Friday, September 5

Don't get hooked when phishers set their bait

If my inbox is typical, Telstra BigPond's customers are under a sustained phishing attack – and if that's so, Australia's biggest Internet Service Provider could do more to warn its customers.
Messages like this have popped up in my email half a dozen times in the past month – including twice last night:

Dear Webmail Subscribers,
This is to formally notify you that we are presently working on web, and this can close your webmail account with completely.
To avoid this, please send your
to customer care email
Address: [Here follows an email address @ “” – as if
BigPond would use a Google address!
Please do this, so your Webmailaccount can be protected from being close from spam emails.
Your immediate response is highly needed.

Such an amateurish scam, with its misspellings, illiteracy, improbable reply address and its failure to address the recipient by name, should not deceive anyone. But the fraudsters need to suck in only a few unsophisticated or inexperienced email users to reward their efforts.

As time goes by, these phishing efforts will become better presented and more convincing. We're already seeing that with spam which purports to come from banks seeking to verify our account details.

More than a month ago, after exploring the My BigPond website, I managed to find the Contact form to report spam, filled it out with all the details requested, and sent if off. I've heard nothing back. Not even a computer-generated acknowledgement, let alone any indication a real person had looked at it.

Perhaps BigPond cannot do much to stop spam originating from the servers of other ISPs, but I felt it could issue a more direct warning to its customers.

As it happens, the September issue of its online Ponderings newsletter – received today – does contain a general warning about phishing, although it fails to shout it specifically to BigPond's own customers. The item, Don't Get Hooked, does point to an excellent article among the Frequently Asked Questions listed under Help on BigPond's website. It's headed:
Phishing: What is it and how can I stay protected? Here's the link.