Friday, March 12, 2010

A couple of phishing scams

Here are a couple of new phishing scams that hit my email this morning.

Like anything, a little attention to details will help to avoid these.  Of course, why the South African government would want to give me a tax refund is ridiculous to start with.

Below is the faked email from the South African Revenue Service

And here is the faked web page:

Now if you bother to click on any of the links in the left column, none of them work. However, if you are careless and click on the bank logos so you can get your refund, you get faked pages for the banks asking for what else?; Your bank log in information.

Again, none of the site links work.  Once your personal information has been captured, it doesn't matter since the damage has been done.

Another dead giveaway is the web address:

As you can see, the real URL is appended to the phisher's site URL to make it appear like it is going to a legitimate site.

Here is the second one I got this morning:

Looks kind of sort of legit on the surface.  Until you open the attached word document that is.

Outside of the normal clues to a phishing scan, namely the poor English, a couple of nice touches are included:

Using gmail as the return email address.  Like Google has to use their own free email service.  If you notice, in the email address:
that foreign is misspelled, that is another clue to a scam.

And the little bit at the end about keeping it confidential.  Don't tell your friends and family!  Probably because they will tell you that you are getting scammed.

Any time you get something from someone who is not in your address list, be careful what you click on!
Reblog this post [with Zemanta]

1 comment:

  1. Good article, but something you don't mention is 'tab nabbing'.

    this is a 'new' kind of phishing, where you will go to your bank, or whatever, and close the tab (tabs being the things at the top of most modern browsers), when you close your tab(bank) it closes then, inexplicably, re-opens, but this time, it's the spam.

    Then it looks like the bank, but you have to re-enter your password. The screen will look identical, but it's on re-entering, that they grab your log in details... So, please be careful.

    I explain it further on my site and what to look for...


I have moderated my comments due to spam.