Kind of appropriate to write about phishing on May 1st, May Day to Pagans and a distress call from aircrafts and ships.
My Mother was tricked into giving her email password out to a phishing scam at Yahoo. They had sent her several emails claiming to be Yahoo. When they sent one which said “final notice” she responded. She gave them her email password as well as her date of birth and other information which Yahoo would never have asked for. Although I had told her not to reply to anything requesting information, she thought it was Yahoo and would do no harm. However, she trusted that the email had actually come from Yahoo, it did not. I think we have sorted out her email account now, changed her password and removed the email from the phishing scammer who had set his email address as a secondary email to her account. I also contacted Yahoo and sent in the information to their phishing list.
What few people write about these phishing scams when they give information about avoiding them is the aftermath. Our phone answering machine was full and unable to accept any more calls when we arrived home yesterday. Many friends, some she has not talked with in a very long time even, had been calling to find out if my Mother was ok. The phishing email sent out from her account had said she was mugged in the UK and needed money to get back home again. Some of my Mother’s friends are elderly people, living on pensions. All of my Mother’s friends were unsettled to quite upset about this. Most suspected or believed the email was not true. But, my Mother is well liked, very friendly and easy going, so everyone wanted to be sure she was ok. We have not heard that anyone actually sent money but several people have offered to do so if she needed the help. To me, this is the saddest part of this whole thing. I feel very badly about the friends, especially the more fragile people in poor health, who have been upset and wondering if my Mother is in dire peril, beat up and away from home, alone.
The other part of this whole thing which we are just beginning to deal with is the fact that this phishing scam also took other information, her birthdate. I know from my time as a department store cashier expected to sell credit cards that all anyone needs to apply for a credit card is a name and a date of birth. So we are now checking into the chance that my Mother is going to have her identity stolen and be signed up for credit cards or other types of fraud. This is the most scary part. I don’t even know what to do beyond calling the RCMP (which my sister did yesterday). My brother is going to talk to her bank and see what they suggest doing. But, I really don’t think she can 100% protect herself in this case. It is just a matter of wait and see what comes along in time.
Anyway, as a last addition to this post I want to include a list of things to watch for should you get an email from someone which claims it is a bank, Yahoo customer service, a lottery corporation, or anything else official sounding.
- If the email asks you for your account password it is phishing for your information. Yahoo or any other email service such as Gmail, Hotmail, etc will never need your account password. NEVER. Never, ever, never. No matter what the email says, no matter how professional it looks, even if it uses the graphics from Yahoo, anything asking for your account password is fake. This should be a very big red flag. Do not give out your account password, even if you are sure the email is legitimate. Yahoo, Gmail and the other email providers do not need your password in order to access or verify your account. If you learn nothing else today, let it be that one important fact.
- Spelling or grammar mistakes. I know not everyone is an expert speller but if you do notice an error that is a sure sign the email you are reading is not being sent out by any kind of professional or institution or business. They do use spellcheck, the phishers do not.
- Check the email address the message was sent from. Do you really think Yahoo needs to use an email address which is not straight forward? Anything like firstname.lastname@example.org is bogus. Also, anything claiming to be from Yahoo and using a Gmail email address is very fake.
If you would like more information and resources Public Safety Canada has a page about phishing with links to resources. Also, the Anti-Phishing Work Group.