“Discover”a phishing scam

I received this email this morning and deleted it, and then thought about it and dragged it out of the deleted items folder. I thought this was a typical phishing scam designed to lure poor, unsuspecting folks who don’t subscribe to our newsletters … into giving up their Discover Card details.  Since I don’t have a Discover Card this was a no-brainer for me, even if I were a poor, unsuspecting, trusting soul. But millions of people do have Discover Cards and probably thousands — or at least a few hundred — have fallen prey to these crooks phishing scam.

First this scam wasn’t even well done. They made mistakes like putting a woman’s name at the bottom of the email. They used English in the body of the email even worse than mine…my dear grammarians. In fact, you can tell by the way it’s written that its authors don’t speak or write English a a first language. But some people were scammed into giving up their Discover account information total simply because they didn’t instantly recognize a phishing scam.

So we thought this is a great opportunity to remind you not to fall for phishing scams. By remembering our simple rules when it comes to emails from banks and other financial institutions:

1. A legitimate email from a bank or financial institutions will be addressed to you like “Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer”.

2. A legitimate email from a bank or financial institution will never ask you to click a link to verify your account. They may ask you to visit the bank’s site and log in, but they will never provide a link in the email.

3.  NEVER click links in emails from banks and financial institutions. If in doubt, visit the bank or financial institutions’ site by using the URL you know, like https://www.discover.com/  and then verifying the URL in the address bar – and make sure it starts with https:// not http:// . Most browsers will show a green lock icon and show the name of the company in green like this:

(The above screen shot take from the address bar of Chrome browser)

Note the https:// ? Notice the lock and PayPal, Inc. [US] highlighted in green? Good!

Now on to today’s lesson phishing -no pole or bait needed, just common sense and a couple of functioning eyeballs.

It all begins with a sort-of official looking email. This scam was sloppy, some are not so sloppy.  Note the email below had two links. One a the top to view the “Web version” and the telltale click “Verify now>” which should send you running.

Here…let’s look at the text close up:

All the English police who point out my errors, should give me a gold star compared to these crooks! I’ve highlighted in green things you should note and you should not need me to explain why they’re highlighted, right?

And look above: These crooks are so sloppy that this email, supposedly from Discover, has the name of some women living in Hawaii  at the bottom. We should all drop her a note! Don’t bother. The address probably doesn’t exist or if it does it belongs to Kahlula Funeral Home or Benny J’s Restaurant.

And if you are foolish enough to click the link in the phishing email, you will land upon a very official looking page complete with an 800 help number…which they hope that you don’t call because it’s legit.

Now, if you were crazy enough to click that link and visit fake Discover page, you can still see that the URL has nothing to do with Discover.com unless you think Discover should be on a domain called Vonlichten – and you don’t believe that do you?  Plus, there is no https:// and no lock icon there either.

Oh these folks are smart. There’s the lock icon! They stuck it on the page! (See the screen shot below.)

How clever. They hope the lock will make you feel warm and fuzzy and you’ll pay no attention to the URL in your address bar.

Now I like to have fun with these idiots so whenever I do stuff like this I fill in fake USER IDs, email address and passwords which I create by banging a bunch of keys ;ihfidafauoifdifoaifoaierfoaeadsofjaoiuofiuoiauteryheorfafuaopadsuoufa  …like that.

Sometimes I use bad words 🙂 but not today, I don’t want you to think I’m a foul-mouthed son-of ….er … a bad-word user.

Don’t be stupid like me, Don’t click in emails that look like they came from your bank or financial institution. Don’t toy with phishing sites like this. Like they say on Mythbusters – don’t do this at home. We’re professionals and we’re allowed to do crazy, stupid stuff.

Remember, follow the Yellow Brick Road and  follow the three rules below and you’ll end up in Oz or someplace nice and not spend weeks trying to repair the damage that occurs when one of your financial accounts is compromised.

1. A legitimate email from a bank or financial institutions will be addressed to you like “Dear JoAnne Miller” not “Dear Customer” or “Dear Cardholder” or “Dear Valued Customer”.

2. A legitimate email from a bank or financial institution will never ask you to click a link to verify your account. They may ask you to visit the bank’s site and log in, but they will never provide a link in the email.

3. NEVER click links in emails from banks and financial institutions. If in doubt, visit the bank or financial institutions’ site by using the URL you know, like https://www.discover.com/ and then verifying the URL in the address bar – and make sure it starts with https:// not http:// . Most browsers will show a green lock icon and show the name of the company in green like this:

This weekend, save $26 on Cloudeight Direct Computer Care Service Keys.
Offer good through Sunday July 5, 2015. See this page for details.