My Web Maestro

Don’t Get Caught When Others Go Phishing

Posted on September 19, 2009 by Nathan Lyle

The email looks official… PayPal is telling you that you have to log in to unfreeze your account, or to update your information, so you click the link and enter your password on the website that comes up. In almost every case, you should not have done so. Almost more common than email viruses are emails that are “phishing”. People set up fake websites that look like real websites, that prompt you to log in. When you do, they then have your login information and can log in to your real account. The most common versions of these at the moment are messages that appear to come from PayPal, or a bank. There are several ways you can guard against getting taken in by these emails.

  1. Don’t click on links in email
    Unless you’re absolutely sure you know who the email is from, and were expecting it, don’t trust the link. If you were expecting the message, and it’s personalized rather than something that reads like a form letter, it’s more likely to be okay.
  2. “Mouse over” before clicking
    What you see is not always what you get. The link destination does not need to be the same as the visible text on the screen. Most email programs let you move the mouse over a link (without clicking) and give you some information about that link, usually in the lower left or right corner. The address you see there is more likely to be the actual address than what you read in the message itself.
  3. Type the address yourself
    Though it’s more of a pain, you’re safe by typing an address into a browser yourself rather than just clicking. That way you’re more aware of what address you’re actually entering, and you can’t be tricked by a bait-and-switch.
  4. Access your accounts your regular way
    If you have a PayPal account or online bank account and receive a message about your status or some other problem, access your account the way you typically do rather than through a provided link to see if there really is a problem.

Just because you see part of the address that looks official doesn’t mean it really is. For example, the following address has nothing to do with PayPal:

https://accounts.paypal.com.recoverbalance.net/id398998938/

Many people see the “paypal.com” part and feel reassured. However, it’s the last two parts of the address before you start seeing any slashes that are the most important. In the case of this example, the website you’d be going to would be recoverbalance.net and could be owned by anyone. It’s fairly easy to duplicate the design of a website, so the address is an important way of knowing where you really are.

Another important way to be safe is to make sure you have functioning firewall and anti-virus software in place on your computer. Avast has a great track record in preventing infection, and also works with your browser to prevent connections with pages that attempt to download software to your computer without your knowledge. Better yet, it’s free for personal use.

Further Reading:

Share, email, or print this post...

About Nathan Lyle

Nathan is a father of four, an amateur musician, and an aspiring photographer. He started programming in 4th grade on an Apple II+ and many years later spent much of his college years freelancing website design for college departments. Nathan is a veteran of the Browser Wars, and will gladly talk at length about the changes he has seen in Web technology if you accidentally ask him.

Visit Nathan's Website or View all posts by Nathan Lyle

Permanent link: https://mywebmaestro.com/dont-get-caught-others-go-phishing/
Posted in Articles, Email, Security - tagged: , ,

Leave a comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

×