Phishing Emails

Phishing; Recent emails have started to come from various establishments such as eBay, SECU, or your mortgage company asking you to click on a provided link to update certain private information. The word phishing comes from the analogy that Internet scammers are usinge-mail lures to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing AOL Internet accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing "f" with "ph" the term phishing was derived.

What is it: The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the users information.

Why it's a drag: Well it obvious, bad people are trying to get your personal and financial information which will then be sold to someone willing to commit identity fraud and use your name/credit to buy things and never pay for them. Leaving you with the mess (and it is a HUGE hassle) of proving to the credit companies that it is someone else. The burden of proof is your responsibility.

The fix: The golden rule to avoid being phished is to never ever click the links within the text of the e-mail. Always delete the e-mail immediately. This will prevent "accidental" clicks from happening as well. For those truly worried that an account may be in jeopardy if you do not verify your information, you need to open your Web browser and log on to the Web site as you normally would (without going through the e-mail link as a quick route). This will provide you with accurate information about your account and allow you to completely avoid the possibility of landing on a spoof Web site and giving your information to someone you shouldn't.

Here is a detailed image on a phishing scam with an explanation below:

1. The "From Field" appears to be from the legitimate company mentioned in the e-mail. It is important to note, however, that it is very simple to change the "from" information in any e-mail client. While we're not going to tell you how, rest assured it can be done in a matter of seconds!

2. The e-mail will usually contain logos or images that have been taken from the Web site of the company mentioned in the scam e-mail.

3. The e-mail will contain a clickable link with text suggesting you use the inserted link to validate your information. In the image you will see that once the hyperlink is highlighted, the bottom left of the screen shows the real Web site address to which you will go. Note that the hyperlink does NOT point to the legitimate Citibank Web site URL.

In this instance the the text you click is "here", however this may also state something like "Log-in to Citibank" or
"www.citibank.com/secure" to be even more misleading. This clickable area is only text and can be changed to anything the sender wants it to read.

Additionally, you may spot some of these elements that did not appear in this particular scam:

Logos that are not an exact match to the company's logo, spelling errors, percentage signs followed by numbers or @ signs within the hyperlink, random names or e-mail addresses in the body of the text, or even e-mail headers which have nothing to do with the company mentioned in the e-mail.

 
Disclaimer: The content on the CADD Tutorial Web Pages are to be use as a general guide in producing a set of NCDOT Roadway plans. It should not be used as the sole reference to seal a set of plans. All other official manuals, such as THE ROADWAY DESIGN MANUAL and AASHTO A POLICY ON GEOMETRIC DESIGN OF HIGHWAYS AND STREETS (The "Green" Book) take precedence. The content contained on the CADD Tutorial web pages has no legal merit.