Get smart on Phishing! Learn to read links!

Phishing email for Paypal
A pishing email for Paypal. The Apple Mail program shows the real link target in a pop-up bubble when you hover your mouse over the link.

If you came here, you probably received an email like the one to the right. They are fake messages intended to lure you to fake websites that are made to look like e.g. a bank website, but in reality set up by data thieves. If you fill in forms on those sites, you will give all your information to criminals and invite indetity theft, credit card fraud, cleaned out bank accounts etc. This is called "phishing".

Phishing can be attempted for anything that requires a login or holds data of some value: banks, eBay, Paypal, Facebook, credit card companies, even your frequent flyer program or popular discussion forums. The emails can look very real and tempting to click. Say, if you have a Facebook account, you are used to the notification emails everytime one of your friends did something on your profile. Imagine a message: "Your friend XYZ commented on a picture of you. Click here to see comment." Wouldn't you want to see what your friend wrote? So you click and as expected you get to the Facebook login page. Or did you?

Ideally you should NEVER click on such emails. Instead go the the site on your own by typing e.g. facebook.com directly into the browser, log in from there and check your account. It's like saying: "Don't call me, I call you!"

Below, learn how to identify links to fake sites, so you will not be fooled!

  1. Where does a link really go?
    What you read as link may not be the real destination. We've all seen links like Click here! Obviously, "Click here" is not a web address, but it does link somewhere (in this case, back to this page). You can see the real link target at the bottom of your browser when you hover your mouse over the link. The description ("Click here") and the link target (www.bustspammers.com/phishing_links.html) are two different things and I could make the description anything I want. I could even make it look like another link.

    Now look at the Paypal example. It looks like it's a link to
    https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
    but that's really just the description; it's as meaningless as "Click here" for determining where the link points to. In reality, the link goes to
    http://66.160.154.156/catalog/paypal/
    If you do click, that link with the weird number will be what you see in your browser's address bar. And it's not a Paypal site. But how do you know that? After all, it does say "paypal" there at the end?

    2. A pishing page for Chase. Notice the address (URL) in the browser address bar.
  2. Once you're there, what site are you really on?
    Look for the first slash after (not including) http:// then go BACKWARDS from there to determine the real site. The main address of a website, also called "domain", consists of two parts separated by a dot (e.g. chase.com). Look what comes right before that first slash. You want that to be the expected site name (domain), if it's anything else, it's most likely a phish. Let's take Chase bank as an example:
    http://support.chase.com/something/index.jsp
    The first slash after http:// is emphasized. In front of it is chase.com. This would be legitimate. Whether it says support, www or something else before the next dot is irrelevant. The following links would all be fake:

There are many other signs that give away phishing attempts, like secure (SSL) connections, personal details (your name or last digits of account number) included in legitimate email to you, violation of common sense and the "Too good to be true" rule (No bank will EVER just hand out $100 to every response to a short survey as claimed in the picture above), fake certificates, etc. You can learn more about those and phishing in general with a simple search: http://www.google.com/custom?q=phishing

Stay safe!


What do you want to do next?
Google

Want to learn how to get a handle on spam too? Go to the BustSpammers homepage!