We all recognize email like this one as a phishing scam, right?
- No legitimate company is going to send a billing notice to a list of customers with all the customer’s email addresses visible to each other.
- Standard shock treatment. You’re supposed to react, “Oh, No! Someone charged over $1300 to my AmEx card to pay their phone bill!” Then click the link to let the scammers harvest your personal info. Don’t fall for the scam:
Click the image to see this scam full size. Note that the link doesn't go anywhere Verizon would want you to go. Nor where you should go.
- See this scam? Delete it.
- Not sure if a message like this one is a scam? Log in to your account at the alleged sender’s Web site and check your account.
- Fall for this scam? As soon as you can, contact the companies or institutions whose account information you provided to the scammers.
Last week, the LearnIT Express webcast was called “Phishing Blues.” It ran about 12-13 minutes, included annotated examples (and discussion) of some of the scams seen at UD, and some suggestions for what to do if you fall for a phishing scam or submit personal information at a pharming site.
It is available for viewing on demand.
Late last year, we posted a notice from Verizon itself about scams like these, but a reminder won’t hurt.
Over the past week or so, we’ve seen multiple instances of fake billing notices from Verizon. They look good at first because the scammers have stolen language and artwork from real Verizon Wireless billing notices. We’ve seen messages with two different legitimate-sounding subjects: “Your Bill is Now Available” and “Thank You for your Verizon Wireless Payment.” Spend just a few seconds examining either, and you’ll see they are phishing scams with “pharming” links.
- Both contain information about a large bill or a large payment, designed to shock you into an over reaction–like clicking one of the links to find out what’s going on NOW!
- Both have been sent to mailing lists–and you can see the other addresses. Did all of us end up with the same exact bill for $928.39? How likely is that? And why would a reputable company expose other customers’ email addresses to anybody?
- If you hover your mouse over any of the links in the messages, you’ll see that they would take you to non-Verizon sites designed to harvest your personal information.
Want to check on your Verizon account, go to the real Verizon site where you usually sign in.
Get a message like one of the ones below? Just delete it.
Don't click any of the links in a message like this one. Instead, log in to Verizon's real Web site to check on your account.
Don't freak. Your card hasn't REALLY been charged that amount. Don't click any of the links in this message. Instead, log in to your credit card company site or the Verizon site to check your account status.
Verizon recently sent out a phishing warning to many of its customers.
Recent phishing email has gone out with the Verizon logo and a link that LOOKS like a legitimate link. However, when you follow the link you go to a “pharming” site–a web site designed to harvest your personal information for criminal purposes–in this case, your bank account or credit card information.
After including an image of one of the recent scams, Verizon provided some very sound advice and announced a change in their policy (Emphasis added.):
To avoid getting hooked by such bogus emails, here are some tips to help safeguard your personal information:
- Do not open suspicious emails. Look for misspellings, awkward requests or inconsistent grammar.
- A Web site link included in an email can make getting to a Web site easy, but it can also be used to send you to a malicious Web site.
- If you have doubts about the authenticity of an email, do not click on any links in the email – instead, type the Web site or Web page address into the ‘address bar’ of your browser.
- Never type sensitive personal information, such as social security and/or driver license numbers or account numbers and/or passwords, in a reply email.
- Use spam filters to block suspicious emails.
- Use anti-virus and anti-malware software to automatically detect and eliminate malicious software.
- The best practice when you find a phishing email is to either immediately delete it or report it to the company or organization being impersonated. Like Verizon’s firstname.lastname@example.org mailbox, many companies have set up an ‘abuse’ or ‘security’ mailbox to receive those reports and provide customer assistance.
Finally, in order to provide you with additional confidence in Verizon alert messages going forward, Verizon will be removing live ‘clickable’ links from any alert messages we send you regarding payment processing problems or credit card and/or bank account issues. You can continue to access and make changes to your account any time of the day or night at www.verizon.com.
We quote the Verizon email at length because it provides such good advice and because it announces Verizon’s new policy NOT to include links in a variety of different billing and customer service email messages.
Stay safe. Keep deleting those phishing scams.