Come on, people. You’re probably aware of the big Hotmail scandal going on right now, what with some 30,000 account names and passwords having been leaked over the past few days. And now Gmail and Yahoo! e-mail accounts appear to have been compromised. The thing is, these leaks aren’t the result of a software glitch or anything, but the result of successful phishing attacks. I have one question: what the heck is wrong with you people?
Seriously, I don’t understand how, in the year 2009 (nearly 2010!) people can still fall victim to phishing attacks.
Let’s make this clear: your bank, eBay, Google… NOBODY is going to ask you to “validate your account” or anything like that. If you ever see anything even like that, then yes, it’s a scam.
(Phishing scams are pretty prevalent in World of Warcraft, too. You’ll get a message from a player saying something like, “You have won free gold from Blizzard! Just go to www.blizzard-free-gold-giveaway-us.com to claim your prize.” Um… no, thank you.)
Here’s a few tips I can think of off the top of my head:
• Do you even have an account with these people? The other day I got a Pretty Real™ looking e-mail from “eBay” sent to my CrunchGear e-mail account. Now, the e-mail looked real—it even addressed me by my first name!—but for the slight problem that I do not have an eBay account set up with my CrunchGear e-mail account; it’s set up with my old NYU e-mail address. Still, credit to whomever drew up the e-mail, because, again, it looked Pretty Real™.
• If, for whatever dumb reason, you do click on such an e-mail, be sure to check the URL. If it’s something like http://74.98.30.203/ebayaccountverify.php IT’S A SCAM! Same thing if it’s like http://ebay-verify.com: it’s more fake than your average WWE Diva’s breasts.
Again, again, and again: NO ONE IS GOING TO ASK YOU TO VERIFY AN ACCOUNT, OR PROVIDE YOUR USERNAME/PASSWORD AS PART OF AN ANNUAL CHECKUP.