Phishing Scams Seen at UD

In my email this morning, I just learned that someone tweeted a picture of me!

Not so fast. It’s email from a scammer impersonating a legitimate twitter account to get me to surrender my account information.

Click the image to see a larger version.

Even though the email appears to have come from twitter (the fake domain “postmaster.twitter.com”), it’s a phish. It’s not legit. Someone has spoofed a legit twitter account and standard twitter traffic, trying to social engineer your response: “Oh goody! A picture! [Click bit.ly link.]” If you follow the link in the email, you’d see a forged twitter page. The design and images make the page look just like twitter’s login screen, but look carefully at the URL:

Click the image to see a larger version of this forged twitter login page. Look carefully at the URL….

This scam points to the need for caution in following “shortened” links and to the need to Think B4 U Click! This scam is designed to make you so happy that one of your twitter contacts has posted a picture of you that you’ll just react by clicking the link, thinking you need to log in to twitter using the fake screen and–boom!–the scammer has captured your twitter username and password.

This scam probably originated with a legitimate account being compromised. Therefore, if you receive a phishing scam like this one, notify the real holder of the twitter account about the phishing attempt.

If you fall for this scam, log in to twitter.com and change your password immediately. If you cannot change your password because the scammer has already changed it, contact twitter to report that your account has been compromised.

The folks in UD’s Development Office report receiving a phone call that could be a variation on the phone support scam we mentioned last month.

I just received a telephone call from a man who claimed to be “Tom Collins,” with UD Business Solutions. He said his boss asked him to call me to get the serial number from my laser deskjet printer. I looked at the caller ID and it showed “PRIVATE NUMBER”, so I asked him if he was a UD employee. When he replied “yes,” I asked for his boss’s name and phone number saying that I would call him back. He then hung up on me.

This employee recognized that this phone conversation could have been the beginning of a scam support call. She knew not to give out serial numbers or confidential information to an unknown caller. Nice move asking for the phone number to call back!

Verizon recently sent out a phishing warning to many of its customers.

Recent phishing email has gone out with the Verizon logo and a link that LOOKS like a legitimate link. However, when you follow the link you go to a “pharming” site–a web site designed to harvest your personal information for criminal purposes–in this case, your bank account or credit card information.

After including an image of one of the recent scams, Verizon provided some very sound advice and announced a change in their policy (Emphasis added.):

To avoid getting hooked by such bogus emails, here are some tips to help safeguard your personal information:

• Do not open suspicious emails. Look for misspellings, awkward requests or inconsistent grammar.
• A Web site link included in an email can make getting to a Web site easy, but it can also be used to send you to a malicious Web site.
• If you have doubts about the authenticity of an email, do not click on any links in the email – instead, type the Web site or Web page address into the ‘address bar’ of your browser.
• Never type sensitive personal information, such as social security and/or driver license numbers or account numbers and/or passwords, in a reply email.
• Use spam filters to block suspicious emails.
• Use anti-virus and anti-malware software to automatically detect and eliminate malicious software.
• The best practice when you find a phishing email is to either immediately delete it or report it to the company or organization being impersonated. Like Verizon’s abuse@verizon.net mailbox, many companies have set up an ‘abuse’ or ‘security’ mailbox to receive those reports and provide customer assistance.

Finally, in order to provide you with additional confidence in Verizon alert messages going forward, Verizon will be removing live ‘clickable’ links from any alert messages we send you regarding payment processing problems or credit card and/or bank account issues. You can continue to access and make changes to your account any time of the day or night at www.verizon.com.

We quote the Verizon email at length because it provides such good advice and because it announces Verizon’s new policy NOT to include links in a variety of different billing and customer service email messages.

Stay safe. Keep deleting those phishing scams.

Here’s a fun one that looks like a notification about something at AOL. What’s tricky about this one is that it uses a mixture of a real AOL graphic, real AOL links, a spoofed real-looking AOL email address, and one doozy of a bad link–takes you off to a bogus Viagra sales site. Don’t click the link in this email: note what shows up when you hover your mouse over the main link!

Have an AOL account? Think it might really have a notification? Don’t click the link; go to the AOL site and log in to look for the notification. And this email message? Just delete it.