Phishers of men

Holy carp! These phishermen are master baiters!

Musical interlude for this post: Fishers of Men by Rhonda Vincent.

Something amusing has happened at work. Twice. It made me chortle.

It all started when we got locked out of our merchant account. For a couple of days there, we couldn’t get inside our own online store!

It turned out that the boss had fallen for a phishing attempt. Wow. I don’t think I’ve ever personally known anyone who’s accomplished that before. Literally.

In case you’ve been living under a rock, phishing is the act of attempting to steal usernames, passwords and other personal information via email (and other means) masquerading as official communications. The goal is to lure victims to web sites that look official but were only designed to get people to enter their username and password for popular web sites, such as banks, eBay, Amazon, World of Warcraft, etc. These industrious phishers leave no stone unturned.

In the good old days, phishing was laughably easy to detect because it was so poorly composed, contained errors, and would contain many examples of Engrish, like, “All your base are belong to us.

Here’s an example of a poorly written phishing attempt:

Dear Customer, your aion account suspected fraud. Will be cancel within 24 hours. Fraud Evidence: many times in the game using the game chat function induced to provide the game to deceive the other players offer accounts and passwords.

If you do not fraud, as soon as possible to verify your account login

Blizzard Customer Service Separtment.

“Aion?” I can’t even being to guess. šŸ™‚

Come on now. Let’s be serious for a moment. If you received something written like that for your Bank of America checking account and you fall for it, you don’t really deserve to own your own money, do you?

Lately, however, these phishermen have ramped up their game. As usual, there is money on the line, and it has proven cost effective for them to improve their English grammar and create emails that look more like the real thing. The one I saw recently looked extremely well-written, professional, and contained no obvious errors of any kind. They did a really good job.

BTW, I struggled with the word “phishermen” here and the word “men” in the title, too. It’s not gender friendly, in my opinion, and something I generally try to avoid. But “phisherpersons” doesn’t roll off the tongue in quite the same way. So for now I guess I’m stuck with it. My apologies.

In other words, if you fail to remain vigilant and on your toes, even those of us who are already well aware that phishing exists may still get taken in. Like my boss.

Yes, the boss fell for a phishing attempt and gave up the username and password for our merchant account. The phishing email had a compelling psychological comment that turned out to be an effective lever on the boss. It said that our selling privileges on had been suspended because of negative feedback. Boy, did they know what level to pull on him! You can bet your ass the boss fell for that one and clicked the fake link faster than you can say, “Please, take our money. Here, take it!”

Surprise. The next morning we couldn’t log into account. It turns out that once they have your login information, the very first thing the bad people do is change your password to lockĀ  you out of your own account. Good times.

Two days later sorted out the mess for us and restored our access. We changed our passwords and all is well.

The interesting thing here is that the boss is supposed to be a tech-savvy kind of guy, yet he still fell for it.

Cue the entrance of Boy Wonder. This is a guy I’ve never met who is partnered with the boss. He lives somewhere across the country. He’s supposed to be some kind of tech genius, literally a boy wonder of the online world. He sits at the right hand of the boss in the first chair position while my meager IT knowledge and skills are relegated to second fiddle.

You can guess what happened next, right?

Yup. A couple weeks later, Boy Wonder fell for that same phishing email, too! Even better, he didn’t realize it, even after he gave up our usernames and passwords. He had no clue.

At first we thought we were safe, because Boy Wonder said he never clicked any links in the phishing email. If true, that means we avoided exposure.

Turns out though, that Boy Wonder, thinking he was being clever and safe, had copied the links and pasted them in his browser.

The boss had to break the bad news to him. That’s exactly the same thing as clicking the link! The act of copy/paste does absolutely nothing to provide safety, especially when you are taken to a fake web site and then happily pound in our secure account information.

There are two very important aspects of phishing that you can remember to protect yourself.

  1. Links can be spoofed. By that, I mean that the way they appear visually may not be where they will really take you. For example, a link that says, “” could just as easily take you to the “” web site. The only way to know for sure is to mouseover the link and find the real destination that is displayed somewhere else on your screen.
  2. Make sure you are on the genuine URL. Period. is decidedly not the same as And that’s how they get you, by inventing a new domain name that looks and sounds legitimate. Most likely there is no such thing as, either. Make sure you are on the one and only official domain name or stop everything.

I have never fallen for a phishing attempt in my life. At my job that now makes me unique. I guess you could say I’m an endangered species. I will admit, however, that a couple attempts have been so good they made me look twice. But I was so suspicious they eventually failed. Eat that, suckers!

Let’s be careful out there, people! The reason phishing attempts continue, just like spam, is exceedingly simple. It’s because they work on some of the people some of the time. As long as that remains true, we’ll always have phishing and spam. Apparently somewhere in America is at least one more person who still wants to buy cheap pharmaceuticals online. Therefore the spam continues. They continue because it works and puts money in their pockets.


10 responses

  1. Phishers of men — Great biblical reference! I’m always joining websites online, and being lazy, I often use the same password. As far as I know, I haven’t given away my bank account info to anyone — yet! But thanks for the heads up that these phishers of men will use any means necessary to get into your pocket.



      Look at all of the ways it’s been translated.


      1. That’s a very interesting link. Some of those translations could possibly lead to different interpretations. Back when I read the Bible more often, I really enjoyed my parallel Bible. It used to sit on my shelf but now it’s unpacked in a box somewhere and I couldn’t find it if my life depended on it. (As some might claim.)


    2. As a former altar boy (not joking) I know a few things in the Bible. Yikes.

      Either you use the same password everywhere you go or you get a password manager (which is kind of a pain in the ass) and have a bunch of different passwords. Trying to use a different password every time without a manager could prove fatal.


  2. Just got an email from a friend this morning telling me to delete anything that looks like it came from her if it’s asking to go someplace else–she fell for a FB phishing scam.

    I imagine FB is their favorite place!


    1. Many publications and websites now want you to register through your FB account. Yikes!


      1. Yeah, I’m still not sure if I completely trust that. They seem to operate on the policy that it easier to ask for “forgiveness than permission.” What verse was that again?


    2. It’s hard enough keeping track of your own shit without having to worry about all of your online friends, too!


  3. The Boy Wonder – Isn’t it a joy to see one of them bite on something like this. Sure, the consequences arent the same as if you or i did it. From my point of view though, it is nice being able to give them that look that lets them know I’m aware they screwed up.


    1. Yep. I have to admit it was a rather satisfying moment.


Bringeth forth thy pith and vinegar

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: