Yesterday I got an email from Lijit about a phishing attack that is being spread among their subscribers. Lijit is the service I use for the search engine on this site. This is an excellent example of how a phishing alert should be done.
- They got my login name right. A generic greeting is a common sign that the alert itself is a fraud. This one’s legitimate.
- They clearly described the incident, told me what they’re doing about it and told me what I have to do (in this case, nothing).
- They gave a simple link to find out more. Even better, they told me how I can help and/or ask questions.
- They showed screen-shots of the scam. The one showing the fake URL is excellent. (Note the missing period between www and lijit. I might have called that out more explicitly but the image is great.)
- They did all that is less space than it took me to describe it. Not a bit of lawyerese in the whole thing.
I’m keeping this as an example in case my site gets phished.
Leave a Reply