MHTC would like to remind you that we value our customers’ online security, and we always seek to warn customers about Internet events that may compromise security. “Phishing” attempts are not a new thing, but as more people have come online they are occurring more often.
“Phishing” is the act of sending e-mail to random addresses claiming to represent a legitimate business operating on the Internet in an attempt to trick the user into providing private information (such as passwords, credit card/bank account information, Social Security numbers) to a bogus website or e-mail address operated by fraudsters. These emails usually claim that it is necessary to “update,” “verify,” or “confirm” your customer account information to maintain your account in good standing, often warning of suspension if you do not provide the requested information.
In reality, any information entered on the bogus website is usually captured by criminals for their own fraudulent purposes. The creators of phishing e-mails literally send out millions of these messages worldwide in the hopes that just a few recipients will respond to them and surrender their personal and/or financial information.
Here are some tips and examples to help you recognize, and avoid the damage from, a phishing e-mail:
- Don’t reply to emails that ask directly for your personal or account information. Also, don’t click on any links within emails that ask for your personal information.
- A legitimate business would never email you to request that you “confirm” or “update” your password or any other personal information by clicking on a link and visiting a web site, or by replying back to an email with that same information.
- Treat all unsolicited emails with caution and never click on links from such emails or enter any personal information. (Forward such messages to )
- If you’re in doubt about the validity of an email, or if you think that you may have disclosed information to a fraudulent site, notify the actual business being impersonated as soon as possible.
Example 1:
From: “MHTC Internet Service” <support@mhtc.net>
To: <undisclosed-recipients:>
Sent: Sunday, April 10, 2011 6:46 PM
Subject: Dear mhtc.net Account User
Dear mhtc.net Account User,
This message is from your email administrator / maintenance center email account to all users. We are improving our database and e-mail center due to unusual activities identified in our email system. Therefore, we are deleting all e-mail accounts identified to improve and create space for new ones.
You are required to verify your email account via email, confirming their identity. This will prevent your mail account termination during this exercise.
To confirm your email identity, you provide the information requested below:
* Email Address: (……..) (required)
* Password: (……..)( required)
* Date of Birth: (……..) (optional)
* Country or territory: (……..) (optional)
http://webmail.mhtc.net/
* Important * Please provide all this information completely and correctly otherwise, for security reasons we may have to disable your account temporarily.
Example 2:
From: mhtc support [mailto:update_centre@mygroupuser.com] Sent: Wednesday, April 06, 2011 4:12 AM Subject: Email-Update
We are upgrding our mhtc data base , We are deleting all unused Email to create more space for new users. To prevent your Email from closing you will update below.
Username: Password: Country:
Notice how the phishing experts have cleverly addressed their heading to make it look like the email is coming from MHTC: “MHTC Internet Service” <support@mhtc.net> and “mhtc support”.
One way to identify a phishing attempt is by misspelled words, poor grammar and a return address that doesn’t seem to be valid. However, in the first email example there are no typos and the email is purportedly from support@mhtc.net, making the email appear to be legitimate.
If you receive a phishing email directly into your Inbox, please contact us so that we can take the appropriate steps to block the offending server. If the email shows up in your Spam Center or on your Junk Mail Summary you do not need to take any action, as the email will be deleted automatically by MHTC and will not cause any harm to your computer.
Remember, MHTC will never ask you to reveal any personal information, passwords, account names or numbers, etc. via email since we have all of this information already on file. If you ever accidentally reply to one of these phishing emails please contact us immediately so that we can change your compromised password.
This last example is trying to get the email recipient to click on links in order to get personal information to gain access to their account or infect their computer with a virus.
Example 3: 
Please view the following links if you would like to find out more about phishing or would like to report phishing/spam attempts to the government:
http://www.us-cert.gov/nav/report_phishing.html.
http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
Reference:
- “Report Phishing.” US-CERT United States Computer Emergency Readiness Team. n.d. Web. April 28, 2011. <http://www.us-cert.gov/nav/report_phishing.html>.
- “How to recognize phishing emails or links.” Microsoft Safety & Security Center. n.d. Web. April 28, 2011. < http://www.microsoft.com/security/online-privacy/phishing-symptoms.aspx>.
- Forward the email to the Federal Trade Commission at spam@uce.gov.
- Forward the email to the http://www.antiphishing.org Anti-Phishing Working Group at reportphishing@antiphishing.org.
- Forward the email to the “abuse” email address at the company that is being spoofed (e.g. “abuse@bankofamerica.com” or “spoof@ebay.com“)
- When in doubt, you can also forward the message right into MHTC’s own spam filtering at reportspam@mhtc.net.