Feb 07 2014

If it looks like a phish, swims like a phish, and sounds like a phish, then it probably is a phish

What would you do if you got an email like this?

confirm_email

If you practice “safe-hex” you would know not to click on the link to confirm your email address – to anybody, any time. Not your bank, not the government, not any business, and not Network Solutions. But that’s who sent me this email – Network Solutions.

This email has all the characteristics of a “phishing” email – “Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.”

I’m sure if I had clicked on the Confirm button it would have taken me to a web site where I would have been asked to enter my Network Solutions Username and Password.

Sorry, Network Solutions, I’m not going to do that. Clicking that link would go against everything we’ve been trying to teach people about how to practice safe computing. 

If you want me to confirm my email address, send me an email that contains the instructions on how to do that.

I had a conversation on Twitter this morning with Network Solutions about this – they apologized for the “inconvenience” and pointed me to a post on their blog that says: “please rest assured that these are legitimate, and not a “phishing” scam.”

I’m still not going to click that link, Network Solutions. Sorry – you’ll have to find another way.

One response so far




One Response to “If it looks like a phish, swims like a phish, and sounds like a phish, then it probably is a phish”

  1.   ObiWanon 07 Feb 2014 at 10:21 am

    What ? No SPF/SenderID, no DKIM ? Well, if they don’t care about allowing others to spoof their emails what do you think they’ll do about it ? Maybe they’ll stick a bandaid somewhere but that will probably be all :P !

    Reply

Trackback URI | Comments RSS

Leave a Reply