I can be a pretty dense guy, so I didn't think much of her tactics at the time. This past weekend, though, I began to see the light.
Here, Phishy, Phishy ...
Here's what happened: My wife and I both have credit cards with Bank of America. She received an email PURPORTEDLY from BoA, informing her that online access to her credit-card account had been closed, and that she needed to follow the link in the email to re-input her account info and password, and ... well, you get the idea. Phishing. This was a nicely-built reproduction of BoA's emails, though. I'll give the creators credit for that. (Yes, we did report it to BoA.)
Anyway, it took a few minutes, but the first "dead giveaway" was that the suspect email was delivered to an email address of my wife's which was NOT associated with her Bank of America account. (I have little "groups of use" for our email addys, and this one wouldn't ever be used for financial accounts.)
Beauty of Unique Emails for Each Account
Suddenly I understood the wisdom in the FatWalleter's methods above: If all your online accounts have a unique email address associated with them, you'll be able to spot the phishing attempts pretty much instantly.
So, if you owned a domain (dirt cheap) like I have no game.com, and along with that domain came your ability to create about 50,000 email addresses, then when you opened an account with, say, HSBC, you could create and give them (and them only!) a contact email of "HSBC@ihavenogame.com" or some such. For Amazon, you'd have "amazon@ihavenogame.com" or something similar.
Then, whenever you received an email from "Bank Of America," but it was sent to your Gmail email address, well, you'd be the Smart Cookie who didn't give that phishing attempt a second thought, wouldn't you?
You needn't create actual mailboxes (with usernames and passwords and all that) for these emails — simple forwards should work fine. Nifty, huh?
Other benefits:
- With "unique use" emails such as these, when you start getting spam at one of your addys, you'll know precisely which companies or other online entities either (1) sell their email lists to guys with names you couldn't pronounce if you wanted to; or (2) have had their data compromised. Not a bad thing to know, yes?
- No more wondering which online registrations are associated with which email accounts. Once one of your unique-use addys becomes a spam magnet, you'll know which one to kill off, and you won't have to wonder which other businesses have that address listed as your contact point.
Labels: Banking, Credit Cards