Think before you click. Protect yourself from phishing scams.

Posted: May 25, 2011 in computers, Security, software, technology
Tags: , , , , , ,

I got an email from NACHA, or at least that is who they were pretending to be.   It seemed a little fishy to me, or should I say “phishy”.

Here’s a screen grab of the original email:

looks like the real thing, but it is a clever fake

I should start by saying that Yes, NACHA is a real organization, but just because its real doesn’t mean you should trust an email to be from them.  There has been a glut of PayPal and banking scams over the past few years, and in general, phishing attacks are becoming more and more clever.

A couple of things tipped me off, or at least caused me pause.  First:  The email mentioned a recent payment from my checking account.  I knew I hadn’t made any payments from my checking account (that spelling drives the Canadian and Brit in me nuts – its chequing, but I digress) recently that were not pre-authorized and recurring.  Second:  The “report” they referred to was an attached “.exe” file of a PDF.  Yeah, riiigght.  No one in their right mind would ever send an “.exe” these days and expect it to be opened, they just scream VIRUS.

A couple of quick things you can check (not cheque) if you are doubting the authenticity of an email.  Check the headers and return path of the email.  (On a Mac in mail, go to View and down to Message > Raw Source.  On a Windows PC running Outlook, you go to View and down to Options and will see the internet headers.)  Typically the first line is the return path, unless its from a mailer daemon, then its buried further in.  In this case it was a “” address.  That is always a good indication something is not right.  Another thing was the supposed report file, that infamous “.exe”.  The path to where it was stored is a blogspot address.  I’m fairly certain that if indeed NACHA had some info I needed to see it wouldn’t be storing the file on a blogspot server or using a Gmail address to send info.

Another good indicator was the fact there is a notice on NACHA’s website homepage about a phishing scam.  I forwarded the email I had received to their “abuse” email address and got the following response which reinforced my suspicions:

this one is real

The moral?  When in doubt, be a Doubting Thomas.  Its better to confirm with the alleged sender before trusting them than to try and fix the problem after the fact.

Phishing attacks and the subsequent identify theft or malicious software being installed because of them has become just an everyday part of the potential dangers of being connected, but don’t run and hide, just take some time and think before you click.  Use that as a motto in all things you do on a computer or any connected device, Think before you Click.  It can save you from numerous harmful attacks and problems, as well as maybe stopping you from sending a flame to someone you will regret later, but that’s another story for another time.


Please Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s