Like so many other Web users, I've encountered a crook using email to "phish" for personal information. Occurred to me that perhaps you haven't seen an example. If so, I"m sharing the following in case a "phish" crook comes your way:
-- The email I received (highlighted in red ... a bit hard to read, and I apologize)
-- Who I sent it to (email@example.com) and their response to me (in yellow).
Actually, the entire body of this was AT&T's response. Also, there are several links included that don't work, because I'm pressed for time and haven't done the necessary editing, but at least you can see them.
----- Forwarded Message ----
From: 2010 SBC Account Upgrade <firstname.lastname@example.org>
Sent: Mon, May 3, 2010 3:57:53 PM
Dear SBCGLOBAL.NETAccount User
To complete your Account Verification process, you are to reply this message and enter your ID and PASSWORD in the space provided (*******), you are required to do this before the next 48hrs of receipt of this e-mail, or your SBCGLOBAL.NET Account will be de-activated and erased from our database.
Webmail User ID:
Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.
The SBCGLOBAL.NET MAIL
This is a forgery and not from AT&T Internet Services.
AT&T Internet Services reminds consumers and businesses to be aware of phishing/scams and advises you to use caution if you receive any e-mail requesting personal information:
AT&T Yahoo! will never ask you through email for your:
- user name
- credit card account information
- social security number
- AT&T companies do not send unsolicited e-mail attachments.
Please report all phishing / scams that are requesting personal information to email@example.com
Please include the full headers, the headers will show us where the email originated and the drop box.
With this information we can try to close the offending accounts down.
Minimize drive-by downloads. Make sure your browser security setting is high enough to detect unauthorized downloads, for example, at least the Medium setting for Internet Explorer. Keep your browser updated.
Do not click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the X icon in the title bar.
Do not click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.
Install a personal firewall to stop uninvited users from accessing your computer. A firewall blocks unauthorized access to your computer and will alert you if spyware already on your computer is sending information out.
At a minimum we recommend you acquire software which provides anti-spyware, anti-virus, and firewall protection.
Ensure your operating system is updated with the most recent patches. These should be available from the operating system's web site. For example:
More security tips can be found at the Federal Trade Commission
Yahoo! Password Scams - http://security.yahoo.com/password_scams.html
Other common methods used to trick AT&T Yahoo! members into revealing their passwords are Impersonated Web Pages.
You can find web pages that exist for the sole purpose of collecting AT&T Yahoo! IDs and passwords. These pages mimic the Yahoo! sign-in screens, and are sometimes referred to as "spoof" or "password phishing" pages.
Do not enter your Yahoo! ID or password on any web page unless you are on the Yahoo! network and your intent was to visit a Yahoo! sign-in page or a Yahoo! service that requires you to be signed in.
You can quickly see if you are on the Yahoo! network by looking at the address bar. Web pages on the Yahoo! network have URLs that start with: http://www.yahoo.com/". The "www" may be replaced with the name of the Yahoo! service you are visiting. For example, the address for Yahoo! Mail is http://mail.yahoo.com/Make sure a "trailing slash" appears after "yahoo.com" -- sites that impersonate Yahoo! will not have the "trailing slash."
For an example of this visit: http://www.att.com/gen/landing-pages?pid=6456
If you aren't sure you are on the Yahoo! network, go to the Yahoo! home page by typing "www.yahoo.com" in the Address box. Once you're there, click the "Sign In" link on the right side of the Yahoo! home page.
AT&T Internet Services Security Center
SAFETY NOTE: We have included links in this email as a convenience. Please note that it is always safer to copy and paste URLs included in email directly into your browser to reach the referenced site.