Thursday, July 5, 2007

Scammed Again!

Jim, you almost got scammed again, you bonehead! What’s a matter whi-choo? – Jim Fisher, Florence

I was once confident that I would never be boneheaded enough to fall for a phishing scam (A phishing scam is where criminals, via email, try to trick you into revealing personal information in order to steal your stuff). I am an “expert computer guy” and far too smart to fall for that stuff. At least that’s what I thought until I nearly became a victim of a PayPal scam over a year ago. As part of my self-imposed punishment for being a sucker, I confessed my stupidity in this very column in hopes of teaching my readers and myself a lesson. Well, those roguish scammers fed me another piece of humble pie today. Allow me to explain.

I buy and sell things on eBay from time to time. We sellers occasionally receive eBay-generated email from buyers asking a question about an item we are selling. The sloppily-written email message I received today was, “Look, There are now 2 months since I paid for the item and I still didn`t receive it. unless you solve the problem the first thing I shall report you to eBay and second I shall go to the police . I am loosing my patience.”

I didn’t recall (italics) NOT sending anyone anything so my first thought was, “Who is this mammering, beef-witted, measle that is trying to ruin my morning?” I dutifully clicked on the familiar “Respond Now” link to ask him what product he was referring to. Clicking “Respond Now” normally takes you directly to eBay’s website where you can log in and respond to the inquiry. When I clicked it, I immediately received a warning from my browser that the website I was accessing was a suspected phishing scam.

Thankfully, I had updated my preferred browser, Firefox, to the latest version. The latest versions Firefox and Internet Explorer both have anti-phishing filters built into them that flash a warning if you try to access a phishing website. If it weren’t for this anti-phishing technology, I would have fallen for another scam and my eBay account would be in shambles by now.

Research indicates that these motley-minded villains collect eBay usernames and passwords then bid on various items. Once they win an item, they try to trick the seller into sending the items to (usually) a Nigerian or Eastern European address. The fraudsters then sell the items on the black market.

So, if you think you would never be suckered into such as scam, I ask you to join me in enjoying a piece of humble pie. We are all susceptible. As soon as a scammer out-smarts you, you will also become a victim. So we should all do everything we can to make sure this doesn’t happen. Start by updating your browsers to the latest versions.


Anonymous said...

how about just reading the url, it's not https, it also has a url like Also no ssl lock present. You could just open the real login page and compare! It's just another spoof and we all get them every week. Forget trying to make your browser protect you and just READ before you login on Ebay or Paypal. And you will be safe for sure. And NEVER link to a login from EMAIL.

...phread said...
This comment has been removed by the author.
...phread said...

This comment is for anonymous up there. Listen, it's not always that simple. I block these sites for a living, at least part of my living, and some of these custom phishing sites can be pretty clever in appearance. Do you not think that phishers can get https: to show up in the address bar, or make it yellow, or put the ssl lock up there? They can, and I see it all the time. Maybe run a little javascript that completely replaces the address bar with a picture of an address bar.
Now don't get me wrong, you're right when you infer that paying attention is the best way not to get fooled, and Firefox doesn't hurt either, but being that confident in your ability to simply watch the url, may just get you fooled too. xoxo

Anonymous said...

Mr. Anonymous obviously thinks he is immune to these kinds of attacks.

I think the wgole point of the article is that all of us are suseptable to these attacks and we all could use all the help we can get. Some more than others but I'm sure my Anonymous will be humbled one of these days, too.

Anonymous said...

If one has been fooled all the way to the sentence about "Never follow a link to a login" Stop,think and dont break this rule. Dont follow a stranger into a dark alley and dont follow links from email. Enter legit site name EVERYTIME for login. NO exceptions.