Nice Try

  • Posted by smijer
  • May 19, 2007

Wow! I was this close to taking the bait. Some misanthrope has been phishing with Monster.

The sender got the e-mail past Norton’s spam filter - not a terrific feat in itself, but a good first step. The e-mail was formatted perfectly with the familiar logo and style scheme. Got my first and last name right. That can only have been through the employer tool at Monster.

I thought it an odd request, and a bad move for Monster’s business model, but then, who understands the mind of the bean-counters at a place like that? Probably they had just found a way to squeeze another buck out of somebody and needed this to make it happen.

I didn’t click the link. I like to choose an open window and copy and past the link. Nevertheless, the URL did embed enough information for the spammer to figure out that the e-mail address was live - if he’s looking. I expected to go to a Monster log-in page. Had I, the spammer would have probably gotten what he wanted - user account info and his virus or spyware installed on my computer. Maybe I would have thought to look at the URL in the address line. Maybe not. Instead, the link tried to start a download right away. At that point, the bells started ringing, and I declined the download.

So that’s a lesson to me - always stay on your guard, no matter how legit something looks.

For others, who may be less wary, here are the recommendations I make and usually abide by myself:

1.) Never log in to a web-site from an e-mail unless it is a confirmation e-mail that the registering site has advised you to watch for, and you are sure the registering site is legit.
2.) If you click a link from an e-mail that purports to be from an organization you deal with, when the link opens be sure to check the URL as it appears in the address bar of your browser! It must match exactly with the URL of the organization you deal with, starting with the http: and ending with the extension (.com, .net, etc…) There may legitimately be other chacters following the domain name and extension, but there should be nothing preceding the domain name - particularly not ip style numbers (192.168.1.1/domainname.ext/blahblahblah). This is a very common phishing practice. The spamme hopes you will see the “domainname.ext” and ignore the fact that you are being directed to an ip that has nothing to do with that domain.
3.) When in doubt, don’t
4.) Don’t reply, don’t click “download pictures”, unless you are sure of the sender. This is a good way to avoid confirming your e-mail address to a spammer that will sell it to other spammers.
5.) If you are suspicious, but you absolutely *have* to see the website, rather than clicking the link, right click to copy the address and paste it to the address bar of your browser. Before you “enter” or click “go”, look for a series of characters (i.e. 756471d577654431f201c554fa9523b296c02a1), preceded by something like “?id=”. Delete that portion of the address. You will then get a glance at the page to which you are being directed, without revealing to the spammer that your e-mail address is valid.

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Information
May 19th, 2007
One Response
Feeds and Links
Comment Feed
From This Author
Del.icio.us
Digg
Technorati
Categories
Sci/Tech

Other Posts
CQ on Flynt on Falwell (politics v. humanity)
He’s Makin’ a List

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Reader Comments

Comment Number:
1
Written by:
Jan
Posted on:
May 20, 2007 at 6:42 pm

It sure is nice to have a knowledgable son like you to teach me these things. I did not know about the ID thing. Thank you, thank you very much.