser than IE. Unfortunately, better doesn't guarantee success. Linux/Unix and Macs are better than Windows in many ways. Maybe even in most ways, but the advantage of using what every one else is using has advantages that can't be matched.
August 1, 2008 at 9:31 p.m.
cds (anonymous) says…

"Opera may well be a better browser than Firefox, which is, I believe a better browser than IE."__________Honestly anything is better than IE, Microsoft is always the last to update the security risks that cause people problems."Unfortunately, better doesn't guarantee success. Linux/Unix and Macs are better than Windows in many ways. Maybe even in most ways, but the advantage of using what every one else is using has advantages that can't be matched."____________Very true 99.9% of all exploits are written for IE/Windows, Mac's and Linux are about the only way to feel somewhat comfortable using the net.You've givin some great adice to people. One thing I would like to add that could go with #1 and/or #4. If anyone sends you something that makes them sound like a legit company that you may already deal with, that wants any personal information in an email, please do not reply to that email on the net. Call the company with the phone number that you know belongs to the company (not one the email may have provided) and deal with it that way.
August 2, 2008 at 1:45 a.m.
femail (Linda Hanney) says…

Dave, when we travel, I check and send emails from wireless servers picked up from parking lots. Usually, I do this at a motel, but last week my internet detector gadget showed a laundromat had a strong signal. Recently, we parked in a residential street and just for fun, I checked. Sure enough, I had three bars of wireless internet, which I used. I have never used the laptop for banking, etc. What risks am I taking?BYW, I picked up my internet detector at Wal Mart for less than $15. I have to log on my laptop to see if the wireless is locked. Most of the time, anything I pick up outside is unlocked.
August 3, 2008 at 8 a.m.
punkrockmom (Nikki May) says…

CDS made a good point. I actually got an email from USbank and it looked real (and I am always careful). It had a local number that I didn't recognize, so I looked up the phone number and called the bank. They HAD emailed me, but it was a direct line is why the number wasn't familiar. I'd rather be safe though!
August 4, 2008 at 12:51 p.m.