Hackers increasingly use a form of con-artistry known as "phishing" to get people to give up their personal information, or download something nasty. Today, the perfect example of a phishing scheme landed in my email inbox:
Dear AIM user,Your AIM account is flagged as inactive. Within the following 72 hours it'll be deleted from the system.If you plan to use this account in the future, you have to download and launch the latest update for the AIM. This update is critical.In order to install the update use the following link. This link is generated exclusively for your account and is available within a certain period of time. As soon as this link is not available anymore you will get another letter.Thank you,
AIM Service Team
This e-mail has been sent from an e-mail address that is not monitored. Please do not reply to this message. We are unable to respond to any replies.
The link, of course, was not to America Online. It was to a server in Poland, set up to look like it was called "update.aol.com".
A quick look at the email shows some telltale signs of a phishing attack:
- A call to immediate action. The email says you've got 72 hours to do something, or your AOL instant messaging account is going to be shut down.
- A "do not reply" email address. The email gives no address to reply to to verify that it's the real thing.
- A forged email header. The "From" in the email was shown as "email@example.com". But when I looked at the full "header" of the email—you can do this with most email programs—the return path was to an odd email address in Australia.
- Irregular grammar. While this email is pretty well put together, little bits like "the latest update for the AIM" are a tip-off that that this hasn't been through AOL's legal department and editors.
- A link to download something unique to you. If AOL is going to tell you to download something, they're going to direct you to the actual AIM.com website—which is AIM.com. They're not going to give you a personalized download link. The personalized link in this email passes your email address back to associate who they snagged with the download.
Remember: the best protection against a scam like this is between your ears. If it doesn't make sense, it's probably not what it pretends to be.