Wednesday, December 3, 2008

Phish Bait

Off topic warning: This topic is not about genealogy, but may still be of interest to those who wish to learn more about Internet scams.

Phishing is the criminal act of "fishing for information," tricking people into revealing important information such as logins, social security numbers, bank accounts, etc. The Ancestry Insider recently received a phishing e-mail. This one was completely obvious... if you know what to look for.

As you go through the five numbered items below, look at each successive dark-green box in the image below.


  1. The e-mail didn't come from Capital One, but
  2. The "to" field of the e-mail is blank. That is a sign that the e-mail is SPAM, sent to dozens, even thousands of e-mail addresses.
  3. The e-mail doesn't identify me by name. Phishers can easily buy e-mail addresses harvested from the Internet, but they rarely have both e-mail address and name.
  4. I don't have a Capital One credit card, not in my own name and e-mail address and especially not in the name and e-mail of the Ancestry Insider! But when phishers SPAM enough e-mail addresses, even though they will send it to a lot of people that don't own the bait, they'll get a lot that do (be it a credit card, a bank account or a password with e-Bay, PayPal, etc.).
  5. NEVER, NEVER click a link in a suspicious e-mail, particularly to get to your bank or any other website that requires a password, credit card number or other important information. Always go directly to the home page of the website by typing in the address of the website. In this example, I could go to, login and see if I get the same important notice contained in the suspicious e-mail. I won't, though. These phishers didn't bother to disguise the link—which can be done. The link begins with instead of When http:// is followed by four numbers instead of an Internet address, don't trust it!

Anti-Phishing Phil courtesy CMU Anti-Phishing Phil is an online game from Carnegie Mellon University that can help you learn how to recognize dangerous links and Internet addresses such as the one with the four numbers in the phishing e-mail I received. It will teach you not to take phishing bait; and it's free for personal use.

Deceptive Pop-ups

Last month Dick Eastman wrote about another scam: deceptive pop-ups. Eastman learned the hard way that you NEVER click anywhere inside an unwanted pop-up. Here's an example:

Image credit:  Derek Quenneville

To do its dastardly work, this pop-up needs you to click. But since it is from a dastardly company, the click doesn't have to be on Next. As Dick found out, Cancel works just as well. All they need is a click, anywhere inside the window frame.

Always close the window using the X in the upper-right corner. At least that's what I've always done and have never had any problems. If you wish to be doubly safe, I recently read a suggestion that closing the window via the task bar at the bottom of your screen is even safer.


  1. Great article! Thanks for pointing out the tell-tale signs of a phishing expedition.

  2. I would highly recommend avoiding the "X" to close pop-up windows too. Sometimes, the pop-up window can be made "X"-less and clicking the "X" will be the same as clicking "OK" or "Next" or "Cancel".

    Instead, use the Alt-F4 (Close) to close the current active window, or close it from your Start bar by right clicking on the pop-up window's icon and selecting "Close".

  3. Andy,

    Thanks for the comment.

    I agree that the "start bar" (aka task bar) is a safe way to close windows.

    Is Alt-F4 safe? I thought it was not. Can't it be intercepted by JavaScript code such as this?

    Like I say, I've never had problems with the "X", but I'm also a computer expert. The latest browsers won't allow pop-ups without it, so you would think the "X" would be safe. But since receiving your message I've recalled that the bad guys have started creating pop-ups with the real title bar and real "X" hidden above the top of the screen, leaving the fake "X" for unaware users to click upon.

    Above all, I should have advised the use of up-to-date virus protection and using Windows update to install all the latest security patches.

    -- The Ancestry Insider

  4. Did you forward the suspicious e-mail to Did you forward the suspicious e-mail to the FTC at

  5. A clever trick used by phishermen is to make an image which includes the "X" in the upper right corner and which is part of the image map, so a click on it sends you to the URL. It is effective when the image is made to appear in an "x-less" pop-up window. I right click on the application on the task bar and select "close." So far, that seems to work safely.


Note: Only a member of this blog may post a comment.