It’s Time For “Scam I Am!”
New here? You may want to subscribe to my RSS feed. Thanks for visiting!
I just received a scam in my email, or to be more precise, a phishing attack. What’s phishing? It’s when someone attempts to convince you that they’re someone they’re not to get you to do something. Think wolf in sheep’s clothing.
This latest attempt came out of the blue. Clue one. It was from a company I had never done business with nor heard of. Clue two. And finally, it didn’t show the email address it was using to get to me. Clue three. Any company I’ve done business with, to the best of my knowledge, has used the email address in the header of the message.
But the real telltale sign of this whale of a phish is the fact that the URL in the message was pointed to somewhere else entirely. Where? Well, it wasn’t the Federal Credit Union site, that’s for sure. How did I know this? Easy. I rolled my mouse over the link and looked at the bottom corner of the browser to see the URL it would have taken me to.
Here’s the message:
Account Info Verification
Dear FCU holder account,
As part of our security measures, we regularly screen activity in Federal Credit Unions (FCU) network.
We recently noticed the following issue on your account: A recent review of your account determined that we require some additional information from you in order to provide you with secure service. Case ID Number: PP-065-617-349 For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause. Please log in to your FCU account to restore your access as soon as possible.You must click the link below and fill in the form on the following page to complete the verification process.
Click here to update your account (<-- link removed)
In accordance with NCUA User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your FCU account as soon as possible to help avoid this. We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account.
We apologize for any inconvenience.
Sincerely, NCUA Account Review Department
Had I clicked on the link I would likely have found a place to enter my username and password. Doing so would have given them quick access to whatever I had in there. Fortunately, I didn’t have an account with FCU, so I didn’t have what they were likely to be looking for in the first place. Or perhaps they would have asked me right then and there for my personal details — whatever I could give them.
But that may not have been the only danger. It is possible to download malicious code to your computer just by browsing to a page. Even something as innocent as viewing an image could have infected my computer with a virus, that is, if I didn’t have defenses in place already. 
So the moral of this story is:
- Don’t click on any link in an email message unless you’re absolutely, positively sure it’s from someone you know AND it makes sense they would send it.
- Before clicking on any link, be sure to roll your mouse over it first to show the true destination. If you can’t see this, then perhaps you can view the source of the message and examine it that way. Sometimes these phishers include valid links in their messages just to lull you into a false sense of security.
- Go to the company in question’s web site on your own, meaning either use a bookmark you already have or type in the URL that you know. Don’t use the one in the message. Or simply give them a call using a number you’ve looked up yourself.
- And if at all possible, contact the company — the real one — to report that there’s a suspicious email going around.
[tags]web safety,internet safety,phishing,scams[/tags]
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
I get these all the time from a PayPal phisher too. I wonder how many people actually get dupped and enter their personal info into the prompts.
Hi Megan, I wish that weren’t the case. I mean if these people would use their skills for good, just think how much better communications would be for something that really matters. 
[…] Your page is on StumbleUpon […]