Phishing and what to do about it
Got Phish?
Normally, I just delete or ignore Spam and Phishing Emails.
Today, I decided to see if I could report the Phishing attempt.
I sent the phishing email to US-CERT (Computer Emergency Readiness Team). You can check if your country has an CERT.
What is Phishing?
Phishing involves using email and websites that impersonate the email and websites of organizations the target victim already deals with. The goal is to gather information in order to impersonate the target victim while a committing crime.
The phishing email lures target victims to the phishing site which is impersonating a real website that you may use.
At the phishing site, target victims are asked to divulge confidential information such as their account name or number, password, mailing address, credit card number, social security number, mother’s maiden name and so on.
The information obtained may be used to impersonate the victim while committing fraud, identity theft, theft of services, spamming, corporate espionage and other crimes.
1. Conventional phishing involves sending mass amounts of unpersonalized phishing email. The small percentage of phishing email recipients who already deal with the impersonated organization are the target victims.
2. Targeted phishing (”spear-phishing”) involves sending the target victim a personalized email. At the phishing site, the target may be greeted by name.
The inclusion of a few personal details in a targeted phishing email, and on the targeted phishing site, greatly increase the likelihood the target can be lured into divulging additional confidential information.
D. What Can You Do About Phishing? Report it!
Promptly report attempted and suspected phishing. It only takes a minute to report suspected phishing email.
Trained investigators will determine if the email or website is an actual attempt at crime. Merely visiting a phishing website can lead to malware being loaded onto your computer without your permission. Leave the investigation to the experts.
1. Report the suspected phishing email by simply forwarding the email as an attachment.
Forwarding the phishing email as an attachment allows semi-automated processing to eliminate duplicate reports, and it preserves the internal email headers needed to trace back the actual source of the email.
Do not add a subject line or comments; just forward the email as an attachment.
- For Outlook Express: Go to the inbox, right-click on the phishing email in the email selection list and select “Forward as Attachment.”
- For Outlook: Create a new email. Drag and drop the phishing email on the new email.
- Instructions for sending the full header information of an email using other email tools are here Spamcop.net: How do I get my email program to reveal the full, unmodified email? Follow the instructions for “web submission” but instead paste the full unmodified email in a new email.
2. Cut and paste this email address into the TO: box of your email.
3. Send the email.
Do you report phishing emails?
Tags: cert, Email, phishing, spam
6. October 2009 at 8:17 am :
I usually use the “report spam” button in my gmail app, I’ve never thought about reporting it to us-cert, good idea.
6. October 2009 at 2:57 pm :
I usually report the sender to Paypal and let them handle it, and then delete the
email
13. October 2009 at 4:45 pm :
I just mark them as spam too. I takes a lot of time to report it to us-cert, doesn’t it?
30. December 2009 at 6:42 pm :
This is really cool and useful information, I am definitely bookmarking this page
4. February 2010 at 7:12 pm :
This is a good information. I too used to delete all the spams rather than going to the reporting thing. But i think i shall start doing that.