TEG Logo 
Custom Search
 
TEG Home    |     Win XP Main     |     Win Vista Main     |     Win 7 Main     |     Win 8 Main     |     Forum     |     Commentary     |     Links     |     Advertise     |     Contact TEG
Subscribe to The Elder Geek Content Update Notification          |||           The Elder Geek Windows Forums Are Open for Posting !
XP Index  >>>  A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z  <<<  XP Index
 
Windows XP
 
Install/Remove
Bare Bones Troubleshooting
Dual and MultiBooting XP
Install Backup for XP Home
Remove Microsoft Messenger
Slipstreamed XP/SP2 Bootable CD
Slipstreamed XP/SP1a Install
Slipstreamed XP Update Rollup
Slipstreamed XP/SP3 Bootable CD
Uninstall via C:\ Prompt
Use F5 to Specify ACPI BIOS
Windows XP Upgrade Paths
XP Home Clean Install - Graphic
XP Pro Clean Install - Graphic
XP Pro Clean Install - Text Version
XP Pro Upgrade Install -Text Version
OS Guides from WindowsReinstall.com
Boot Disk Resources
Bootdisk.com Main Page
Bootdisk.com Downloads
 
Security and Updates
Automatic Update  *SP2
 Hot-Fix Verifier
 Issues After You Install Updates to Internet Explorer or Windows
Malicious Software Removal Tool
 Microsoft Update - Overview
 Microsoft Update - Installing
 Microsoft Update - Usage
Search MS for Updates
 Service Pack 1
 Service Pack 2 Beta Release
Windows Firewall   *SP2
 Windows Security Center  *SP2
Windows Update
 Windows Update Catalog
 Windows Update Troubleshooter
System Mechanic&reg; - Fix and Speed Up Your PC... 
Registry
Backing Up and Restoring
Recover Corrupted Registry
Registry Edits

 
User Interface
Classic Start Menu and Desktop
Create Shortcut Wizard
Custom Win Explorer Views
Feature Guides
File Management Tips
Windows Classic Interface
Windows XP Power Toys
Windows XP User Interface
Network and Internet
Guide to Simple File Sharing
Internet Connection Firewall
Repair IE6 and OE6
Running IIS on XP Home
System
Back Up Using Advanced Mode
Back Up Using Backup Wizard
Baseline Security Analyzer v1.2
Compatibility Mode
Control Panel
Define A Backup Strategy
Disk Cleanup Utility
Disk Defragmenter Utility
Disk Management Utility
Group Policy Editor
Hard Drive Partitioning
Install/Use Recovery Console
Management Console
Paging File
QFECheck Utility
Stop Error Messages
System Restore
Re-enable System Restore
System Services Guide
System Volume Info Folder
XP Shutdown Troubleshooting
Hardware
Move Current XP Hard Drive
Replace XP System Motherboard
Miscellaneous
Bill Gates Newsletter
Bits to Exabytes
Longhorn 4015 Preview
Windows Timeline
Windows XP FAQ
Outlook Express 6
Repair IE6 and OE6
Repair Spell Check in OE6
Welcome Screen Mail Notification
Internet Explorer 6
List of Fixes in IE6 SP1
Maximize IE6 On Opening
Repair Internet Explorer 6
Repair or Reinstall IE6 and OE6
Virus/Spyware/Malware
Blaster and Sobig Worms
The Download.Ject Mess
Return Receipt Outlook Scam
Windows Live OneCare
Downloads
Baseline Security Analyzer v1.2
XP Media Player 9
Release Notes for WMP9
Recent MS Service Pack Listings

 
Knowledge Base Articles
Accessibility Options
Add or Remove Programs
Appearance and Themes
Date Time Language Regional
Network and Internet Connections
Performance & Maintenance
Printers and Other Hardware
Setup
Sounds Speech Audio Devices
User Accounts
Microsoft Resources
Windows XP Professional
Windows XP Home Edition
Windows XP Expert Zone
Microsoft Security
Desktop Deployment Res. Ctr.
Microsoft TechNet
MSDN
Product Support Services
Microsoft Download Center
Guide to Downloads
Windows XP Support Center
Windows XP Technical Overview
Microsoft Skills Assessment
 

Has The Elder Geek
site been useful?

Consider A Donation
 
Privacy Policy
 
TEG is hosted by:
Hosting Matters
 
 
Recommended: Click here to run a FREE system scan


 
"Phishing" E-Mail Scams

Have you ever heard the term 'phishing' used in relation to computer scams? Years ago, I think it was the second day I had an account with AOL, a message popped up on the screen stating there was a problem with my account and AOL needed to verify my credit card information. All I needed to do was enter the card information in the convenient little message box and all would be well with the account. Even back then the process of trying to gather personal information by unauthorized means was known as phishing.

Being a suspicious person by nature I didn't bite in spite of the dire warnings my account would be suspended or cancelled, but I wonder how many did take the bait and send off the requested information. Phishing has been going on for years. Only the level of sophistication and methods employed have changed. Because e-mail has become so popular it only stands to reason it would become a popular vehicle for phishers to deliver their scams. If you're online and have an e-mail address you can be targeted by phishers. The scam e-mails are spammed to millions of users in the hope that users with an account at the targeted organizations will respond. The question is, how do you recognize when you're the target of a phishing expedition and what steps do you take to avoid being taken in by the scams.

There's no doubt the sophistication level of scams has increased over the years, but truthfully, your best defense against phishing predators is your own common sense. Think about what you're reading, what you're doing, and what's being asked of you. As hard as it may be to believe, I know users that have actually been duped into supplying their personal information to fake sites targeting legitimate businesses where the user doesn't even have an account. Some of the fake sites can be that authentic and realistic in appearance.

It must be serendipity. While I was typing this article. I'd taken a break to get some coffee and go check the mail. While I was wandering around outside I was thinking I needed a phisher e-mail for the article but was pretty sure I hadn't saved any of the dozen or so I receive every week. Sure enough, I come back inside and what was sitting in the inbox but a brand spanking new phisher ploy just itching to be in this article. Here's the e-mail I received. Obviously, the slightly sarcastic comments in red italics are mine.

Dear U.S. Bank account holder,

First of all, until I did a quick Google search I had no idea if US Bank was even a real entity, but one thing I do know is that I don't have any accounts with them. And even if I did have an account with them I'd expect them to know my real name and account number and include it in the heading of the letter.

We regret to inform you, that we had to block your U.S. Bank account because we have been notified that your account may have been compromised by outside parties.

The 'regret' word. That's always a sign of bad news. Before I even have a chance to read the letter I know this isn't going to make me happy.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account.

Here's the set up. Let's make this perfectly clear that if anything bad has happened it's your fault because you violated the 'terms and conditions' agreed to when the account was opened.

These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations.

What a tidy little laundry list of  crimes. Not only does the author of the letter know who these criminals are, but now I've been lumped into the same group. Woe is me; how am I ever going to be able to disassociate myself from these criminals, prove that I'm a law abiding citizen, and have access to my accounts. The Title 18 violations is a nice touch. Even if you aren't aware Title 18 violations deal with conspiracy, racketeering, counterfeiting, and a number of types of fraud it still sounds like something you'd rather not be associated with.

In order that you may access your account we must verify your identity by clicking on the link below.

Thank goodness, there is a way I can solve this problem and it's as simple as clicking on a link.

Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below.

Wait - wait, I'm clicking right now. I'm a slow typist. Please, I'll tell you anything you want to know - just don't deny me access to the account.

Thank you for your time and consideration in this matter.

Damn, you'd think a letter as important as this one would have a name and a phone number so I could contact them directly if there was a problem with the hyperlink.

https://www.usbank.com/account_verify/cgi/index.htm

Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity.

One final little jab with the word 'frozen' to get you clicking on that link just in case there was any doubt in your mind that this might be a phisher scam.

Compared to some of the phisher e-mails I've received this one scrapes the bottom of the barrel. It's pretty much old school thinking in that it tries to use scare tactics to motivate the recipient and is missing many of the touches that add a sense of legitimacy to more modern scam e-mails. If you've seen any of the e-mails that make heavy use of graphics, formatting, and logos you're aware of how realistic they can appear. They accurately duplicate the format that companies use to send legitimate e-mail and can easily fool even the trained eye into thinking they originated from a legitimate source.

What can you do to protect yourself against phishing and other scam e-mails? Again, use common sense and follow these suggestions.

  • Be suspicious. The days of innocence on the internet are over. Just because the e-mail says it's from [insert company name] and has all the official looking logos and graphics, it isn't necessarily so. I've been at this a long time and can honestly say, with one exception, I've never received an e-mail from a legitimate organization that wanted to update my personal information. The one exception I mentioned was a newsletter from one of the major internet publishers threatening to cancel my no cost subscription if I didn't update my personal information. I saved them the trouble and cancelled it myself.

  • What do you do if you think the e-mail might be legitimate? Look and see who the e-mail is from, or at least who the address claims it's from. In the example e-mail I used above, it was so poorly done that the senders e-mail was actually a Yahoo e-mail address. Here comes the common sense thing again. Do you really think a legitimate organization entrusted with your personal information would have a Yahoo, Hotmail, or other throwaway type e-mail address?

  • However, just because the e-mail address looks like it's genuine that doesn't mean it is legitimate. It's a simple matter to 'spoof' an e-mail address so it appears to come from one place when in reality it's as fake as [deleted plastic surgery body enhancement reference].

  • Understand that in spite of all the work that goes into a phishing e-mail to make it realistic, the sole purpose of it is to separate you from your personal information that can be used to steal your identity, bank accounts, credit, cards and whatever else a thief covets. That is done by enticing you to click a hyperlink within the body of the e-mail that takes you to a fraudulent website where the information is collected. The solution is simple --  don't click. Delete the e-mail.

If it was that easy the phishers would be out of business, but human nature being what it is, there are going to be those that go ahead and click the hyperlinks anyway, or at least those users that will be tempted to click just to see what happens. Rest assured that whatever happens it's not going to be in your best interest.

Using the hyperlink from the example e-mail above, https://www.usbank.com/account_verify/cgi/index.htm, it seems pretty straightforward that you'll be taken to a web page on the bank site. That isn't the case. Although I've deactivated the hyperlink for this article, if it was a working link and the mouse was hovered over it you could see that the real address for the link is http://www.usbank.com%01@bos.es.kr/index.htm.

Even though the second address starts out the same way as the one in the e-mail, the real link contains "%01" and "@" characters that can basically redirect an unsuspecting user to fraudulent websites. This is accomplished by exploiting a known flaw in Internet Explorer that has yet to be addressed by Microsoft. I suggest you read Microsoft Knowledge Base Article - 833786 / Steps that you can take to help identify and to help protect yourself from deceptive (spoofed) Web sites and malicious hyperlinks for a full explanation. I have no idea why this issue hasn't been addressed by Microsoft, but given the severity of the consequences I think it's past time for some action.

Finally, the question always comes up about what to do if you receive one of the scam e-mails, or even worse, if you are the victim of one of the phisher scams. I've read tons of advice on e-mailing organizations and agencies to report the e-mails, but if I was a scam victim I'd pick up the telephone and call the company. It's too easy for them to ignore your e-mail and you want to get the issue resolved immediately, not when someone feels like getting back to you at their convenience. In cases like this, time really is of the essence.

As for reporting the e-mails you receive I really don't see much point in bothering. Go to almost any of the major websites that are targeted by phishers and try to find a link to send in a report about security breaches or scams. If you do manage to locate an e-mail address the chances are it will be buried deep within the bowels of the site. Combating these scams seems to be a very low priority for most companies, almost as if admitting scams exist somehow sullies the company reputation. There are also government agencies where reports can be filed, but again, I don't see the point. Learn to recognize phisher scams, delete them without response, and the problem will disappear.
 
 

 

TEG Vista Main

TEG Win 7 Main
Windows 8 Main Logo
TEG Win 8 Main
Slipstreamed XP/SP2 CD
How to create including
burning instructions for
Nero and Roxio

Slipstreamed XP/SP3 CD
 
 
Be sure to visit TEG on
Vista and Windows 7
 
 
 
Service Pack 2
Articles Archive

Guide to Simple File Sharing
Share Folders, Files, and Printers in XP Home and Professional

Virtual Memory Paging File
Size - Optimize
Defragment - Monitor

Common Solutions
Download VMware Workstation 7.1 Today! 
Trend Micro Titanium Internet Security 
 
Roxio Creator 2012 Pro 

Has The Elder Geek
site been useful?

Consider A Donation

Basic How To Articles
for XP Newbies

 - Managing Starting / Stopping XP
 - Managing Desktop Components
 - Managing Basic Hardware Settings
 - Managing Folders and Files
 - Managing Applications

Troubleshooting Shutdown Issues

XP File Management
Tips to organize Quick Launch, Search, and Windows Explorer for easier, efficient use.

Protecting System and Data Via NTBackup
Backup w/ Wizard
Backup w/ Adv. Mode
 
Windows Update Catalog
Windows Update Catalog offers centralized XP and .NET Critical Updates, Service Pack, and Hardware Driver Downloads

Automatic Update

Advertise with TEG
Rate Card

XP Power Toys
Power Toys Download

Clean or Upgrade
XP Installation?
Which is better?

Has The Elder Geek
site been useful?

Consider A Donation
 
Bare Bones Troubleshooting
Tried everything and can't get XP to install? Take a look here.
The 'System Volume Information' Folder
What is it and why is it taking up room on your hard drive(s)?
Microsoft Management Console
A Guide to Understanding and Using This Often Overlooked but Useful XP Feature
Registry Tweaks and Edits

Backing Up and Restoring the XP Registry
 
Accessing The Different Methods of Repair Available in Windows XP

Generate File Listings from IE Context Menu

The "Send To" Menu Command
Add your own frequently accessed locations to make this context menu more useful.

Has The Elder Geek
site been useful?

Consider A Donation
 
Create A Personalized Boot Logo Screen

Using XP Disk Cleanup Utility

Using Disk Defragmenter Utility

Common Solutions

Tips and Solutions Arranged by XP Control Panel Groupings
UK - avast! Logo, homepage 
- Reminder -
For many months now I've been posting a reminder about 'Patch Tuesday' or 'Second Tuesday' as it has come to be known when Microsoft releases the latest round of updates for Windows XP and other products.

If you're using a Microsoft operating system (and it's likely you are or you wouldn't be on this site) it's once again time to head for Windows Update for the latest round of Critical and Security updates.

As always, I strongly suggest you read about any update prior to installation, especially updates carrying a less than 'Critical' rating, and have a current system and data backup available in case it's necessary to restore the system to a pre-patch condition.

More info at Microsoft Security Bulletin Advance Notification
 
 
Custom Search
 		    
 
Important Information
The Elder Geek sites contain many articles and suggestions for modifying the Windows operating system. I've tried these tweaks and tips on many systems. Sometimes they work, sometimes not. The point is, ensure you have a current, tested backup of all system and data files and understand how to restore the system in case something goes very wrong. You can still yell at me, but I assume no responsibility for your actions and use of the information and disclaim any legal responsibility for any consequences of such actions.
 
     
  Copyright © 2002/2003/2004/2005/2006/2007/2008/2009/2010/2011, Jim Foley/The Elder Geek, All Rights Reserved Worldwide
 Reproduction, in any form, of information on this site is prohibited without express written permission.
 Microsoft is in no way affiliated with, nor offers endorsement of, this site.