How to Spot a Phish

October 17, 2007

Judging from the search terms YourIdentitySafe has gotten on the Citizen’s Bank Phishing email, I think quite a number of other people have received that email. The same guys are still sending out their phishing poles but now they’re using Compass Bank. These are really lame looking but be aware that some do look very authentic and the site they take you can have the exact apperance of the real site.

Perhaps many people don’t understand how to look at a web address and tell exactly what the actual domain name is. At its simplest, this is a domain name: ‘’ . Sometimes you’ll see www in front of it, sometimes not – that’s really not important.

When you see a ‘/’ after the domain name, anything after that is a page on the website. So: ‘’ is a page on the site named ‘info-page’ and it’s in the subdirectory named ‘folder’. A page file can have a lot of different endings like: html, htm, php, asp, or nothing at all.

Now, the important part to telling a phishing scheme is what’s going on before that last part of the url which in our example is ‘’.

All kinds of words, letters and periods can be added to the beginning. Much like: You see the part and maybe think it’s legit. It’s not. It’s still at ‘’.

Phishers like to put LONG strings of words separated by periods in hopes that it will confuse you into thinking you’re going to the legimate site. All you have to do is look for the last period. The part right in front of it is the actual domain name.

Usually phishing sites use weird domain names like ‘’. That’s the domain my latest Compass Bank phishing attempt is trying to send you to. Here’s the whole address:
Wow, that looks totally official – I see ‘’ and ‘welcome’ and ‘verify’ and ‘default’ – it must be a safe and welcoming site!

I got that address by hovering my mouse over the link in the email that looks legit. Then I right-clicked on it and chose ‘copy link location’. I then pasted it into a Word document – any text editor also works for this. The real address showed up. All that gobbledy-gook in front of ‘’ doesn’t mean anything.

Hovering your mouse over a link will show the true web address in the little address bar at the bottom of your email window, too.

Learn to look for the real address in any link in emails you receive. The safest way to be sure you’re going to the correct website is to type an address into a browser yourself and not click on links – especially links that say you need to update your account information.

Security Freeze vs Fraud Alert

October 15, 2007

Identity theft has finally started getting the attention it’s been begging for. As people become more aware of this crime, they’ve brought pressure on politicians and the credit reporting agencies to make changes. In the past, every state had their own laws regulating security freezes. On November 1, 2007, everyone can put a security freeze on their credit report.

What’s the difference between a security freeze and a fraud alert?

A security freeze completely shuts off anyone from opening new credit in your name – even you. The freeze makes it impossible for anyone to access your credit report. It stays in place until you remove it. You have to freeze your credit with all three credit reporting agencies at a cost of $10 each. To get the freeze temporarily removed, it’s another $10 each. If you’ve been a victim of identity theft, you can get a credit freeze for no charge. The fees vary by state, but $10 is the most common.

A fraud alert allows you to take out new credit or to let someone check your credit. The way it provides protection for you is this – you will receive a confirmation phone call at the number you gave before a new credit account can be opened. A fraud alert lasts for 90 days. To keep one in place, you’ll need to renew it quarterly. The cost for this is nothing – it’s free.

How to freeze  your credit report

  • Send a letter to each credit reporting agency  requesting the freeze – preferrably a certified letter
  • Include your name, address, Social Security Number.
  • Include a check or provide a credit card number and expiration date to pay for the fees.
  • Provide proof of residence such as your driver’s license, student ID card, utility bill, etc.
  • You’ll receive a PIN number – keep that safe and somewhere where you can find it later
  • To remove or thaw the freeze,  write to all three credit reporting agencies requesting the freeze be removed. You’ll need your PIN for this.
  • It can take three business days or more after receipt of your letter for the freeze to be removed. If you lost your PIN, it can take even longer.

 Because it can take a while to freeze and unfreeze your credit, it’s best to use this if you know you won’t be applying for any new credit, getting a new job or moving in the near future.

How to place a fraud alert

Placing a fraud alert is considerably easier than a freeze. All you have to do is call one of the credit reporting agencies and request a fraud alert be placed on your file. Whichever credit agency you call will notify the other two agencies so that they can update you in their files.

  • Equifax: 1-800-525-6285
  • Experian: 1-888-397-3742
  • TransUnion: 1-800-680-7289

A fraud alert will prevent you from getting instant credit which is usually offered at stores. An offer for instant credit usually sounds like this, "If you sign up for our Visa card today, you’ll get 10% off your purchases." Instant credit is an identity thief’s favorite kind.

The method you choose to protect yourself depends on your circumstances at the moment. Either one works well. Neither of them will have any effect on your credit score.

Stolen Laptops at Carnegie Mellon University

October 10, 2007

Two laptops at Carnegie Mellon University was reported stolen on October 10, 2007. The theft took place the first weekend in September when a professor reported two computers were stolen from a classroom building in Ween Hall.

CMU began the process of notifying about 400 students whose personal information including social security numbers was compromised. The data on the computers included course roster files for students.

 While the officials at CMU don’t think the computers were stolen with identity theft as a motive, the fact remains – sensitive and personal information was on the hard drives. There has been no report if that information was encrypted and password protected.

The students affected were given information about getting a free credit report and advised to monitor their credit. I hope they take that advice and learn all they can about preventing identity theft.

HM Revenues and Customs Laptop Stolen in the UK

October 10, 2007

 A laptop belonging to the HMRC – HM Revenues and Customs – was stolen in London on September 20, 2007.

The laptop was in the trunk of a car belonging to an HMRC employee who had been using the PC for a routine audit of tax information from several investment firms. This employee immediately reported it and is now under an internal investigation because keeping the laptop in a car is a breach of HMRC’s rules.

 A spokesperson for HMRC said the information was heavily encrypted and that "it is well nigh impossible for a thief to make use of the information." He also apologized for the incident and took full responsibility.

Five firms had customer data on the stolen laptop including Standard Life and LionTrust. The BBC reported that the laptop may have held data for about 400 customers with high value individual savings accounts (ISA’s).

HMRC carries identity fraud insurance to protect their investment clients from identity theft. However, the information stolen includes very personal information such as passport numbers and addresses. Even if there is no actual monetary loss to a client, it leaves them feeling violated and anxious about any of their information that has now been placed in the hands of thieves.

Stolen laptops and security breaches happen all over the world. Identity theft isn’t confined to any one particular country. Learn what you can to do protect yourself from these types of security breaches. Keep your identity safe.



University of Iowa – Stolen Laptop

October 10, 2007

University of Iowa Students now have to be on the lookout for identity theft after a teaching assistant’s laptop was stolen from his house in Arizona in September 15, 2007.

The laptop contained personal information on 184 students including the social security numbers for at least 100 of the names listed. The information on the laptop was for students registered in philosopy courses between 2002 and 2006. Students affected were in sections of "Philosophy and Human Nature," "Philosophy and the Just Society," and "Principles of Reasoning" taught by Tuomas Manninen.

The personal information was buried deep in the directory structure but not encrypted. Information Technology Security Officer Jane Drews analyzed backup copies of the files and found them an unlikely source for committing identity theft. That’s easy for someone to say when it’s not their ss number affected.

Back in June 2006, another professor’s laptop was stolen in Davenport, Iowa that had the personal info of 280 current and former students of the Tippie College of Business’s Master’s of Business Administration program. The University of Iowa announced at the time that they were trying to reduce the use of a student’s ss number and evaluating security precautions for laptops and other mobile devices. Apparently they haven’t made much progress in the past year with their security protection.

What can an identity thief do with your personal information?


Phishing in eMail

October 3, 2007

Here’s my latest phishing email I got today. It supposedly came from ‘Technical support <>’. This one isn’t really very sophisticated. It was sent to my personal email address that only friends and family are supposed to have. That was the worst part. I’ve tried to keep that address ‘secret’.

My mail program correctly identified it as a phish but I would have known because the subject line was, "Protect your Citizens Bank online account". I don’t have a Citizens Bank account. And, I got the email two days after the date my account needed to be ‘updated’. Maybe that was supposed to make me think I missed something and had better hurry up.

Here’s what it said – I disabled the link.


CAUTION: On October 1, we will be moving to a new Internet Banking system.

You will need to print any previous records (statements, cancelled checks, Bill Pay information, etc.) you wish to retain since they will not move to the new service.

Your Internet Banking access will resume on Monday, October 1.

Previous merger with Signature Bank’s parent company, Money Manager GPS, Completed on March 1, 2007.

Payments with a scheduled payment date of October 1 or before will be processed and should not be resubmitted.

Any payment scheduled for payment after October 1 will not be processed and other payment arrangements should be made.

If you previously had e-bills or payees setup with Bill Pay, Wire, Ach, etc., you will need to re-apply for the service, and re-enter the bill payment information on the new system starting October 1.

If you have any questions about your Internet Banking service or our merger, please feel free to call us at 1-888-9797-7711. All information you provide to us on our web site is encrypted to ensure your privacy and security.

Beginning on October 1, you can access the new Citizens Internet Banking system by clicking here:

Citizens Bank Online Billing Services Team

© 2007 Citizens Bank Online, Inc. All Rights Reserved


That link looks safe enough – and it even has the ‘https’ at the beginning indicating it’s a secure site. So you may just go ahead and click without thinking.

Whoa – slow down, Sparky….

One of the the tip-offs to look for in a phishing email is to see if the link shown in the email actually is the same as the destination. When I held my mouse cursor over that link, the address bar at the bottom of my email program showed this address:  At a quick glance you see it starts with ‘securelogin’ and you see ‘’. It wants you to login right off the bat. If you do, you just gave up your username and password to your bank account.

That link is actually is taking you to a domain named ‘’ not ‘’. All that stuff in in the address is just there to try to fool you into taking their bait. The link was created with a bit of script that showed one thing but led to another. If you google that domain name, you’ll see that it’s been identified as a phishing site.

Another thing to look for are misspelled words. I think someone writing from a bank  would know how to spell ‘canceled’. However, look in the second sentence – it’s misspelled as ‘cancelled’. What about that phone number – 1-888-9797-7711. It’s got an extra number in it. There are a few other boo-boo’s that should have been edited. Real corporations carefully edit and proofread anything they send.

This phishing email wasn’t one of the better ones out there. It didn’t have any official looking graphics or layout. It did have a gray background and was written in big letters – I guess to impress me. There are some very well-done phishes out there that look quite authentic – even the website the links take you to look like the real thing.

So here’s the Phishing Rule #1 – Never click on a link in an email. Especially if it is asking you to go to a site to provide secure or personal information. Type an address directly in the address bar on your browser if you think you need to go there.

I don’t know what’s at the domain the link tried to send me to and I’m not going to go there to see – I don’t recommend you go there either. It’s obviously a website run by crooks.