These kinds of email are a dime a dozen but I thought it might be good to have an example I can point to when trying to educate others.

This morning I got an email that is a prime example of phishing. Here is a screen shot from my Gmail:

phishing

Basically it tells me my account is limited for some reason. Now of course I don’t have an account a North Island Credit Union but if they send this to enough people around here they will land on someone who does.

See that logo in the upper left? It is stolen right off of the North Island Credit Union web site. I decided to dig a little deeper and look at the email in clear text instead of it’s rendered html. In Gmail you do this by clicking the little drop down arrow in the upper right and choosing Show Original.

 showorig

The code shows me they are making NICU server up the image!

graphsource

NEVER click on links in email like this!

I hovered my mouse over the link in the email just to see where it went. In Firefox or IE, when you hover over a link the destination will show up in the bottom left of your browser. This time it showed up as:

ana

This is troublesome for 2 reasons. First, obviously this link doesn’t take you anywhere near myisland.com. Second, the link isn’t secure! When dealing with banks or any thing where you will be sending your personal information over the internets be sure you are going to an https address.

You can use a service called Whois to find out who a domain is registered to. In this case, some guy in Peru. I’m not even going to attempt to verify that address!

So, what if you did click the link? I used a virtual machine and a proxy server so to obscure who I am and keep my laptop safe. Look what information they ask for:

phishing2 

An unsuspecting person might be duped. The information requested is outrageous but the site sure looks official.

If you use Gmail and get one of these, click the drop down in the upper right of the email and then click Report Phishing. New phishing attempts come out all the time and Google can use our help to keep their database up to date.

Be safe out there! Don’t click links in your email if you don’t know who the mail is from. Even if the mail IS from your bank you are safer putting the address in to your browser yourself rather than rely on a link. And be SURE to use HTTPS!