eAction

‘Phishing’ is the sending of fake emails purporting to come from banks and other companies, asking you to ‘verify’ your personal details including passwords, bank and credit card details etc.

The most convincing of these fake messages are those apparently from Amazon, Paypal, and Ebay, because many of us use these services all the time, whereas we are unlike to have online banking with any particular group.

They will ask you to click on a certain link in the email, the URL of which sounds like a genuine one. However, if you mouse-hover that URL, you will see that the real URL it takes you to is something else entirely, and is NOT a secure ‘https’ URL either.

Particularly malicious are recent ones supposedly from Paypal - I was almost taken in as I had been using Paypal the day before. The URL displayed on hovering the email was http://www.paypal.com.login.webscr.php.login…. etc It looks genuine, doesn’t it? But see - there is no forward slash after the ‘.com’. So in fact this is a long ’subdomain’ containing full point characters, of an entirely different domain. And it is not a secure https URL.

Be aware of this constant danger. Only ever log in to any online commercial undertaking through the known URL stored in your browser bookmarks or wherever. Never click through from an email. And no genuine company will need you to ‘verify’ anything. They already have your details. http://www.webopedia.com/TERM/p/phishing.html
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm