We’re all well aware that all sorts of shenanigans goes on in the murky world of bureaucracy and politics. Always has been so, always will be. No matter where you live. The protagonists themselves, by their very actions, have conditioned us not to expect much of them.
But surely we’re entitled to expect a certain level of alertness and perspicacity in the elite few who have reached the top echelon of their calling. People like, say, the director of the FBI.
You agree? Hmmmm…
A couple of days ago our American friends were treated to the story of how FBI director Robert Mueller had been banned by his wife from using Internet banking.
Why? Get this…
Mueller, whom you might expect would be at least reasonably well schooled in shams and scams, and on full alert for them, was (by his own admission) within a click or two of delivering his net banking password to a cyber-crim, courtesy of a phishing e-mail. Only at the last moment did it dawn on him that this “might not be a good idea”.
Huh!
If Mr Mueller subscribed to this blog, the merest thought of responding to a phishing e-mail would not have entered his mind for a moment.
Look, if there’s any reader of this site who is still in doubt about how this works, I’ll distil it down for you right here, short and to the point…
NO FINANCIAL INSTITUTION WILL EVER
ASK YOU TO CLICK A LINK IN AN E-MAIL.
NONE.
EVER.
All financial institutions, and that includes payment processors such as PayPal and Clickbank as well as banks etc, are very well aware of the dangers and the potential for abuse.
If your bank ever really does want you to change your password or confirm your account details or anything like that, they will tell you to login to your account and do such and such.
They will NOT say “click here”.
They will NOT provide you with any sort of a link.
They will expect you to know how to login to your account and they will expect you to do that of your own volition, without any links or other help from them.
ANY link in ANY e-mail is a potential threat until you have given it conscious consideration.
{ 5 comments… read them below or add one }
Absolutely right! I had an experience with PayPal scam – it was a phony email that wanted me to ‘click here.’ The header of the email, etc., looked identical to PayPal, but there was one little spelling mistake that I picked up on immediately. I contacted them right away and they asked me to send them the letter I received….sure enough it was a scam. I was told back then to never, ever click on any link, or else you’ll have loads of trouble to follow. Thanks again for this very important reminder!!
One other point : if you float your mouse pointer over any of these ‘Click Here’ links – or indeed any other link – you will see the actual address to which that link refers, in the Status Bar at the foot of your browser page. This information should give you a clue as to the true identity of the link’s target and it is a good idea to get into the habit of monitoring the information in the Status Bar, before clicking the link.
If you cannot see the Status Bar, it may have been disabled. You can re-enable it by clicking on the ‘View’ option in the toolbar at the top of your browser page and clicking on the ‘Status Bar’ entry, in the drop-down menu.
Bill N in UK:
Good points Bill. The various “tell-tale” methods can be useful, but unfortunately they aren’t always 100% reliable. What you will see in a status bar, if anything, depends on a number of factors, not least of which is how you’re viewing the e-mail: e-mail client (which one?) or webmail (which browser?).
You have to be particularly careful when viewing HTML in a browser. There is a JavaScript programming command (or more correctly an “event handler”) called OnMouseOver, which can allow the programmer to determine what is shown in the status bar when the mouse cursor is hovered over a link. The status bar can be made to read “http://mybank.com” when the link really points to “http://badhacker.com”. Again, how and whether this works is dependent on a number of factors. The functioning of JavaScript in HTML e-mail is a case-by-case thing.
Whether OnMouseOver works in any e-mail client programs I’m not sure — haven’t tried it in any myself, and anyway there are just so many different variations. In all probability it will work in some and not others.
If you really want to see exactly the source of the message and what is programmed to happen behind the scenes, there are two places you can look for more extensive information.
The first is the e-mail header data, which is usually not too difficult to access, with the exact method depending on your particular e-mail client program. For example in Microsoft Outlook you can right click on a message in the list of e-mails and select Options from the pop-up.
The other place is the code behind the HTML e-mail. Again in Microsoft Outlook, right-click in the body of any HTML e-mail and select View Source from the pop-up. You’ll need to understand at least a little HTML to be able to analyze the results.
I think most of us know better than to click unknown links but the scams
get more and more sophisticated and the danger for me lies in possible lack of concentration leading to a nasty error. Only one answer to that one!
Hi Giles.
And the answer is…
The human brain is the first line of defense;
keep it engaged when online.
Sound familiar?