Phishing Season


If you are like me (and millions of others) you receive your fair share of junk emails. Some are obvious ads for products to enhance body parts. Others are not quite so obvious and in fact quite insidious. When we speak of phish….we are not speaking of the indie rock band. In the cyber world we are speaking of messages and websites designed to steal personal information and your hard earned money. We’ve seen a big increase in phishing over the last several months and thought it appropriate to bring this to everyone’s attention to make you aware of the problem and how to best keep yourselves from becoming a victim.

Forgetting the obvious breast and penis enlargement ads we all seem to get…(do I really need to increase the size of both? ) have you ever received an email from Citibank or Wells Fargo asking you to sign into your account, even though you don’t have an account at either bank? (hopefully you don’t either….but that’s another subject for another day). Those are phishing schemes. Those emails try to convince you to click the link on the email. At this point generally one of two things happens.  Either you are implored to sign into your account thereby giving these thieves all the information they need to log into your real account and empty your account or charge up a storm with the stolen account information, or by clicking through to the website, you unknowingly allow a tiny key logger to be installed onto your computer.

What does a key logger do? Exactly what the name implies. Every keystroke you make is recorded where those logs are phoned home (wherever that home may be) on a regular basis. Names, emails, passwords, credit card numbers, phone numbers, social security numbers, the works….whatever you type is sent back to these thieves. It doesn’t take a rocket scientist or ophthalmologist to figure out 16 numbers typed in a row is a credit card number…especially when it is followed by 4 more numbers (expiration date) and then by three more numbers (your CV code). Nor would anyone be confused that  nine numbers typed in a row would be your social security code and so on.

So, how do you protect yourself? First and foremost, make sure you have a good anti-virus program installed on your computer. Just as you would never tell your son or daughter heading off to college to have sex without protection should you consider yourself safe computing without protection for your computer. Are you really willing to put your data at risk for a measly $40 a year? I would also suggest an anti-spyware program.

Now, let’s say you get an email from The 1st Optical Bank of New York, where you actually do have a checking account, asking you to log in for some reason or another. Before blindly clicking away, scroll your mouse over the link you are asked to click on. Does it match the website you are supposed to be going to? If you look on the lower left hand corner of most browsers, you will see where the link says you are going to. It is easy to spoof a link as I will demonstrate here.

Sure, the link says Facebook. If you mouse over the link however, you will see it actually goes to my website, If you receive an email and the links don’t match, delete the email. PERIOD.

Other ways to detect a phishing scam? This image from Microsoft gives an excellent example of what to watch out for.


  • Spelling… while I am a terrible speller, most professional emails are double and triple checked for spelling. Non-native speakers will make mistakes often. This is a great way to at least raise your suspicions.
  • Links…Remember to double check links before ever clicking on them.
  • Threats… Banks, credit card companies, and membership sites do not make threats (unless you are behind on bills). EBay and Hotmail will NOT delete your account if you don’t respond at once to an email.
  • Spoofing…just because it looks legit or has the appearance it could be coming from a credible source, doesn’t mean it is legitimate. In the time it took to write this post this morning, we have received two emails from “LinkedIn” about our “friends” request. The problem is, both emails we sent to accounts not associated with LinkedIn about two people we do not know.

Just as in life, you can’t be 100% safe. Somehow, somewhere, each of us will get hit somehow. Being vigilant, and having the right anti-virus and anti-spyware software will however go a long way in protecting you.

Daniel Feldman, is a co-founder to the Visionaries Group  an optical consulting firm specializing in helping eye care practices achieve success at or on Facebook.

Feb31 Mid 519