What is Phishing?
Phishing is defined as the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Phishing attempts continue at an alarming rate. I think it would be accurate to say that I do not know anyone who has NOT received an email that was a phishing attempt.
Some examples of phishing messages
Below I am presenting the full text of a couple of extremely common phishing messages. The first appears to be aimed specifically at web designers. However, I have seen versions of this phishing message aimed at those offering printed items as well (anything from brochures to banner). I have changed to color only to highlight the scammer’s text here:
I’m [some name appears here]. How are you? I would like to know if you can handle website design for a new company and also if you do accept credit cards ?? kindly get back to me ASAP so i can send you the job details.
Many web developers will respond to these. I have investigated these messages and engaged in conversation via email with a number of these scammers. As a result, I believe there may be two functions this message:
- To get the recipient (the “mark”) to agree to run a charge on behalf of them and leave the recipient holding the bag and out a lot of money, and possibly
- To waste the recipient’s time. There is time spent responding to these emails and estimating services. This time prevents the web developer from working on legitimate clients and therefore simply wastes the web developer’s time.
How does this cost you money?
When web developer’s time and energy is wasted, someone must pay for that time and energy. In the end, the consumer pays the price. All of the time spent by any business that is unproductive due to malicious players forced the cost of doing business upward.
What can be done?
Many emails of this nature go directly to a spam folder. However, in order to reduce the numbers of them even being sent out, a better policy is to take a few seconds to report them as the phishing attempts they actually are if it is easy to do. If you are using Microsoft Hosted Exchange (an Office 360 product) and view your email in the web mail interface, it is very easy. You just right click on the message under Security options you tell Microsoft it is phishing