How to spot a phishing attack
Yesterday’s phishing atack.
Yesterday, someone included me in a phishing attack. According to Wikipedia, “phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.” My spidey sense triggered. I did not click any of the links.
Part 1 of this topic is a screen capture of that message. I will ask you if this is a phishing attack.
Part 2 shows how I determined it truly was a phishing attack.
Part 1.
Here is the screen capture. What would you check to determine if this was or was not a phishing attack?
Part 2.
How I knew this was a phishing attack and what you should have caught.
- The sender is in Poland. Since when is Amazon a Polish company?
- This went to my professional account. I manage Amazon transactions through a Yahoo account.
- The “Click the Link to Confirm Your Identity” link takes us to a shortened link. It is tough to tell where this ow.ly link would take you unless you clicked it. I opened it in a private browser window. This takes the user to a fake Amazon page. Anybody typing in their real Amazon username and password would be submitting it to the fraud who is running the scheme.
The dead giveaway.
When looking at a link and your spidey sense starts tingling, pause for two seconds. Ask if the link is legitimate or not. Vet the link. Move the mouse pointer over the link (do NOT click the link) and see where the link would take you.
We are Rich Americans. Internet crackers launch phishing attacks as easy ways to capture our personal information. This includes usernames, passwords, social security numbers and credit card numbers. Beware, everybody.