Falling into the Phishing hole

Posted by Dr Glyn Brokensha | May - 14 - 2014 | 0 Comment

money-graphics-2007_877977aPhishing is a method that’s commonly used by scammers in an attempt to steal private information such as usernames, passwords and credit card details.

Phishing has became more common with the boom of social media, instant messaging and emails. The social engineering technique is designed to make you think what you’re viewing is legitimate, gaining your trust and then asking you to enter private details when the source isn’t authentic.

High profile companies are commonly used as they’ve an established sense of trust associated with them.  So it’s easy to fall into the trap and have your private info stolen and used against you.

There are some key rules to go by when using the internet.



If you receive an email from a source that seems fishy make sure you check a few things.  And remember that your bank will never  ever email you asking for private details or to update details and spam filters don’t always get these, unfortunately.

  • Check the From email address that the email has come from.  If it doesn’t match the company delete it!
  • Check the link is actually for the site you’re expecting.  Commonly links will appear legit “http://smallbusinesss.yahoo.com/accountupdate”, but hovering over the link could reveal it goes to a different site. They should match exactly.  Just because the URL contains /yahoo doesn’t mean mean it is yahoo.  This example ends up in China!… ouch!


  • If you do click the link, always check the URL of the site you get to… does it match?  If not, get out!

suspicious phishing yahoo web page

  • Poorly written emails are another big give-away, if you have to re-read an email a few times to understand what it was about it should scream scam!
  • Your long lost uncle from Norway that’s left his inheritance of $134,403,00 and the only way to claim it is by going to this site may not necessarily be legit. We all secretly hope it’s real but deep down we know it’s not.

Short Links

A short linking service can be a great thing to help increase productivity as well as gaining valuable analytics on how a link performs on the web. But it’s also made it easier for scammers due the masking of links.

  • If you’re unsure where the final destination of a short link may be, use a browser like Google Chrome and open it in “Incognito Mode”, copy and paste the link in and see where it takes you.  At least you won’t be logged into other services that the potential harmful link could hijack.
  • Some services like Bitly offer an “admin” type feature, you can see stats and the actual link itself by adding a “+” to the end of the url. so: http://bit.ly/RBvZXf becomes: http://bit.ly/RBvZXf+ and will give you the magic info.

bitly expr3ss

Social Media

Double check your URL’s when browsing social media.  Social sites are a common target as they contain a lot of personal information making it of high value to compromise them .


  • Phishers duplicate pages from Facebook and then seed them with high profile brands like “Woolworths”  and false posts about gift card give-aways.  These generally link off to phishing sites asking you to log in to Facebook for a chance to enter the draw.  Don’t!

Working on HTTPS helps ensure the identity and authenticity of a site but won’t always protect you from phishing.  Remember email providers along with all social networks generally use HTTPS.

Keep an eye on that URL and your precious private data!

Happy web browsing and try not to get hooked!