Warning: session_start() [function.session-start]: open(/home/content/30/7423630/tmp/sess_nb5ofg1l1bmbnpsrq54lphbkt3, O_RDWR) failed: No such file or directory (2) in /home/content/30/7423630/html/wp-content/plugins/simple-twitter-connect/stc.php on line 33

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/30/7423630/html/wp-content/plugins/simple-twitter-connect/stc.php:33) in /home/content/30/7423630/html/wp-content/plugins/simple-twitter-connect/stc.php on line 33

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/30/7423630/html/wp-content/plugins/simple-twitter-connect/stc.php:33) in /home/content/30/7423630/html/wp-content/plugins/simple-twitter-connect/stc.php on line 33
phishing Archive - TransSwipe - Merchant Services and Credit Card Processing

TransSwipe - Merchant Services and Credit Card Processing

Archive for the ‘phishing’ Category

Get educated: Phishing

Written by Dwolla’s lead security and risk builder, the “Get educated” series hopes to highlight the best practices, precautions, and trends that will help keep you safe in today’s high-tech world.  Want to join the Risk and Fraud Prevention team? We’re hiring!

Like any online service, Dwolla and our community  must stay vigilant against even the most common and rudimentary threats, like phishing.

What is Phishing?

Phishing attempts are fake interactions that appear to come from legitimate sources. These can take any form, but often appear as emails, pop-ups, fake landing pages, even tweets. Their tactics can range from the ridiculously obvious Nigerian email scam to the even more audacious and sophisticated fake federal subpoenas.  They all hope to do the same thing: get your login and/or security credentials.

While there are many SIMPLE things that you can do to prevent becoming a victim of a phishing attempt (which is explained below), we thought it might be  helpful to walk through a real-life example of something we caught early:

Phishing-email-example

What’s wrong with this picture?

  1. Grammar mistake: has a subject line that reads, “Unlock Your Dwolla Accountt.” (with two Ts)
  2. Unsolicited email: Did you recently try to log-in or have an issue with Dwolla? If not, chances are that any email engaging you or asking you for verification is bunk. If Dwolla does request verification, we will instruct you to log-in to the website separate from a link and follow the instructions inside our website or mobile app.
  3. Sent “via” a third-party server. Note: it’s pretty easy to mimic the name or email of a sender, but it’s nearly impossible to mimic the server from which an email is sent. How can you tell? Find the “received: from” section by looking at the Original Email (how email actually looks without a client, like Outlook or gmail.com). Dwolla emails will come from dwolla.com or google.com mail servers – not kundenserver.de for example.)
  4. This treads on #3, but, if you ever are in doubt, copy and paste or type out the link into your browser’s URL. If it is fake, clicking on the link will send you to a separate hyperlink outside of Dwolla.com’s domain name. Often times, this alternative link is cleverly disguised inside what may look like a Dwolla address (i.e. “https://dwolla.com…..). It’s like rickrolling, but with malicious intent.

If you have any suspicions, STOP, and alert our customer support team by emailing support@dwolla.com or call 1-888-289-8744. Do not click links inside emails that you believe may be suspicious. Instead, inform our support team and we will match up the existence of any email.

However, for the sake of educating you all, if you did click the link, the following website shows more warning signs:

Phishing-screen-shot

What’s wrong with this picture?

  1. It does not show a valid SSL certificate (usually represented by a green “lock” in the URL bar or bottom right hand corner, depending on your browser).
  2. It  redirects you to a website, like Acme.net or Dwalluh.com, instead of Dwolla.com.
  3. It asks its readers to unlock their account by providing PIN number.

REMEMBER: Dwolla will NEVER ask you to submit your Personal Identification Number (PIN) for account verification purposes.

Let’s recap:

Before providing your credentials to any website, be sure:

  • That the intended destination matches the appropriate domain name (i.e. Dwolla goes to Dwolla.com or DwollaLabs.com, not Dwolla12.net or ACME.com).
  • When dealing with sensitive information, look for a valid Secure Socket Layer (SSL) certificate in your browser window (often in your URL)

Beware of emails that:

  • secure-icon-dark-bigUrge you to act quickly because your account may be suspended or closed.
  • Don’t address you by name, but use more generic language like “Dear valued customer.”

  • Ask for account numbers, passwords or other personal information.
  • Are poorly formatted and use terrible grammar.

Learn more about Phishing in our help section, How to identify and prevent phishing.

Again, should you have suspicions about any email, please email us at support@dwolla.com or call 1-888-289-8744. At Dwolla, we work diligently to identify all possible risks, but when it comes to phishing – awareness and education is still the best form prevention. Luckily, it’s also the lowest tech.

We thank you for your vigilance and cooperation!

©2017 TransSwipe

 


Warning: Unknown: open(/home/content/30/7423630/tmp/sess_nb5ofg1l1bmbnpsrq54lphbkt3, O_RDWR) failed: No such file or directory (2) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0