It finally happened. Many companies, large and small, have been hit already with this kind of scam, but last month it was our turn.
On February 28, many of our customers received this frightening message:

Dear swcp.com Subscriber,
To complete your swcp.com account, you must reply to this email immediately and enter your password here (*********) if you are the rightfull owner of this account, and help us to fight sparm mails.
Failure to do this will immediately render your email address in-active from our database.
You can also confirm your email address by logging into your swcp.com account at: web-mail.swcp.com
NOTE: You are advice to change your password in the next 7 working days after undergoing this process for sercurity reasons.
Thank you for using SWCP.COM!
THE SWCP.COM TEAM

As the real message we sent our customers soon afterwards noted, this was certainly not from SWCP. It’s what is known as a “phishing” scam. The criminal creators of this email were falsely pretending to be us in order to lure our customers into sending them their account information. Most likely they wanted access to an account from which they could further spread their scam or other spam. Or possibly as an opening to steal more data such as credit card numbers and banking information. In any case, they stole our identity so they could steal yours.

Phishing is among the top ten online scams these days, according to the Federal Trade Commission. Phishers usually play on people’s fear and trust, not just posing as ISPs, but banks, credit card companies, mortgage holders, retailers, even the IRS. One notable scam terrified innocent citizens by claiming that an online account to access pornography had been created in their name and a free disk of child pornorgraphy would be sent unless they opted out by instantly replying.

With a little thought, such attempts may seem laughable, so the intent is to startle the recipients into reacting automatically in a self-defensive reflex. With our online lives so important these days, an official-looking notice from an institution threatening a disruption of services is a great way to do just that.

However, these pitfalls can usually be avoided with a little caution and common sense. Here are ten easy ways to avoid being snagged:

Above all, DON’T PANIC! Take a deep breath and re-read the email carefully.

1. Look for mistakes. Phishers are careful. Notice how the helpful advice in the fake SWCP notice about changing your password within a week makes it seem more real. But many scams come from non-native English speakers overseas and have telltale grammatical or spelling mistakes. It’s very unlikely that a real ISP would ever misspell “spam” as it is above, for instance. A keen-eyed observer can often detect the small differences between fake and real in both email and web addresses, too.

2. Unusual requests for information are another clue. Your bank, for instance, should already have your account number on file. In situations where identity confirmation is needed, typically they ask for information agreed on in advance that isn’t sensitive in itself but a faker probably wouldn’t know, like your mother’s maiden name or your home phone number. Likewise, the request in the phishing ploy above really makes no sense, since no one can send emails through our system without having accounts in our database to begin with.

3. Urgency should set your alarm bells off that the notice may be a scam. Phishers want to scare people into reacting instantly, so any demands with a burning deadline require calm and cool consideration, not a frightened response. Think before you act.

4. Impersonally addressed. If all your mail from your bank has had your name on it, and this supposedly important message is addressed simply “customer” or “subscriber” – as is the one above – the message was mailed out in bulk, which should raise suspicions that it’s spam.

5. The phrase “verify your account” is often a dead giveaway. Even if the email looks otherwise correct and proper, remember that legitimate institutions generally understand the dangers of emailing important information. It’s not good business to expose their valued customers to such risks. Therefore, they will not ask for login names, passwords, account numbers, Social Security numbers and so forth.

Their reason for caution is simple: unless encrypted, email is no more secure than a postcard. It can potentially be read while enroute to or from you. Therefore Southwest Cyberport will never email critical information of any kind anywhere outside our own system.

6. Avoid convenient links to “your” account. Not all phishing operations rely on fake email accounts. Links to phony websites are also often included in the message. These bogus sites can sometimes be quite exacting copies of the real ones.

Though a fake address cannot be exactly the same as your bank’s actual one, don’t depend on luck to spot them. When on some interactive webpages, a lock or key icon the bottom of your browser window should appear. Clicking on it will bring up information about the website, including verifying its Site Certificate. Any legitimate organization will have one.

Furthermore, if the lock icon is closed or the key not broken, the site is “secure”. That is, any data exchanged between your computer and the website is encrypted in transit. (The URLs of secure websites also begin with “https” not “http”.) An open lock or broken key icon means data is transmitted just as it is, without encryption. A page with either of those and a form you are asked to enter personal information into is at best unsafe and at worst an outright trap.

Unfortunately, some phishing sites nowadays look secure too, even with fraudulent certificates, so not even that is an ironclad guarantee of identity. Some browsers, like Internet Explorer 7 and Firefox, can now be equipped with new tools to track trusted sites and block phishers. Hopefully, this will greatly ease this problem.

7. Don’t click on popup windows or open or even preview attachments in these messages. These might contain trojans which will install malware or spyware programs. Many browsers now have controls to prevent annoying popups. If they keep occurring, it could be a sign that your computer is already infected.

8. Don’t trust, verify. You can use old-fashioned methods of checking it out, such as calling the institution itself. There should also be a means of verifying their identity or an alternative means of contact included in the webpage or email if they are legit. If you’re still concerned, call us, or better yet, forward the message (with full headers – call if you need help) to This e-mail address is being protected from spam bots, you need JavaScript enabled to view it so we can analyze it for you.

9. Stay alert. As always, Southwest Cyberport strongly encourages users to keep their anti-virus protection up to date, use firewalls, and regularly scan their systems for spyware. Keeping current on your system updates and online accounts is also good practice.

SWCP remains vigilant. We cannot stop these schemes from taking place, but we can limit their effects and safegaurd our users. But to do so we need you to pay attention. So please read your email from us carefully. Several people who received our warning replied by sending us their passwords! Against that, there’s little we can do.

   by Jay Nelson, Editor

from SWCP Portal, March 2008