Dear Lazzie
OpenLaszlo under a Bushel?
The difference between `.` and `[` in Javascript
Advice for the OpenLaszlo optimizer
More…
Peeves
Play
Thought for the day
Using your iPhone overseas without getting screwed
Label me 'optimistic'
Loose-lose proposition
More…
Wishes
Work
Pizza, Beer and OpenLaszlo [Part Deux]
Free as in beer, Open as in source
It's Fresh!
More…
Archives
2004-03-18
Phishing with HTML
You may have received an email that looks a lot like this recently, telling you you need to log in to either update your account or read an important notice. Looks pretty official, huh? Don't be fooled. It is not from Wells Fargo, despite all appearances. Perhaps you know that because you don't have a Wells Fargo account, so they shouldn't be sending you email anyways.
These types of scams are known to nerds as phishing — the scammer is trying to lure you in with an official-sounding email. Wells Fargo is hardly the only company that has been a target of these types of scams. antiphishing.org has a list of recent scams, if you want to see the variety and complexity of some of these scams.
If you are a Wells Fargo client and lucky (or perhaps smart), you didn’t receive an email that looked like this at all. You may be running an email client that is too old to display fancy HTML mail. Or maybe you don't like HTML mail and have turned that feature off in your email client. If so, you got an email that simply said:
In order to view this message your e-mail client must support HTML format.
If so, you are better off than the majority, who are most likely using either AOL, a Microsoft product, or perhaps Hotmail to read their mail. These companies, in an attempt to serve you up spiffy email, have made it possible for scammers to pose as legitimate businesses and rip you off.
How does this scam work? This email is constructed by the scammer copying a web page right from Wells Fargo’s web site, and then carefully changing the link for the button to send your login and password (if you are duped into clicking) on to their computer, where presumably they will use it to drain your account.
This type of scam is one of the many reasons Microsoft is now recommending that you never click on anything in email. Don't even copy and paste a link. You have to type the link yourself, to be (somewhat) assured that the link your browser is going to is the link you mean to go to.
For me, I find HTML mail essentially useless. I turn off this feature in my email client, and as a result, can easily identify most spam and scams by the fact that their email does not display. Anyone who has important information to communicate to me had better send a plain text version of it.
If you are stuck with HTML mail, take care before responding to email that may appear to be from your bank or some other financial institution. Just like an unsolicited phone call, don't divulge personal information or passwords. If you really think it might be important, call them, using a phone number you can verify (like the phone number on your credit card or bank statement) and ask.
2004-03-15
Hanging bits
Bizarre election results in California have been traced to an electronic touch-screen ballot system. But no one is quite sure what went wrong, and because there is no paper trail, no one is ever likely to get to the bottom of it.Computer Voting Snafus Plague California