Phishing is a type of deception designed to steal your identity by convincing you to provide it under false pretenses. Phishing schemes appear to come from popular websites you trust. In this case, the message came from Symantec.
From: Symantec Corporation [mailto:[email protected]]
Sent: Wednesday, March 01, 2006 5:06 PM
To: Pearce, Jason
Subject: Technology Seminar in Indianapolis on March 15 – Register Today
The body of the email was promoting an upcoming conference. It included a Register Now link, which took you to a veritas.com URL (a subsidiary of Symantec) but a Symantec logo and design. The site collected personal information and was not secure.
Additional indicators that the email might be a phishing attempt include:
- Images resided on veritas.com
- Most links went to veritas.com
- The body of the email said to contact [email protected] for questions
- The email was from “Symantec Corporation [email protected]”
- www.ecmailing.com does not bring up a website
- www.ecmailing.com is registered to a company called Creative Automation
- Creative Automation’s email and domain servers don’t even use or reference ecmailing.com
Though I was aware Veritas and Symantec are the same companies, I suspect some might not be aware. But I don’t know who Creative Automation or ecmailing.com are, and don’t trust them. Frankly, there were too many indicators that this was a phishing attempt, I had to ask.
So I sent an email to [email protected] asking if the email was legit or not. In two hours they replied and said it was. But when I asked them how I was to know that an email from Symantec or Veritas is a valid email when it doesn’t come from either @symatec.com or @veritas.com domains, they’ve offered no reply.
You’d think that a company that launched it’s Symantec Internet Threat Meter wouldn’t send an email that resembles many phishing characteristics on the very same day. Perhaps Symantec should read its own Online Fraud: Phishing advice.