Yahoo’s Safe Harbor For Phishing Sites
Know those damn emails that clog up your inbox saying that Paypal is Going to Cancel Your Account or eBay Needs Your User ID? Those mails aren’t from Paypal, eBay, Citibank or whomever; they’re from spammers who want your login information so they can suck your bank account and credit cards dry. The technique is called phishing, and the emails sent to look like official mails are the bait. According to Spamhaus (the house of spam), an anti-spam movement and organization, Yahoo is hosting thousands of bogus sites that have domain names containing the words “bank”, “PayPal” or “eBay.”
Richard Cox, the CIO of Spamhaus states “They are hosted on Yahoo. I just took three hot words, but there are dozens of others including misspellings. They are mostly phishing websites, which shows that the situation is out of control.”
Cox also states that AOL and MSN are taking measures against phishing that Yahoo is ignoring. “Whenever there is an entry on SBL, there is a mail sent to them [Yahoo!],” he said. “They never responded. But anything with ‘Barclays Bank’ in the title is for nothing other than a fraudulent purpose. Responsible organisations will pro-actively check for any domain they are hosting that have an obvious fraudulent intent and will remove any they find, or any reported by other network users.”
We’ll let Yahoo, Spamhaus and the Phishers duke this battle out. Yahoo should clean itself up though because this is some bad PR at a time Google, MSN, and AOL are gearing up their portals to dethrone Yahoo and swipe away its registered users.
For more info on Phishing, Jose Rodriguez of the Identity Theft Provention Guide provides this breakdown:
Phishing is when someone sends you an email falsely claiming to be a legitimate business – like your bank or credit card company – in an attempt to scam you into giving them your personal, private information that they can use to access your accounts.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing”, the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
It’s an online form of Identity Theft. The email then directs you to visit a fraudulent website where you are asked to provide maintenance or update your personal information, such as:
* Social Security Number
* Passwords or PIN numbers
* Bank Account Numbers
* ATM, Debit, or Credit Card Numbers
* Credit Card Validation Codes
* Your Phone Number and Address
Learn How To Identify It
Phishing is so dangerous because the average email user does not know how to identify a fraudulent email.
Here are some things to keep in mind:
1. Legitimate businesses do not ask you for your personal information by email.
Sometimes it may be necessary to update your information, but most businesses will alert you to this when you sign in to your account through the business’s website. So – just as you wouldn’t provide personal information to telemarketers and people you don’t know – you shouldn’t provide it to anyone asking you for that in any email.
2. Fake email messages are often not personalized.
When your bank, credit card company, loan company, etc. sends you an email it is usually personalized. It’s only common courtesy to use your name. So this would also be an indication that the email is a spoof.
3. A link in the email is masked.
This is the part that confuses most people. “Masking” a link is simply asking you to click on a link that directs you somewhere else than what you thought you were clicking on.
A simple way you can catch this is by moving your cursor over the link and looking at the bottom of your browser on the status bar. This will show you the actual website the link is going to take you to.
4. The “lock” in the status bar is not engaged.
You need to make sure that the lock in the status bar is locked. This ensures you that the page you are on is secure. If it doesn’t have the lock, then any personal information that you put on there could be compromised.
Here Are Three Things To Keep In Mind
1. Never reply to email messages that request your personal info.
2. Never click on suspicious links. Move your cursor over the link to see where it is directing you.
3. Make sure the site is secure. Check the lock on the status bar.