Phishy email? Don’t pass it on!
Carmen Lahiff-Jenkins
In 1993, Jon Venables and Robert Thompson both ten-years-old, abducted and murdered toddler James Bulger. They stole the child from a supermarket where his mother was shopping and were captured on CCTV leading the toddler out of the centre and away, where they proceeded to torture and abuse him until they then killed him; they placed his body across a train line where he was sliced in two. The public and media response was intense. Eight years later the case was again a media lollipop when it became known that the boys, now young men, were to be released.
It was about that time that an email petition began circulating, outlining doctored facts of the crime with the claim that the killers would be released in Australia for their own protection with false identities under the order of Lady Justice Butler-Sloss. Accompanying the email was a highly emotive image of two teenage boys with missing teeth, greasy hair and horrifying grins. The image like some of the facts quoted is false; it is not of the boys Venables and Thompson.
I’ve received this email via various sources up to and possibly even more than five times in over eight years. This email like many others of a similar vein is a hoax. How sick is that!
Generating an email petition based on an emotive story, fake photograph and fake threat is an illegal fraud and along with other versions which include requesting bank details to store the money for a phantom bank clerk from Nigeria, is called phishing (sounds like fishing).
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading, in this case, as a community member acting for the good of the community, except they’re not.
The Nigerian hoax which has been running for a very long time has, according to Scambusters, resulted in deaths and many missing foreign nationals who were actually tricked into travelling to Nigeria to collect the supposed monies ranging from $10-$60 million which the Nigerian government supposedly overpaid on some procurement contract.
When you pass the email petition onto friends your email lists bounce back to phishers who harvest those details which then become tools for various forms of identity theft.
Sorting the phishing from the legitimate online petition is not always simple. However, in the case of the Bulger email, I typed in Jamie Bulger and a string of hoax message sites came up all with slightly different reasons it was a hoax, in fact some hoax sites claimed the email is true but just out of date!. So, people really do need to do their research. There was never any chance that the Bulger killers were going to be sent to Australia, they wouldn’t be eligble to apply for visas under Australian law, and even if they had, they would have been living in Australia for eight years by 2008 and yes, the petiton then would have been out of date. Which is why an undated petition is the first questionable sign of a possibly fraudulent email connected to phishing. Other signs are; no evidence of names or organisations; bogus email and website addresses which don’t match ones you have had before; poor spelling and grammer.
Online petitions are still an option for the incensed to express dissent. Most legitimate groups have online website accessible petitioning options. There are of course a few standard scams that get around. The eBay hoax is a common one which starts
‘We regret to inform you that your eBay account could be suspended if you don't re-update your account information. To resolve this problems please click here and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 24 hours, after this period your account will be terminated.’
Legitimate online organizations are not legally allowed to keep your credit card details beyond the transaction, any emails asking for Pay Pal account users to update their credit details are an obvious hoax. Also, it’s very unlikely eBay would terminate a customer account without good reason (like you had been involved in criminal activities using their service) because your account generates income. Account Guard, part of an eBay web browser toolbar that users of the online auction site can download for free can help to protect both eBay and PayPal users. Account guard detects suspicious behavior, such as web URLs that disguise the true internet address of the visited site.
Financial institutions, like ANZ, National Australia Bank and St George are often targeted by phishing scammers; money being the direct source of their motivation after all.A phishing scam message distributed in late May 2006 informed recipients, some who did and some who didn’t hold an ANZ bank account, that their account had been suspended and urged them to click a link in the email in order to restore their account. The link led to a fake website designed to resemble the genuine ANZ login page. Phishers were able to access and harvest all details entered by victims. The email lists harvested by the phishy Bulger email and others similar in style, are what phishers utilize to send out the ANZ and other financial institutions, fake emails.The ANZ scam email in HTML format included a genuine ANZ logo, which anyone can access in GIF format on the web. The hyperlink in the message was disguised to look like a legitimate ANZ web address, which is why it is important to use your regular URL, if you don’t bank online then don’t even consider it. Poor spelling and grammar were the main indication the site was counterfeit.
It is highly unlikely that a banking organization would request that customers update details online. People must keep falling victim though, these phishing scams keep entering the online world renewed and reinvigorated; the only real way to beat them is to educate ourselves on how to recognize that their claims are illegitimate.
The Department of Broadband, Communications and the Digital Economy has a fact sheet to help spot phishing, they suggest the following.
1. Pause and think;
Is it a message that you would expect to receive?
Is it one that you have received from the financial institution or company before?
Are there related announcements on the financial institution's or company's website?
2. Follow your own path to the site you choose;
Check the website with your usual URL, don’t use their links.
3. Report it.
4. Delete the phishing mail.
Instead of passing on the email or deleting it, if passed from someone you know, send the link to the fact sheet and explain that it’s a scam and stop it in its tracks, those fishy buggers.
More helpful ways to identify phishing scams.
http://www.snopes.com
http://www.hoax-slayer.com
http://www.truthorfiction.com
http://www.spock.com
http://www.breakthechain.org
http://www.scamwatch.gov.au
http://www.dbcde.gov.au/communications_and_technology/publications_and_reports/2004/may/phishing_-_dont_take_the_bait!_-_fact_sheet
No comments:
Post a Comment