# Password Fishing



## mosaix (Aug 7, 2020)

If your email provider is uwclub (like mine is ) take care.

Yesterday I received an email supposedly from uwclub asking me to follow a link to 'update your account to avoid our upgrade system closing your email'.

The enclosed link took me to a google form asking for my email address and password.


----------



## Ian Fortytwo (Aug 7, 2020)

There are so many scams that can catch you out if you don't think very quickly.


----------



## Hugh (Aug 7, 2020)

Ian Fortytwo said:


> There are so many scams that can catch you out if you don't think very quickly.



Not to mention wild boars:

The BBC today  (scroll down for the photos):
_A nudist in Berlin got too close to nature for comfort when a wild boar snatched his plastic bag - which had his laptop inside.
The naked man gave chase to the boar and her two piglets - much to the amusement of fellow sunbathers._









						Cheeky boar leaves nudist grunting in laptop chase
					

Photos of a naked Berlin man chasing a wild boar to get his stolen laptop back go viral.



					www.bbc.co.uk
				




And I thought I had problems with seagulls...


----------



## -K2- (Aug 7, 2020)

Hugh said:


> Not to mention wild boars:
> 
> The BBC today  (scroll down for the photos):
> _A nudist in Berlin got too close to nature for comfort when a wild boar snatched his plastic bag - which had his laptop inside.
> ...



Oh boy...the stories I could tell. 

K2


----------



## Dave (Aug 7, 2020)

@mosaix We get them on an almost daily basis.


----------



## tinkerdan (Aug 8, 2020)

This can happen with about any account of any type and the Phish are usually just globally emailed often altering the service provider with the hope that at least on of those is a service you subscribe to.  Even my work email constantly has spoofed emails coming supposedly from our email server with the very same type of message.

No matter what it is, if I have the service and really think I should change something, I key in the address myself--never use the links.

Be careful of mistyping address also. In many cases common services have phishing clones that work off specific frequent mistypes. This takes you to something that looks like the service and will eventually send you somewhere where it say oops--something went wrong; please verify your account.

Oddly enough I have an ATT account that does that a lot--it is legit--and it makes this whole phishing thing that much more insidious since eventually one day the real phishers are going to spoof that.  So; any time there is a request for verification always check your browser address to be certain you can verify that you are in the right place.

There's more, but I have to be careful how much I rattle on about this; I have actually convinced(unintentionally)some close friends that they should just stay away from computers in general.


----------



## Cydramech (Aug 10, 2020)

I'd like to echo tinkerdan's thoughts.

It's a good tip in general to never click on links regarding account upgrade, account information change, password changes, or anything remotely of the sort that you did not solicit to be sent to your email address beforehand. It is a rarity for a company to have a policy that they'd actually contact you for such things while being an extremely common scheme by hackers (precisely due to its effectiveness).

In fact, any company that keeps account data while being run by someone who has average or higher intelligence with a pro-security mindset will let you know it is not in their policy to send you such unsolicited emails, and to always be wary of them.

Another thing that will help you is Multi-Factor Authorization (MFA) or, at a minimum, 2-Factor Authorization (2FA). Even though 2FA can be and has been bypassed (as early as 2017, we've had reports of 2FA being bypassed), it is still generally your best bet against even man-in-the-middle attacks such as phishing when you do wind up accidentally clicking on such emails (especially considering that it's not a remotely easy job to bypass 2FA).


----------



## Ursa major (Aug 10, 2020)

I received a bone-headed invitation to be phished just this morning: an email telling me that if the order it referenced was incorrect, I should click on the "Cancellation" button.

The giveaway (other than it was in my Junk folder) was that the "intended recipient" of the item "from Amazon" was identified by "their" email address, which the phishers hadn't been bothered to change to mine.


Note that I adopt the same tactic as tinkerdan: I don't click on links (or, if it's a telephone message, "press 1") but instead find my own way to the necessary website (if the need to do so seems real).


----------



## Pyan (Aug 10, 2020)

In the last couple of says I've had ones from (allegedly) PayPal, Amazon, Lloyds Bank and Netflix - all with a link I 'need' to click or dreadful things will happen to my accounts... which would be some trick with Lloyds and PayPal, seeing as I don't have an account with either of them.


----------



## Dave (Aug 10, 2020)

They don't care if 99.999% of people who receive these ignore them or realise that they are spam. They only need it to work with a very small few. This is why you should really report them and get them blocked at source. In fact, I've heard that some will deliberately include poor grammar or the wrong email, because the 0.001% of people who can't see that, are exactly the kind of people they do want to reply. However, some are very good indeed and would fool anyone, except for the fact that, as @Cydramech rightly says, no companies will ever contact you this way.


----------



## mosaix (Aug 10, 2020)

Dave said:


> This is why you should really report them and get them blocked at source.



Agree.

I was very disappointed in uwclub's response when I asked them who to report it to as it was obvious it had been sent to multiple uwclub members. They sent me detailed instructions on how to move it to my spam box.


----------



## Cydramech (Aug 10, 2020)

Dave said:


> This is why you should really report them and get them blocked at source.



Yup, this is the most important thing you can do after recognizing what they are in your email box. You might believe you're just one person, that you being one person mean it'll have no effect, but the reality is you're one person of many. Just like that one word in that book you're writing or reading, reports add up over time, and algorithms accumulate patterns by starting with just one point in the data.


----------



## Ian Fortytwo (Aug 10, 2020)

Phishing scams are getting more and more popular, they send out emails or texts with links that look reasonable. I had one allegedly from 02 however there was a number connected with it that wasn't connected with my usual texts from 02. So I knew it was a Phishing scam. Amazon Prime, Netflix, Disney + and similar sites are prime targets, avoid them. Cold calls are another source for scams. Do not push a number or hash tag or anything else. Lock down in many countries are a  source from where scams comes from.


----------



## Stephen Palmer (Aug 10, 2020)

In Yahoo, you just hit the Spam icon. Easy.


----------



## -K2- (Aug 10, 2020)

I'm actually surprised so many of you are 'opening' emails from these places. Just by opening an email or if an embedded image automatically downloads can infect your computer...Remember, if you can see it on your screen--even just text--unless you set your email otherwise, you have downloaded what it contains. Malicious scripts can be hidden a number of ways, even in images.

So, if you don't recognize the email address (hover over unopened email name to reveal it...and even then that can be bogus) AND/OR don't know why x-sender would contact you AND/OR the subject seems odd...junk it.

K2


----------

