Fake Emails & Spoof Websites

[Mr Red Bull]

Fake Emails & Spoof Websites

Following the recent fake email scam reported on TTC recently, I received a Paypal mail on which part of which touched on Phishing emails and how to spot them. I thought its simple clear design and uncomplicated descriptions would work well here, so I converted their guide into a more general themed one and posted it here, it is mainly generalised, but this still applies to ones you may get about Toontown.

Hopefully it will not happen, but it is always possible that someone else will get the idea that there is profit in trying to get Toontown account information and try again, worse still a major fraudster may decide it’s worth doing on mass scale too, so it never hurts to be vigilant and know what to look for.

Anyways feel free to let me know what you think.

What is Phishing?

Phishing is a form of fraud designed to steal your identity. It works by using false pretences to get you to disclose sensitive personal information, such as credit and debit card numbers, account passwords, or National Security numbers.
One of the most common phishing scams involves sending a fraudulent email that claims to be from a well-known company. Phishing can also be carried out in person, over the phone, through fraudulent pop-up windows and websites.

DEFINITIONS
Phishing (pronounced 'fishing'): Fraudulent emails that request or initiate a scam to get sensitive personal information.
Spoof Site: Fraudulent sites – usually linked from a phishing email – that look like well-known websites.

How phishing through email works.



1) A fraudster will start out sending thousands, even millions, of emails to different email accounts disguised as messages from a well-known company. The typical phishing email will contain a concocted story designed to lure you into taking an action such as clicking a link or button in the email or calling a phone number.

2) In the email, there will be links or buttons that take you to a fraudulent website.

3) The fraudulent website will also mimic the appearance of a popular website or company. The scam site will ask for personal information, such as your credit card number, National Insurance number, or account password. You think you’re giving information to a trusted company when, in fact, you’re supplying it to a criminal.



Recognising Phishing.



1) Sender's Email Address. To give you a false sense of security, the 'From' line may include an official-looking email address that may actually be copied from a genuine one. The email address can easily be altered – it’s not an indication of the validity of any email communication.

2) Generic Email Greeting. A typical phishing email will have a generic greeting, such as 'Dear User'. Note: Most official companies will greet you with your registered name(s) or other secret username (not one used publicly)

3) False Sense of Urgency. Most phishing emails try to deceive you with the threat that your account will be in jeopardy if it’s not updated right away. An email that urgently requests you to supply sensitive personal information is typically fraudulent.

4) Fake Links. Many phishing emails have a link that looks valid, but sends you to a fraudulent site that may or may not have an URL different from the link. Always check where a link is going before you click. Move your mouse over the URL in the email and look at the URL in the browser. As always, if it looks suspicious, don't click it. Open a new browser window, and use the official URL to the company in question, then contact that way.

5) Attachments. Similar to fake links, attachments can be used in phishing emails and are dangerous. Never click on an attachment. It could cause you to download spyware or a virus. Most official companies will never email you an attachment or a software update to install on your computer.




How to spot a spoof (fraudulent) website.

A phishing email will usually try to direct you to a fraudulent website that mimics the appearance of a popular website or company. The spoof website will request your personal information, such as credit card number, National Insurance number, or account password.

You think you are giving information to a trusted company when, in fact, you are supplying it to an online criminal.



1) Deceptive URLs.
Be cautious. Some fraudsters will insert a fake browser address bar over the real one, making it appear that you’re on a legitimate website.

Always log in to the companies site by opening a new browser and typing in the URL supplied by the company when you registered, a company will send you an email to update you on any changes to site location. If you have a short cut that was downloaded with program, use this to go to the website or do a search in browser if you have trouble linking with your existing URL(s)

The term 'https' should precede any web address (or URL) where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.

2) Out-of-place lock icon.
Make sure there is a secure lock icon in the status bar at the bottom of the browser window. Many fake sites will put this icon inside the window to deceive you.

Ways to combat scam email and websites.

Remember, when it comes to phishing, you are in control. To protect your personal financial information, ignore the requests in the email.

• Never provide any information.
• Never click on any link that seems suspicious.

How to report a phishing email.

1) Forward the entire email to the company that it concerns

2) Do not alter the subject line or forward the message as an attachment.

3) Delete the suspicious email from your email account.

The company in question can then help and advise you on anything you are concerned about.

A genuine email will never include:
• Attachments
• Software

More steps to protect you from phishing.

• Monitor your account(s). Check your account periodically for suspicious activity. If you notice unauthorised use, report it to company in question.

• Keep security software current. Update your firewalls and security patches frequently.

• Be smart about your password. Change passwords often and use unique passwords that include letters, numbers and symbols

[CaptainMac]

Very good.
But now it's up to the mods if this should be stickied.
I think it shuold be and will help people but it's up to the mods now.

[tacutamon]

this is very useful guide and should be stickied!

[Nala Dog Is Addict]

Ty For This Guid Now I will be more careful ive read on ttc that their is a fake tt site so look out for it

[SuperToon]

WTG. u really taught me someting.

[princess lily funnyknees]

Good information to know, I agreethat making a sticky out of this would be a good idea for all reference to.

Thanks for the heads up!!

Princess Lily Funnyknees

[Freeheart]

We seriously need to sticky this.
It's an awesome guide. I will definatly refur here if i'm in question.

[LAWBER]

Well,I have a smart password that only ME can remember for a long time!

Here are my sites:
TTC(d'oh)
Roblox

Only 2 but they both have PM and messages.

And I have no SCAMS!

[Rattlebones]

You can find additoinal information on these topics at these websites :

Microsoft : http://www.microsoft.com/protect/you...ing/spoof.mspx
Utah State : http://it.usu.edu/htm/tutorials/10-w...-spoof-emails/

[mickeymousygal]

thanks for the guide! my mother, she lost her wallet in the mall, which had her social sacurity number in it, luckily we found it! :-)

[Guru]

Totally not off topic.

Also, note that phishing does not happen in just emails. It happens from some of your malicious friends as well. I've had friends attempt to steal my passwords and whatnot. Just make sure you recognize the domain/URL, make sure it's the proper website, yada yada...

[CogJosh78]

is this a phishing website?

[Mr Red Bull]

Quote:

Originally Posted by CogJosh78

is this a phishing website?

Is what a phishing website?

Quote:

Originally Posted by Guru

Totally not off topic.

Also, note that phishing does not happen in just emails. It happens from some of your malicious friends as well. I've had friends attempt to steal my passwords and whatnot. Just make sure you recognize the domain/URL, make sure it's the proper website, yada yada...

Lol those are not friends, they are users. Get rid of them. If they think I'm a fish waiting to get hooked then they no friends of mine.

'Keep it Kool '

[-Queen Candy-]

We learned about this in school. I'm glad you posted it for others to learn.

[Dizzy blubberflinger]

Thx for telling! Very helpful!