Tuesday, September 1, 2009

Phishing and Evaluation


We all get them.

Marketing emails intent on getting your personal information: phishing. One showed up in my inbox today that actually interested me. I might have even signed up, except for a few "phishy" details that made me suspicious.

Investigative searching is always a good (safe) idea before acting on:
  1. information you want to use in a report
  2. anything online that costs you money
  3. anything unsolicited that requires you to reveal personal information
Here's a copy of the email that sought to wrangle personal information from me. [Note from the URL that I saved a copy of the email; this is one "phish" I didn't want to let get away.]

At first glance, logos from Cisco and eSchool News make it all seem believable and benign. But problems lurk beneath the surface.

The first red flag for me was the date of the event. There isn't one. My email browser routinely blocks images and I clicked on load images a little too soon to notice that there is a date associated with the header. However, the source code contains very important date information: the alt text for the header images indicates the event is May 20, 2009. Today is Sept 1, 2009. I might not have caught that unless a colleague to whom I forwarded the email noticed the alt text (he didn't load the images). There's one good reason NOT to load blocked images.

The second odd bit of information is the alt text for the Elluminate logo. It's misspelled. Again it was my colleague Jim Gerry who caught this irregularity. I don't think an organization advertising a session about video would misspell the video tool being used.

Even though I had missed these big clues, the lack of a date was a critical omission. Who would go to the trouble of advertising this event without a date?

Then there's the issue of the links. Roll over the REGISTER TODAY button and look at the URL: www.weic11.com/. I expected something pointing to Cisco. But this is a valuable clue. Who or what is weic11.com? Using whois.net, I located the owner: Worldata, Inc., 3000 N Military Trail
Boca Raton, FL 33431. The URL weic11.com leads to worldata.com, so that is consistent.

What is Worldata? According to its website, it is a group of companies in the direct/interactive marketing service field. Now I know this is more about marketing than learning about the use of video.

This is where I stopped searching. I could have researched Worldata to see about phishing complaints, but my purpose was served and I stopped short of registering for an expired event and giving a marketing company reasons to send me more spam.

Can you find any other suspicious clues? Or have you received interesting "phishing" emails? They can make good search challenges. Let kids investigate them--it may help prevent them from giving away personal information that should be kept confidential.

P.S. As of this writing, the links on my saved "phishing" file still work; don't make the mistake of filling out the forms.

------
Here's an answer to the previous challenge: Toto makes a toilet that analyzes urine samples.

2 comments:

Carl Heine said...

Of course, if the submit form required me to enter credit card information, the consequences would even be worse. I didn't get that far to see what information was required.

It's entirely possible that someone other than Worldata is doing the phishing. Anyone up for the challenge?

james said...

Really great ideas. I like every example. Just might have to try these... So cute! Thank you!
more templates easy to download