Don’t Be Phished!

Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. It’s also used to infect computers with Viruses and Malware. Read more about it at Wikipedia.

Recently, I have seen some very convincing phishing attempts. Today, I received an e-mail subject “Thank You for your Verizon Wireless Payment” with the sender spoofed as “AccountNotify@verizonwireless.com”.

Looks pretty convincing.  Let’s take a closer look.

First, the message headers show that the message came from a mail server in Poland.

Second, when hovering over the links in the e-mail (e.g. Manage Your Account Online, View My Verizon Demo, View Terms & Conditions, etc.) the destination URLs were various domains in Poland and Brazil which surely are hosting malware.  This can also be seen by doing a View Source on the message itself as below.


Warning: DO NOT attempt to go to that URL!

The single, best thing to remember is NEVER click links within an e-mail. If you receive an e-mail like this and are concerned, open up a browser and manually go to the site (e.g. verizonwireless.com) and sign into your account.