Archive for December, 2008

So, how about that minus 20 degrees this morning – that cold enough for ya? Along with these near record lows last night and this morning, we received reports from a few users about a Phishing Scam that claims to be about their webmail account. This latest version asks the user to respond with their webmail username and password. This latest round has several give aways that are good reminders of what to look out for with scams in general.

Phishing is spam that attempts to extract personal information from the recipient. Here are some quick points about Phishing:

1. Email asks for your password: ipHouse will never ask for your password via email. This is a common policy with many companies so feel free to make it your own policy: Never send a password via email even if you think you know the recipient.

2. Strange reply-to address: The reply-to email address is not an official email address. ipHouse employees and internal addresses are all @iphouse.net. This latest round had the reply-to as an email address in Brazil (.br) or a yahoo.com address. A general rule for anyone is to always check a provider’s website for valid contact information. When going to their website type in the address yourself or use an existing valid bookmark. Do not click a link in an email even if it looks valid is it may be a “masked” URL whose destination is a different address.

3. Credit card fraud. While this email was looking for passwords, many Phishing scams ask for credit card numbers. And for decades there have been phone-based credit card Phishing scams. ipHouse will never ask for your credit card number via email nor ever via a call we initiate. Feel free to make it your own policy with everyone – never send a credit card number via email and never give your credit card number out to someone unless you initiate the call.

4. Spam filters don’t catch everything. While our multiple levels of Antispam catch most Phishing expeditions, some can get through. This one was harder to catch as it didn’t have any off-site hyperlinks and had enough words that it looked valid to the filters. We don’t publish for spammers how we adjust but trust me that we do adjust. Of course we do want to see what might get through. For example, yesterday alone ipHouse blocked 1,463,418 spam, Phishing, and viruses. We pride ourselves on an extremely low “false positive” rate. If a spam or Phishing message does get through, please forward it with full headers to spam@ipHouse.net. If you have an individual question or concern, our Support team can help.

5. Learn more! Here are some links to several sites’ take on Phishing:

• Blogs about Phishing: PhishingScam
• Popular OS: Apple, Microsoft
• Popular Guides (always with a grain of salt please): WikiPedia , About
• Trade/Industry groups: APWG, National Cyber Security Alliance, AARP
• Government: Stop-Think-Click

- Eric