WPN Players Targeted by Phishing Attempt
Poker players on the Winning Poker Network (WPN) were the targets of a phishing scam this week, as they received fake e-mails encouraging them to login to their accounts to review a deposit. These e-mails were not sent by the network and should be deleted immediately.
In a phishing scam, a criminal blasts out an e-mail to random addresses, urging the recipient to click on a link contained in the message. Naturally, most people in this day and age are not going to open an e-mail from random person they don’t know and then click on a mystery link. Therefore, the sender of the e-mail is disguised as a well-known business at which the recipient very well may have an account. If someone gets an e-mail and sees that it is from their bank (or, in the case, it looks like it’s from their bank), they will be much more inclined to open it and see what’s up.
One of the most common phishing schemes is to use the name of a large bank, say Bank of America or Chase, and then have the e-mail contain a threat that there is something wrong with the account that must be remedied so that it isn’t frozen or closed. An unsuspecting target might ignore the signs of a scam and hastily click on the link in the e-mail.
Other common companies phishing scammers disguise themselves as are Amazon (“Your order has shipped,” “Review your order,” or “You must login to keep your account open”) and FedEx (“View tracking information for a package that has been sent to you”).
The link in the e-mail that the target is asked to follow to check their account usually sends the person to a page that looks real, but is really just a façade for a site that will send any account information you input back to the crook. At that point he or she can login to your account, steal your identity, or any number of awful things.
Rather than sending the target to a fake website, the link could also download a file that can install malicious software on the person’s computer. That looks like what was going on in this WPN phishing scam.
There are a number of clues that something is a phishing scam. Let’s take a look at the e-mail WPN players got and see how they all fit.
1) The greeting is “Dear friend.” If the e-mail was really from WPN, it would almost certainly have started with the recipient’s name. “Friend” is a glaring red light that the writer of the e-mail had no way to know what the target’s name was. Additionally, companies won’t call you “friend” – that is something someone who has a poor grasp on the English language would say.
2) Misspellings, poor punctuation, and improper capitalization – there are several examples of this in the e-mail. While nobody is infallible, official communications from companies will generally been very clean.
3) Bad link – this is huge. If you hover your mouse pointer over the link the e-mail wants you to use, the destination URL will show up at the bottom of the screen. In this case, the destination is not WPN or a poker room, but rather a .rar file on some random cloud account. Here’s where the malicious file download comes into play. Don’t click. Don’t click. Don’t click.
4) Player deposits aren’t made with WPN. The e-mail says that the recipient’s deposit has been successfully completed. Problem is, players make their deposits with the poker rooms directly, not the network. WPN would never send an e-mail like this.
5) Unsolicited – the e-mail went out to players whether they recently made a deposit or not. If someone didn’t make a deposit and therefore wouldn’t expect any sort of e-mail about one, that should be a tipoff that something is fishy.
So what to do? First, understand that if you got one of these e-mails, it is not necessarily because of anything you did. It looks like someone got a hold of the e-mail addresses of WPN players. I get phishing e-mails all the time; most are just someone setting a program to randomly shotgun thousands of e-mail addresses. The vast majority of phishing e-mails I receive use the name of a business at which I don’t even have an account, so I obviously just trash them immediately.
And that’s what you should do if you got one of the phishing e-mails. Just toss it.
In the future, if you get an e-mail that you suspect is a phishing scam but aren’t sure – maybe it says it’s from American Express and you do have an American Express card – don’t click on the link enclosed. Either call the company directly or go straight to the company’s website as you normally would. If there really is a problem or an order confirmation or whatever the e-mail says, you will find out.
Cover image credit: Image credit: Edwin Richzendy Contreras Soto via Flickr