Please not that while I am cropping a certain amount of my personal email account, this is in fact a real email. Please do not think I am in some way trying to fool you. I only wish to educate.
Here is a cropped portion of the email: (click the image to make it larger)
Eh, bleh. It must have been taken down already. That's a good thing considering. However, the page looked somewhat official with both the MasterCard and Visa logos as well as a form page that asked you to input a variety of information, such as your Name, Credit Card Number, Social Security Number, Address, and so on.
So let's start at the beginning. Why are emails like this so successful? It's these type of emails that prey on fear. Fear that our account may not be secure, fear that our hard earned cash is at risk, and fear that if I don't respond quickly that if my account hasn't been touched it certainly will be soon enough. Ironic enough, however, that this act of "securing" your account plays into the hands of those people trying to get a hold of your information.
Next up, how in the world did they acquire my email? This is a much harder question to answer. There is possibly no way to determine exactly how they got your email address. There are so many bots (software designed to perform a specific task without needing user intervention) designed to troll the World Wide Web and store email addresses for these purposes.
The actual email has so many giveaways as to being fake and malicious that's hard to think that someone actually gave in, but I'm going to take a look at those anyway, for your sake. Let's start with the subject line: Verified by Visa&MasterCard Tech. Let's be honest with each other for a second. Visa and MasterCard are two independent companies. They have two different business structures, different support technicians, different ways of doing things all the way down the line. To think that a technician who works for both Visa and MasterCard sent you an email is a little absurd.
Next up: "Dear Visa/MasterCard member." Visa and MasterCard are two huge companies. One thing about huge companies is that they are pretty good in the customer service department. Addressing their customers in anyway other than their name is demeaning to the customer and thus potentially destroys what bonds that company has with any given customer.
The email mentions your account was accessed by an unauthorized computer. Every banking website I've ever worked with has allowed you to access your account from whatever computer (that has internet access) that you like. Claiming unauthorized use is just another way into scaring you into thinking something that is not true.
One of the more subtle giveaways is the actual wording (grammar, spelling, presentation, etc.) of the paragraph. For me it's hard to put into words as to why the paragraph seems weird, but it just doesn't seem like something a big company would create. It seems like something a high schooler would write in an attempt to sound official (trust me, I would know, I try to sound official all the time).
Just to reiterate the fact, in order to sound more official this email is branded as coming from the Mastercard&Visa Security Department. We mention earlier how these are two very separate entities and as such do not have a single "Security Department."
But even if all the above weren't dead giveaways (and trust me, I know, it's hard to stay ahead of the curve at times when it comes to dealing with the internet) the actual link pretty much proves this email is all kinds of fake. When I first viewed this email I did it through my phone (and the link itself has been taken down). However, the link takes you to this website: "http://secure-update-of-your-info-on-anon.teloptica.com/In%20order%20to%20keep%20your%20information%20secure%20/online_iccp_verify_card_vbpsi_error.htm." A little bit of googling shows that Teloptica "is an optical communications technology company" (from the actual website http://www.teloptica.com. Most likely a hacker managed to use a computer (or even server) on the teloptica network to serve as home for it's evil purposes.
Last but not least, when you click on the link in Google Chrome, you are taken to a page that informs you that it thinks you are about to enter a Phishing site. Chrome normally does a really good job telling you when you are about to enter something that seems to be a little phishy (heh, punny!) or malware infested. So if you are a Chrome user make sure to keep your eyes peeled for this sort of warning. If you are not a Chrome user (and I know there are some out there that isn't and there is some browsers out there that isn't as good at letting you know these things) there are some steps you can take to protect yourself and your hard earned money.
So, what are those steps you ask? Well, in the case of your money, it's quite simple. Don't give your personal information out online unless you are absolutely comfortable in doing so. When putting personal information online, look for a couple things in the URL (or the address bar). First off, look for this: "https://". This means that you have established a secure connection and that your information should be protected. Next, make sure the name it the URL matches that of the site you expect. If you expect to be visiting Visa you would expect the address to be http://www.visa.com, not http://www.roboticscommunity.com (or something else off the wall). And keep in mind that each one of these companies has a great customer service department at hand that is more than willing to help you with whatever problem you may have. It may be a little time consuming but it's better than waking up with no money in your account. Use those 1-800 (or 1-888) numbers and call those customer service departments and talk to an actual person if you feel that there may be something wrong with your account.
I hope you really enjoyed the article (or blog, as it may be). I know there are plenty of people out there that may disregard this as general knowledge. Even so, there are plenty more people out there that will fall victim to this trap. These are the people I'm hoping an article like this will reach. Please feel free (and I insist that you do) to forward this, share this, and whatsoever with the general public. Facebook it, tweet it, myspace it, link it in an email, print it and snail mail it, whatever you have to do.
If you really enjoyed this article and would like to thank me for my time, please click on one of the ads below. I promise you they are safe. They will simply open up a new window. Feel free to close that window after it has loaded. Thank you for your time. If you have any questions or comments, please feel free to leave them here or email them to me at x86computing@gmail.com.
Currently Playing: Lupe Fiasco - All Black Everything
lol at mastercard and visa sending an email together. i didnt read whole write up but great to know. gmail has been great at filtering all the spam
ReplyDelete