I know that most of my readers are pretty tech-savvy and this will be old news to them, but phishing has become such a big problem that I felt this was still a worth-while public service.

It’s common knowledge that identity theft is a major problem in this digital age. We’re all taking extra care about our personal information even if our main motivation is to avoid spam, junk mail, and unsolicited phone calls. But ID theft is very real and being aware of what the bad guys are up to can eliminate 90% of the risk.

Wikipedia has a pretty good description of phishing. I even did some artwork for a phishing t-shirt for my buddy Dave. Phishing is broadly defined as deceptively gathering personal information. Almost all of the phishing attempts you will see will come to you via unsolicited emails.

I advise every internet user to set up a “spam” email account. Mine is on hotmail. Hotmail allows you to set up your account so that all messages that arrive are put into a “junk mail” folder unless I have expressly added the sender to a safe list. (So if you send an email to darkmanwork@hotmail.com, there’s a good chance I won’t see it for a few days because it’s sitting in a junk folder.) Any time a web site asks for your email address (more common now than ever), use this spam address. That way if the web site turns out to be crooked and sells your address to spammers, you won’t be affected.

Even if you’ve never gotten a single piece of spam email, you should always be suspect of emails you are not expecting. This one hit my hotmail account over the weekend.

Now, this looks like most every e-card notice I’ve ever received with one exception. Where’s my name? If I recall, when I get a notice from Hallmark.com, they put my name in the salutation. Hmm.

If you don’t have the status bar visible on your browser, make it so! (Usually, it’s in the “View” menu.) The status bar is the gray bar across the bottom of the browser window. When you mouse over a link, the URL of that link should appear in the status bar.

I moused over all the links in the Hallmark email and all of them went to Hallmark.com with one exception. The link to view the card (“To see it, click here.”). The “here” link looked like this in my status bar.

That is not a link to Hallmark.com! That is a link to some mysterious IP address that is certainly some villainous spammer or worse. This particular villain was not even smart enough to cover up the fact that he’s linking you to an executable file, which would most likely install spy-ware or some other kind of virus.

PayPal and eBay are the most common targets for this kind of identity theft. You get an email asking you to log in to you account for some reason or other and they provide a link to do so. The web site that the phishing email links to looks exactly like the real PayPal web site. It might even have some dummied up pages so you can click around and it looks like you’re really on PayPal’s site. But you’re not. Look at the URL. If it’s not paypal.com, you’re being phished. As soon as you “log in”, you will notice something wrong. You won’t be taken to your account. By then it’s too late. They have your PayPal login info. They can log in as you and access your bank info and start making fraudulent purchases using your PayPal account. (This is how my mom got phished. Later she received dozens of Dell credit cards in the mail. Fortunately the guys who phished her were pretty stupid and didn’t change the mailing address before they applied for the cards.)

If you find yourself in this situation, don’t panic. Go immediately to the real site; be it PayPal, your bank, or whatever; and change your password. Then check your account for any activity. It would not be a bad idea to notify the organization that you got a phishing email and that your account may have been compromised. It’s better to go through the hassle of getting a new credit card number than to go through the hassle of dealing with fraudulent charges to said card.

Now you know. And knowing is half the battle! (YO! JOE!)