Phishing emails

I realize that this is not the appropriate area in which to post this, but I'm not having an easy time of determining where things go. I went to the "An Introduction to scams" section that states it contains, "the basics of how to avoid being a victim of a scam," and since my information applied, I thought it would be a good fit, but found the topic locked.

I then went to "Our pick of useful links," only to find it locked as well. So here I am, where the information will likely be buried under a ton of introductions and not be available to those who could really benefit from it.

This site - http://www.whatisphishing.co.uk/ - contains valuable information regarding exactly what is the process scammers use known as "Phishing," and what to do to avoid becoming a Phishing victim. A quick look around, and you'll see that there's a lot of other information there as well - other links to be clicked on a variety of topics, and well worth checking out.

BTW, the Project Honeypot site is STILL not up yet - I have no idea what issues they still have to resolve, but I certainly hope they get it up soon, as I rely on it extensively.

MM!

The whole of the "Introduction to scams" forum is locked. in that section we keep only the barest of information on the various types of scams that we cover.

Phishing, is generally not covered here, we do have some knowledge on phishing but it is not one of the areas we deal with here.

Sites such as the one you mention do a much better job of dealing with phishing than we do.

The general rule, dont provide password or banking details in response to any email you have received, if you suspect you have received a phishing email, contact the company who's identity has been stolen and advise them of the phishing attempt, they will generally be able to deal with them much quicker than we could.

To save your post from being buried so quickly, I have put it in its own thread

Hi MightyMouse, thanks for contributing this information. As Ralph says, we don't really deal with phishing/phisers, our focus is advance fee fraud scammers. That said, we do have some information on phishing in the fake sites forum here: viewtopic.php?f=10&t=3355.
The reason that the thread "our pick of useful links" is locked is so that we can review submissions before they are added. I'll add a post with a link on that thread. We're familiar with the owner of that site.

Other really good information on phishing can be found at http://www.onguardonline.gov/topics/phishing.aspx and http://www.antiphishing.org

King Ralph - thanks Your Highness, I appreciate that! Usually, people just give me a cookie and I go away --

You said, "Phishing, is generally not covered here" - still, if one of our stated aims is to "Help people protect themselves against scammers" - shouldn't it be?

Jillian mentions that, "our focus is advance fee fraud scammers," yet how many advance fee fraud scammers first use Phishing techniques to take over email accounts from which advance fee frauds are perpetrated?

I received three such emails recently, all signed by the same, poor, pathetic "Mrs. Sheila Johnson," whose husband died just four years ago, and who now has "esophageal cancer," and wants to give me 9 million B. Pounds. Two of the three however, had return email addresses (two different names) @csuohio.edu.

I contacted Cleveland State University, and the Security Administrator there gave me some insight into his problem:

From:
To:?
Sent: Tue, May 11, 2010 1:31:47 PM?
Subject: RE: Project!!!!!

XXX,

We had half a dozen University constituents reply to a phishing scam that asked them for their email ID and password. When they do this, someone from Malaysia or Nigeria (we’ve tracked them down to these two countries) has logged onto our webmail system with the stolen credentials and sent 300,000 spam email messages each time. When this happens, our outgoing mail queue balloons with unsent messages, we get notified, and we shut them down. Unfortunately, some make it through. You were unlucky enough to get one or more spam messages from us. For that I apologize. We’re working hard to put in an automatic block for this activity as Lotus Notes does not have this feature natively in a form that we can use.

Our problem seems to be trusting faculty and students who think that we want their email credentials and reply with those credentials to email accounts in China. I’m not quite sure how to tell people to be less trusting of email. Ironic isn’t it, that an educational institution has to educate faculty…

- - - - - -
Security Administrator
Cleveland State University

I referred him to this site and to the http://www.whatisphishing.co.uk/ site, hoping he can find information he can take to his staff so as to prevent this fiasco from recurring. But my thought is, that several batches of possibly thousands of SpamScam emails went through the CSU servers (many of which were doubtless "advance fee fraud scammers," as was mine), that might have been prevented if his people had been better informed about the dangers of Phishing. And the CSU staff members aren't even the tip of the iceberg.

Just a thought --
(Can I have my cookie now?)
MM!

Edit: Removed personal details from email - CF

Here's a cookie for you.

Yes, we're aware that phishing victims' email accounts are used for sending out scam emails. When we find those, we do try to alert the provider (they are often college campus email accounts). We also do refer people to information to protect themselves from phishing and can give advice to some degree. What we mean by we don't focus on it is that our focus and expertise is in keeping up with email scam tactics, the various versions of advance fee fraud, romance and work at home scams. What we do here is to provide information about those types of scams, warn victims and support victims. Advising and warning about phishing may fall under that at times but we don't focus on phishing. We don't want/need phishing emails/links posted here for people to find and don't actively fight phishing beyond notifying legit agencies being spoofed by fake phishing links. There are anti phishing groups who do focus on phishing and we're happy to refer people there. Having a specialty allows all of us more depth. Hope that clarifies.

I must apologize King Ralph, for any inconvenience you might have gone through is setting up this independent thread. Apparently, however it's unnecessary, so feel free to wave your magic scepter and do do that voodoo that you do so well --

MM!

It took all of about 1 minute so no inconvenience at all, nor any reason to appologise