Phishy

This past week, I opened my email account and discovered a surprise. In it I found two emails from Davis Monthan Federal Credit Union. Some of you may know where I’m headed, and others may not know what is so significant about the emails. Well, I found two things curious about the correspondence. The first was that I never gave the Credit Union my email address, and the other is that I do not have an account with DMFCU.
At this point my spidy senses began to tingle and something smelled phishy. No I did not misspell fishy, phishing is a method used by less than scrupulous people to obtain personal and financial information. The way that it works is that the previously mentioned unscrupulous persons send out emails to unsuspecting people. In the email is an apparent well known website. Ebays’ name was used to try and hook people through similar phishing techniques a few years ago. Nevertheless, the link in the email is a fake. It redirects those who click it to a sight that is almost identical to the authentic site. Although the sight looks convincingly authentic, there are usually small details that are difficult to duplicate. The email recipient is then asked to login. When they do, they are unable to connect to and may receive an error message. Unfortunately, by the time that you have reached this stage of the deception your login name and password have been recorded by the info thieves.
The attempt to use the DMFCU to phish has a scary significance. Normally, phishers use nationally or internationally known businesses to masquerade their felonies. As far as I know, DMFCU is only located in Arizona. Tucson or Pima County to be specific. This factoid makes an email from DMFCU to be less likely to be suspected of being a tool for phishing expeditions. The first thought would be that a local person set up the ruse. If that is true then they have a very long commute everyday. Another recipient of the email that I know, traced the fraudulent website back to Singapore.
When you receive any strange emails that ask you to enter any kind of information, trust but verify. There are a few ways to thwart would be info thieves. The first is to make sure that you never access a web site via a link that was provided for you in a suspicious email. The next thing is to ensure that the site is a secure site. You can do this by looking for a small yellow closed padlock in the lower right hand side of the web browser. In the address bar, instead of “http” at the beginning of the web address, you should see “https”. The “s” at the end means that it is secure. Other precautions to take are to close the email and type in the business’ web site name yourself. Last but not least, you can call the company directly, and inquire about the email.