Gone Phishing!

Wondering why everyone is talking about fishing on the internet lately? Well, they are referring to Phishing, the technique hackers and spammers use to steal your identity. The Anti-Pfishing Working Group does a much better job of explaining it.

If you haven't seen this technique yet, let me share one with you in the hopes you can learn how this works and avoid getting the hook set. I just received this email from an Ebay member. (don't worry, I disabled the Respond Now button)

Notes of interest:

• Well done page layout. Looks like an authentic email from an Ebay user in the UK.
• Page uses the real images and security warning pages from the UK ebay site. Tricksy hackers use ebays own warning message to not reply to the email to get you to use the authentic safe Respond Now button. We are dealing with clever social engineering here.
• Man, what a guilt trip. How can I deny not helping this poor old woman in the wheelchair?! Dang, these clever chaps will make you swallow the hook.
• OK, I'm a sap and press the Respond Now button. What you will get is a very authentic Ebay login site.
  
• Notice the URL. A dead give away. But as a good little camper, I enter my Ebay information. At this point, I'm taken to Ebay's real site telling me my login failed...as that's not my real Ebay login info.

So why all this fuss to get my Ebay login info? Well, the biggest trend now is to setup a fake auctions and get folks to send cash for items they have no intentions on sending. And they are hoping you don't check your ebay account activity until you start getting the nasty grams from the buyers or find your ebay account has been suspended.

As for me, I will be sending Tivo a nasty gram asking them how in the wide world of sports did a spammer get an email address I only use for Tivo.

[Edit] Appears I'm the idiot that released my Tivo email account to the world. Bots are now crawling through blogs and web sites looking for valid email accounts and selling them to spammers. And sure enough, I listed my Tivo account in a previous post many many moons ago as a referral. So the lesson here folks is:

• Don't list your valid email address as text format (html, asp, aspx, JS, etc...) on your web page or blogger.
• Avoid using the Mailto: tag as a contact us mechanism
  
• If you insist to leave your email in text format or using the email tag, then use a prefix tag in front of your email address that will force a human to remove it before they send you the email. Such as Remove_SpamTag_Myemail@goferboy.com. In this case, the user see they need to remove the prefix to the point they get the valid email which is Myemail@goferboy.com.
• Take the "You must be this tall to ride this" approach and use Norwood Matt's approach to contact him. Scroll to the bottom of the page and make sure you break out the slide rule and Cap't Crunch decyption ring to successfully send him an email.