From: > Info@yahoo.com > Add to Address Book
To: (Cranberry’s email address was originally here)
Subject: Notice: Last Warning
Date: Tue, 10 May 2005 12:54:24 -0400
To safeguard your email account from possible termination, please see
the attached file.
It seems real, but it also seems weird. They want me to download something called “info_text.pif (33k).”
It’s quite easy for criminals to “spoof” email addresses. They can send you an email that looks like it came from Yahoo, or from the FBI, or even from the President.
Phishing is the name the IT industry has come up with the describe the practice of sending fake emails from spoofed addresses, usually either for the purpose of collecting information you definitely don’t want them to have (like bank account or credit card numbers), or for the purpose of infecting your PC with a virus or malware.
As a general rule, you should never reply to such an email, and if it includes a link (either to what looks like a real site, or to a “for more info” site), you should not click it, as doing so could also allow them to infect your PC.
You mean, President Bush doesn’t really want me to assist the US Homeland Security Office in tracking down possible Canadian walrus hunters trying to infiltrate high security hunting grounds in Alaska?
pif is a common ending for virus files. It’s also a legitimate file ending for certain computery things, so don’t run around deleting all the pif files on your pc
Some of the most common virus file extensions (the bit after the dot): .vbs, .bat, .exe, .pif, .scr
“The Windows operating system uses PIF [Program Information File…yes, the F is redundant] files to store startup information for DOS programs, but any executable file renamed with the PIF extension will execute when a user double-clicks on the file’s icon.” – a news.zdnet.com article
The From: address means nothing.
I can send you an email from president@whitehouse.gov if I wanted
I did this for someone once, just to show them you could. This was back in the early days of the internet, and they thought such things were inviolate
I’ve had lots of similar phishing letters from credit card companies, AOL, PayPal, etc. With Windows XP, you can place (not click) your cursor over a link and a little yellow box pops up showing where that link actually goes-- it’s usually not even remotely related to the supposed sender. Once in a while they do put a real link on there eg to a FAQ page of the real website just to make it more realistic. Definitely delete these things, NEVER click on the links. If you have any doubts, YOU contact the company via their real website or customer service phone #
I got a bunch of ebay official-looking memo’s, all trying to get me to give up password etc etc. They said that someone was using my account to bid on purchases, etc. A hoax.
The ones about eBay are especially well written. Same kind of deal. “Your account will be suspended if you don’t verify… yadda yadda yadda…”
I wrote the real eBay back asking why they would like all this superfluous information when all they do is provide a venue for buyer and seller to meet and transact.
They wrote me back explaining that the original message I got was a scam and it is their practice never to collect additional information or distribute user information that is originally collected to open an account. They further explained that accounts don’t expire even with several years of non-use.
It both relieved me and torqued my jaw a little that I was duped enough to chew someone’s butt about a “practice” seemed a little too probing for comfort. :roll: