14 Jul A phishing attack I almost fell for
Phishers aren’t just Nigerian schoolboys any more. They’re getting reasonably sophisticated:
Three factors almost hooked me:
- I actually am a CIBC (credit card) customer. Always delete any “security message” from a financial institution where you don’t have an account.
- The URL (in dark blue text) looks like a genuine CIBC website (www.cibconline.cibc.com/…).
- In the greyed out “If you are concerned about authenticity” message at the bottom, the “click here” link leads to a real CIBC page.
Three factors persuaded me it was fake:
- Almost all bank security emails are fake. CIBC doesn’t send out emails like this. So I was on high alert.
- Although the blue URL looked real, when I hovered my cursor over it, the real link appeared in the gray bar at the bottom. It’s different from the one shown in blue text above. (I haven’t clicked on it, and I have garbled it in case you are tempted to, but my guess is that : http://bethhealthtradlngcompany.com pushes Viagra.)
- The real CIBC page linked to in the greyed out portion warns against this very message. The phishers are hoping the legit link will make the message look legit, but they are hoping people won’t actually click on it.
The second point is a handy way to detect suspicious links. In most browsers and email programs, if you hover your cursor over any clickable link, the real URL will be displayed. In the example below (using Chrome on a Macbook), the grey bar at the bottom of the email shows the real link that is misleadingly presented in the blue text at the top.
Caveat pasco.