Phishing FAQ
Fake Sites vs Phishing -- What's in your net?
We get a lot of questions about the distinction between "fake bank" and "phishing". They do sound like they mean the same thing, but there's two very different scams going on there!
The following text was written by Slayerfaith -- thanks!
Here's a quick guide to help you tell if you've got a fake bank or fake site, or a sorry-aa419-can't-help phish. Rule of thumb: If you find a possibly fake website in a spam email, we probably do not want to see it here. The exception to this rule is job scam sites that are sent in the opening scam/spam mail. If you aren't sure, post the mail in the aa419 forum, and other members will let you know what it is.
What is a Phish?
Phishing emails are the ones that try to get you to click a link and enter personal or account information. These are spammed to a bazillion people at a time. WARNING!!! Phishing sites are often infested with crapware and malware, and may try to load viruses and keyloggers on your machine. Be very careful when visiting phishing websites, and never visit them with Internet Explorer. If aren't very sure of what you are doing, do not click a phishing link.
Most obvious signs of phishing include:
- Posing as Ebay, Paypal, or a real financial institution such as a bank, credit union, or credit card company.
- Claiming that your account will be suspended, or other threats, unless you click the link and "update your information"
- Not addressed to you personally, sent to "Valued Customer" or some such crap
- Mouse over the link sent and look at it. If it sends you to a clone or different site, its a phish
- Be aware that phishing emails are very often spoofed, and you should not automatically assume that if an email appears to come from a legit looking domain, that they are the real source of the email.
So, what IS a fake bank?
Fake banks are sites set up to let scam victims see the imaginary money, either in their "account", or the scammers' "account". If somebody tells you to set up an account at scammerbank.com for the "fund transfer", or asks you to check his account at scammerbank.com so you can see the funds, you probably have a real live fake bank that should be posted here. Fake banks and/or couriers are NEVER introduced in a spam email, only after the scammer has tested the waters. Simply because of the very nature of these websites, they are designed to be online as long as possible, whereas the people that run phishing scam *know* the website will be shut down rather quickly.
OK, what are non-bank fake sites?
Fake sites that aren't banks include courier company sites, escrow sites, lottery sites*, job scam sites, or any other site created to convince a victim that the scam or fake "company" they are dealing with is real. Sites such as these need to be posted in the aa419 forum and taken down ASAP.
* Note - In the case of fake lotto scams, a link to a REAL lotto site is often included in the opening email.