«
»

Yesterday I got an email from Lijit about a phishing attack that is being spread among their subscribers. Lijit is the service I use for the search engine on this site. This is an excellent example of how a phishing alert should be done.

  • They got my login name right. A generic greeting is a common sign that the alert itself is a fraud. This one’s legitimate.
  • They clearly described the incident, told me what they’re doing about it and told me what I have to do (in this case, nothing).
  • They gave a simple link to find out more. Even better, they told me how I can help and/or ask questions.
  • They showed screen-shots of the scam. The one showing the fake URL is excellent. (Note the missing period between www and lijit. I might have called that out more explicitly but the image is great.)
  • They did all that is less space than it took me to describe it. Not a bit of lawyerese in the whole thing.

I’m keeping this as an example in case my site gets phished.

email notice from Lijit about a phishing attack using their name

email notice from Lijit about a phishing attack using their name

This entry was posted by Mike Rossander on 2010 May 28 at 15:46 under Phishing. You can leave a response, or trackback from your own site. Follow any responses to this entry through the RSS 2.0 feed.

Leave a Reply