Phishing

07/16/2008

After I ordered some invitations through Apple, I got an e-mail:

From: Apple
Subject: IMPORTANT: Billing Problem

Thinking that it was something messed up with the invites I just ordered, I opened the e-mail. It had Apple images, even Apple’s font. It said:

“We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?
“To ensure that your service is not interrupted, please update your billing information by clicking here , After a few clicks, just verify the information you entered is correct.”

I should have noticed the typos. I should have noticed the lame way it was written. I clicked on the link. The site looked like Apple’s site. It even said that if I had questions I could call 1-800-myapple for help, which I know is Apple’s number. The website asked for my name, address, credit card, social security #, mother’s maiden name…. I thought, “They already know my name and address, why would they request it? (Flag!) Since when do businesses need a social security # or my mother’s maiden name to make a transaction (Flag!).”
I looked at the web address, which was NOT Apple’s site. Here’s a fake version of what it looked like (I don’t want to give the real one lest the bastards get web traffic): http://somelamecompanyname.net/www.apple.com. Case closed, this is clearly an example of phishing.
I realize that this is obvious to most of my friends who read this blog. But, I worry about those who are not in-the-know and just want to over-emphasize my suggestions.

  1. Always be aware of who you are giving your credit card info to over the web. Make sure it is secure & with a trusted company.
  2. Check for changes in web address. If it sends you to some random place, discontinue the transaction.
  3. Check for phishers. Make sure the website you are looking at is the *real* one by checking the URL and looking for any oddities.
  4. Be wary of who you give your private info to. I even started asking, “Why do you need my social security number?” to many of the places that ask for it. Usually, it’s not required, so don’t give it. They asked for it when I applied for a library card. It got me all paranoid about the government tracking my reading… turns out it’s optional to put down (if it was required I may have just walked…)
  5. Consider getting identity theft insurance. We have Lifelock. Your regular car/home insurance provider may also have it, so check with them. I would go on about the how Lifelock works, but just check out their site for yourself if you’re interested.

Normally I wouldn’t have even gone for the e-mail I got. But, I just happened to get it a few minutes after doing a transaction with Apple. I assume it was a coincidence. And, let it also be known that I just tried to go to that fake site to get a screenshot of it for this post, but it was gone. Gee, I wonder why.
For those who didn’t know about this kind of thing happening on the Net, you have been warned. Think about it. Keep it in your head.