Archive for February, 2012


Phishing is defined as a way of attempting to acquire information such as user names, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.  Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Many experts predict that 2012 will be as the worst year yet for phishing attempts.  Over the past few weeks I have seen first hand the rise of such emails.  Some are obvious and quite adolescent while others are very creative and sophisticated to say the very least.  Even if you have not had any experience with such emails there are some tell-tale signs to look for.  First of all, an e-mail from a legitimate corporation or institution will always have their domain as part of the e-mail address ie  Last week, I received an e-mail that read my American Express card had been compromised and advised me to click on the following link to obtain further information.  This was obviously a phishing attempt because I don’t have an American Express card but it left me wondering what other ways could one tell that an e-mail was not legit.  This prompted me to look at the sender address which turned out to be something like

A couple of days passed and I received another phishing attempt via e-mail that read my Citizens Bank account was compromised and my card had been suspended in an attempt to protect me.  It too read “Click here for more details”.  Again, I looked at the sender address and it read  This sparked my curiosity to find out for myself  how a bank or debtor would notify a customer in the event that their account had indeed been compromised.  I decided to make an appointment with the Vice President of a local bank to ask her that very question.  To my surprise, the Vice President told me “If we have your e-mail address on file we will contact you via e-mail that we have suspended your account to avoid further fraud but the e-mail would not contain a link of any kind for you to click on.”  She proceed to tell me “We also send notifications via postal mail to the customer notifying them that their account has been temporarily suspended and a new card would be issued.”  The fact that they would notify a customer via e-mail concerns me.

With that said, I decided to contact the Vice President of my bank to ask them the same question.  She told me “We never alert the customer via e-mail.  We will temporarily suspend the customers account to avoid further damage and then we notify them via postal mail.”  Keeping in mind not everyone is computer savoy, I think all debtors and financial institutions should contact their customers when their account has become compromised via postal mail rather than e-mail.

When I returned to my computer, another example of Phishing was in my inbox, this time disguised as a tax return error in my favor from the IRS.  The e-mail advised me to click the link below to receive the amount of $2400.00 dollars that was awarded to me due to a calculation error.  This email went as far as having an official seal from the state of Massachusetts.  To the unsuspected, this e-mail looked legitimate enough but once again, the senders address was the key ie  If this email were from the IRS, the domain would have been something like

One of the most intelligent men I have ever had the privilege to work with to date was an astrophysicist.  The best advice  he gave me then, which still holds true today was “Sit on your hands.”  You don’t need to be a genius to tell when something smells Phishy.  The internet is not a safe place, we all know that, think before you act and when in doubt, check it out.