Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

pfishing

Dec 3, 2004 12:41AM PST

My husband and I were sent an email from our bank requesting us to resubmit our information for an online update. There were two problems with this that made us stop and think.
First, they sent this request to my husband's work email. We NEVER give his work email to anyone. This is a government sight. Second, I never respond to online updates.
I contacted the bank to complain to them and they informed me that they are not the ones doing it. I contacted the bank's fraud alert, they had me forward them the message, and they handled it from that point on. Next my husband reported this to the computer department at the government facility and they handled it from there side also.
My main question is: How did they get my husband's work email address to associate with this bank?
The bank is US Bank.

Discussion is locked

- Collapse -
Re: pfishing
Dec 3, 2004 7:07PM PST

This is a new one on me.

Normally businesses use a Local Area Network or Intranet, (note, not Internet), which is closed off from the main internet world, although Intranet Administrators sometimes allow users to access internet web sites. But this is a usually a policy decision for each business.

In addition, emailing within the LAN or Intranet is often used by Microsfot Exchange using Microsft Outlook, (rather than Outlook Express whch is for home internet users). Microsoft Exchange is considered more secure than Outlook Express because emails generally only go back and forth between LAN users, and the Address Book is held centrally on a server. However, again, a policy decision may be made by businesses to allow users to email "outside" of the protection of the LAN or Intranet to the outside world.

If and once that decision is made, the security of the Intranet becomes weaker and any use of emails on the internet is subject to the normal risks that all users on the internet face. There are many ways for "web-bots" to gather email addressess and use the email addresses for spam or for "Phishing", which is becoming more prevalent, and more of a problem.

Also, web-bots will create email addressess for a particular domain, and try many different variations of email addresses in phishing and spam emails; eg if my name was Mark Smith, and my ISP was Express.com, (I don't know if there is such a domain), these web-bots would send out hundreds or thousands of emails on the variation mark.smith@express.com. They only need to get lucky a couple of times for their spamming or phishing message to get through.

You and your husband have done very well by realising that the phishing email he got was suspect, and not falling for the ruse. Regrettably, many do fall for it, and as a result have lost funds in their accounts.

Myself I have received no end of phishing emails from Bank of USA, and CitiBank, even though I am not a US citizen and I live in the UK, and I have also received phishing emails from my own bank and other UK banks and financial institutions. (When I say I have received emails "from" these organisations, I naturally mean "supposedly" from).

There is little you or your husband can do, except change both your emails. But even then, you may become targets later when web-bots get around to your names. My own experiences of phishing has died down now, but I fully expect to be targeted again at some stage in the future.

Not a satisfactory reply I know, but you both appear to be vigilant, and that is all that we can be, vigilant.

Good luck,

Mark

- Collapse -
Re: pfishing
Dec 4, 2004 6:15AM PST

Just read your message and wanted to give you some very good info. Go to www.Corestreet.com and download their product "Spoofstick." It is a free download. It prevents you from being phished. It installs itself on your browser line and everytime you enter another website it will say "you are on .....". Read their message about this also. I use this and I can recommend this very highly, over 100%. Also, even if you click on a webaddress in your e-mail, it will let you know if you are on the site you are supposed to be on.

Good luck.