the sephone blog

The Legendary Rock Band - The Who, definitely weren’t thinking of the Internet when they penned the classic tune. And if you are not careful when clicking around in email to what you  ‘ASSUME‘  is a legitimate inquiry from trusted sites, vendors, etc;  You may find yourself singing a similar tune.

By now you are asking yourself- “WHAT IS HE TALKING ABOUT”? , Am I right??

OK- here it is. Phishing. (pronounced fishing) And it ain’t going to the river for smelts. The parties that are on this trip are out for suckers.

Here is an example… A normal looking email from Google.com regarding an Adwords account with a reasonable looking request - Account Reactivation appears in your in box. Well like some of you - I have an Adwords account, so OK- this sounds legit.

And it looks legit too! Even the URL ‘Appears’ to be as well. (Live URL purposely not linked)

Dear Google AdWords Customer,
Please sign in to your account at http: //adwords.google.com/select/login , and update your billing information.
Your account will be reactivated as soon as you update your payment information.
Your ads will show immediately if you decide to pay for clicks via credit
or debit card. If you decide to pay by direct debit, we may need to receive
your signed debit authorization before your ads start running,
depending on your location.
If you choose bank transfer, your ads will show as soon as we receive your
first payment.

We look forward to providing you with the most effective advertising available.

Sincerely,
———————————————————————————-
The Google AdWords Team

But if you think about it,

• WHY would Google send me an email regarding my account?
• When I signed up, didn’t they tell me they would NEVER do that?
• If I am an Adwords user, I would know if there was a problem with my account, so …
• WHY did I get this email?

Now put on your CSI hat and right click on that URL… Horatio Cane would be proud of you; as the link reveals its true purpose…

‘http ://adwords.google.com.selectlogin.cn/select/Login/’
^^

Some party in China, and that isn’t the town in Maine, is hoping for an unsuspecting person to click on that link and happily attempt to log in to their Goggle account where they could ‘re-Activate the account’ that is in need of reactivation. Sounds reasonable.

Instead of going to the real google.com site, you will be directed to a VERY well forged version of the Adwords site just waiting for unsuspecting individuals to try to login.

Let me tell you… You won’t!!!
But ‘they’ will use that info to log into the REAL google site; where ‘they’ would have access to your banking and credit card info. To Steal from you!!

And you would end the session thinking, yup, I have a problem… But- it would be days before you would know if you have a REAL problem.

So unless you have a very smart browser that protects you from these situations, then BE CAREFUL and BEWARE.

In this sometimes cruel world, its nice to know that someone is watching your back! But Don’t Get Fooled. When in doubt- Don’t fill it out!

NEVER EVER use a link in an unsolicited email to access your Bank Account or any other account where you have personal information attached. The key is unsolicited- If you call or go online to your CreditCard provider, Insurance Company or Bank and they send you an email- that is ok. Usually.

So Won’t Get Fooled Again- is a great tune- but lean the lesson here- Don’t get fooled the first time-
When in doubt- Don’t fill it out!

share this