The latest types of phishing scams usually involve a sophisticated website that’s designed to mimic the legitimate one as accurately as possible. However, as this Bigpond phishing scheme demonstrates, low tech attempts could be just as effective.
An email scam sample, provided by Hoax Slayer
and entitled “Bigpond Security Service,” reads something like:
Dear BIGPOND Customer, We have temporarily limited all access to sensitive account features in our E-mail accounts.
In order to restore your account access, you need to reply to this email immediately with your user-name:(_________________) and password:(___________).
Due to much junk/spam emails you receive daily, we are currently upgrading all email accounts spam filter to limit unsolicited emails for security reasons and to upgrade our newly improved E-mail account features to ensure you do not experience service interruption.
You must reply to this email immediately with your user name and password to enable us upgrade your E-mail Account properly.
A confirmation link will be send to you for the Re-Activation of your e-mail Account, as soon as we received your response and you are to Click on the "Confirm E-mail" link on your mail Account box and then enter this confirmation number: 1265-6778-8250-8393-5727.
Of course, the email does not originate from the Australian Internet service provider, but from cybercriminals who want to gain access into the accounts of unsuspecting Bigpond customers.
A legitimate company would never ask its clients to provide such sensitive information via email, simply because they have no reason to do so.
Remember to avoid handing over sensitive information online, especially if it’s in response to unsolicited email or SMS messages. If you’ve just realized that you’ve already fallen for this trick, be sure to contact Bigpond immediately, before the crooks can cause any damage to your account.