When You Can't Tell The Phishing Emails From The Legit Ones, Just Ignore Them All

from the smart-security dept

Phishing is a common way for criminals to try and steal people’s passwords or other personal information, and it depends on phishers crafting emails and fake sites that look enough like the real thing that people will willingly surrender their information. Banks and authorities are obviously aware of phishing, but that doesn’t stop them from undermining their online security efforts, as well as their online products, by sending out legit emails that look like phishing attempts. The latest instance sees some British cybercrime police attempting to notify more than 2,000 people in the country that their personal information, including credit card numbers had been stolen. They get an A for effort, but an F for execution, since they’re letting people know by sending them an email, and asking them to get in touch — which plenty of people aren’t doing, because it sounds an awful lot like a phishing scam. The rise of phishing has made consumers loathe to trust anyone they don’t know from whom they receive emails asking for contact or personal information — and rightly so. But if banks and authorities are going to tell people that’s the right thing to do, they shouldn’t be at all surprised when their emails go ignored as well.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “When You Can't Tell The Phishing Emails From The Legit Ones, Just Ignore Them All”

Subscribe: RSS Leave a comment
Andrew W (user link) says:

Absolutely right that a request for personal info should only happen over the phone, specifically only when you yourself initiate the call.

At the same time, some companies still require too much information over the phone. Sprint for example asks its mobile customers for their phone number (reasonable, as it doubles as your account number) but also for “the password associated with your account”. Since most people reuse passwords for different accounts (e-mail, Amazon, banking), an unscrupulous CSR would have an easy time ripping a customer off.

Anonymous Coward says:

Seems as though big banks & large companies should create their own phish-like websites in an attempt to educate their customers.

1. E-mail sends you to phish-like Fidelity website (ip address only).
2. Website asks for some personal info
3. Website redirects you to Fidelity’s “your personal info could have gotten stolen, how to avoid this” web page.

People would be more likely to read that website instead of some stupid e-newsletter.

kforce says:

Re: Re:

No one should submit private info through email; for example I had the email of kforce@aol.com for a long time and I would constantly get emails from people thinking that I am Kforce.com, the recruiting site. I had one lady email me her social security number and out of common courtesy I replied back to her and told her she should not send her private info through email because it is not secure. She replied back with a nasty email and told me I shouldn’t read email that wasn’t intended for me and told me that she would report me because SHE sent her social security number to me. She was lucky I didn’t go out and opened up credit cards in her name. Moral of the story: don’t send anything private through email, do it over the phone – slightly safer, and don’t get pissed off when someone tries to help keep your info safe.

Anonymous Coward says:

back in the day on aol when i was around 12, i taught myself how to program and wrote phishing programs for passwords and credit cards that phished through im. well, i did end up getting many credit cards and passwords, the scary part of my story is that recently, i went back and looked at the code and took a look at the lines i used asking for their info. not that my grammar is great now, but damn… it read like a 12 year old wrote it. the moral of my story: people are stupid, the web pages used and the syntax used in your messages don’t have to be either real looking or correct.

Yoram (user link) says:

there is a way to follow links risk-less: CallingI

Now there is a way to follow links risk-less,
CallingID Link Advisor automatically checks the links you receive in your email, web-mail and instant messenger before you follow them and verifies that they are safe.
After installing it Place your mouse over any link you received and CallingID Link Advisor will provide you with real, accurate data about the site and a strait-forward risk assessment. Works with all popular web browsers, email clients and instant messangers

Jen says:

Distinguishing between Phishing and Reality

I predict that a new mental health disorder will be soon be identified as people are faced with determining whether these more professional-looking phishing scams are “real”. How do we identify a”real” email from our bank or credit card company? We look for clues that are consistant with our experience of “real” emails – (1) Is this the account I use for that credit card (often the answer is ‘no’), (2) Is that the “real” web address (URL), (3) Does the email sound like a corporation wrote it (style and standard U.S. grammar), etc. But what is a person to do when reading what may be either a particularly well-designed phishing email or a legitimate communication from your bank or creditor.

Having thought about this a while, the best answer seems to be to avoid using email for any financial transactions. Don’t give out your email address to your bank, and then you’ll know that any email that purports to be from “Chase Bank” is a fake because you don’t talk to Chase Bank via email. (You know, there are still a few people in this country who do not have even one email account!)

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...