No Phish For Me Today

I read this story this morning.  “There’s A New Scam To Steal Your Gmail Info, And It’s Hard To Catch“.  In the article, there’s a phishing login page compared with a legitimate Google login page.  I must admit, it looks good, very good.  I could see how someone might fall for it if they were unfortunate enough to want to click a link sent to them by email.

Almost on cue, I received a couple of phishing emails myself.

Now, this was relatively easy to spot.  Note that the source of the email had nothing to do with the actual company that it was supposedly going to send me to.  Of curiosity, I did what you should always do in these cases and hovered my mouse over the “SHOP NOW” link and checked to see the address that I would be sent to if I clicked.  It was somewhere ending in .ru so I just did a screen capture for this post and then blew it away.

The second phish attempt was more difficult to determine.  It came on the heels of me buying a song from the Apple Store (American Skin 41 Shots by Bruce Springsteen) and I had been lying down playing Words with Friends on my iPad when it came in.  I opened it and the sender was  Kind of legitimate but I became suspicious with the “online” account.

But, as a good user, I read the message in case it was important.

Now, on an iPad, you don’t have the option to hover over a link.  What to do?  What to do?  Of course, the paranoid in me says “don’t do anything until you get your hands on a mouse”.  But then I read it again and spotted the flaw.  There’s no possible way that this message came from Apple.  Can you spot it?

It’s too bad because I’d like to complain about what a beast iTunes has become.

Oh, and by the way, the hover technique revealed that the destination link ended in .au

Bottom line, you can’t be careful enough.  When there’s any kind of doubt, just don’t click.  If it’s important enough, they’ll send you a second message of contact you in another way.


4 thoughts on “No Phish For Me Today

  1. Several problem with the “Apple” email – capitalization of apple and confirm, no reason for them to ever send you this email (are they asking for you to confirm your password? Why? Your device asks you for this all the time), and I’ll bet they didn’t call you by your name (“Dear customer”).

    I recently had a phone call from a company claiming to be from Bell and offering to review my account details with me to “save me money”. I asked that he confirm some of my account details before I started to talk to him (he was indeed from a marketing company that Bell had hired). Strangely, he was happy to give _me_ information about myself, even though he didn’t properly verify _my_ identity. Disturbing, no?

  2. Oh, forgot to mention – don’t click links in emails you didn’t request. Pretty much ever. #rulesToLiveBy

  3. You got it, Lisa. I would imagine that would be a career ending move for a real Apple employee.

    And, Brandon offers great advice…don’t click those links.

Comments are closed.