Ever heard of phishing? It involves attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). [phishing] It's a form of social engineering.
Many years ago, around a time that I consider some of my first real programming took place, there were programs written in Visual Basic that sent 50 instant messages automatically to 50 different screen names using the same message. How would you get 50 different screen names of random people? Well, there were programs that would record the screen name of every person that entered a chat room you were in. So you'd just join a very popular chat room, sit there for about 15 minutes and have a list of 100 or so screen names. Then you write a message (there were many template messages that people doing this simply shared instead of creating their own) such as "Hello, Due to a recent server crash, we lost the account information for several of our members. Your account was among that list. Please respond to this message with your full name, AOL password, and credit card billing information. Thank you, America Online Account Services".
It was amazing. Out of 50 messages sent to random screen names, maybe 30 - 40 people would respond with the information! The perpetrators then gathered LISTS of this information on different AOL accounts and would either trade the information, or login to the AOL accounts and create a screen name for themselves (AOL allowed up to 5 at the time) to use while doing other unlawful activities.
So why am I writing about this now? Well I received an email today, from Amazon. It read as follows:
Dear raamdev, Your bank has contacted us regarding some attempts of charges from your credit card via the Amazon system.We have reasons to believe that you changed your registration information or that someone else has unauthorized access to your Amazon account Due to recent activity, including possible unauthorized listings placed on your account, we will require a second confirmation of your identity with us in order to allow us to investigate this matter further. Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed we reserve the right to suspend your Amazon registration. If you received this notice and you are not the authorized account holder, please be aware that it is in violation of Amazon policy to represent oneself as another Amazon user. Such action may also be in violation of local, national, and/or international law. Amazon is committed to assist law enforcement with any inquires related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the full extent of the law. **************************************************************** To confirm your identity with us click the link bellow: http://www.amzon.com/exec/obidos/sign-in.html (To complete the verification process you must fill in all the required fields) **************************************************************** Please Note - After responding to the message, we ask that you allow at least 48 hours for the case to be investigated. Emailing us before that time will result in delays. We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter. We appreciate your support and understanding, as we work together to keep Amazon a safe place to trade. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Thank you for your patience and attention in this important matter. Respectfully, Trust and Safety Department Amazon Inc.
Now I had to look over this email several times before I noticed what was wrong. I checked the email addresses, everything looked kosher! Then I looked hard at the link provided; amazon.com is spelled amzon.com! I clicked on the link, confident that it wasn't a virus and just a website designed to look like amazon.com. And sure enough, the page looks EXACTLY like an amazon.com page! It asks for your email address and amazon.com password. If you fill it out and click submit, guess what? Your information goes into a database of people who gave away their soul. Then someone can login to your account and buy stuff using your account, as well as mine other personal information about you! I wanted to write about this because I want everyone to learn how dangerous clicking on links and downloading files from your email can be. Go ahead and feel free to click the link above. See what the page looks like. But don't fill anything out!
If you ever receive an email requesting account information, BE EXTREAMLY SUSPICIOUS! No company or bank will EVER ask you for personal information through email. That's why I was so suspicious when I received that email. So please, this is your personal information, be paranoid about giving it away!
Update: Less than 12 hours after I posted this, Amazon has redirected the link in the email so that it points to their website. Now anyone clicking that link won't have a chance to submit any information. It's very nice to see things like this fixed so quickly.
I get this stuff all the time:
Bank One, US Bank Corp, Paypal, eBay, National City Bank to name a few of the popular ones. I also get a few from banks I never even heard of. Luckly these ppl who phish probably never have heard of my bank – since it is locally owned and only has 3 branches.
This crap reminds me of those emails that come stating help me to deposit 10mil in your bank account and I’ll meet you and share it with you. My Pastor almost fell for that one, at least he asked before replying.