If it sounds fishy, it must be Phish
(no not the music group!)

      I have a very good filter on my e-mail server and most of the spam I receive gets dumped immediately into my “deleted items” file. I can then quickly view all the “sender” names on these files to see if a legitimate message was inadvertently placed in the deleted folder before I erase them all in bulk. This saves me the trouble of having to weed through hundreds of messages in my inbox to find a few “real” messages.

Lately, I’ve been noticing an alarming amount of messages in my "deleted items" folder from companies that I regularly do business with. These include PayPal and E-Bay.

The latest one I received came from a company called BankNorth.

I knew something was wrong as soon as I checked the bank statement I had just received (on paper) and saw that my New England bank spelled its name with only one capital letter…Banknorth.

The text of the message went as follows:

Dear BankNorth.com Customer, (Tip off #1 misspellings)
During our regular update and verification of the Internet Banking Accounts, we could not verify your current information. Either your information has been changed or incomplete, (Tip off #2 poor grammar) as a result your access to use our services has been limited. Please update your information. To update your account information and start using our services please click on the link below (linking information was included here)
AFTER SUBMITTING, PLEASE DONOT ACCESS YOUR ONLINE BANKING ACCOUNT FOR THE NEXT 48 HOURS UNTIL THE VERIFICATION PROCESS ENDS. (Tip off #3 “to give us time to empty your account!”)

The linking information listed in the message lead to an IP address of 218.244.98.8/north/index.html. Instead of clicking on that link, I entered the IP address in a Networks Solution WHOIS inquiry and found that it was owned by someone in Milton, Australia!

I also received the following message supposedly from e-Bay:

It has come to our attention that your eBay account was accessed recently from three different location. Please update your personal records within 48 hours. Failure to update your records will result in account suspension.

The IP address associated with the included link, to update my account on e-Bay, revealed that the party receiving my updated sign-in information was located in Amsterdam.

Other Phishing attacks that I have received supposedly came from such companies as: Wells Fargo, Earthlink, Citibank, Washington Mutual Bank, Sun Trust and MSN.


These phony warnings are called by many names, among them fakes and spoofs. Phishers and scam artists have been carpet-bombing the Internet with these in hopes that a fair number of them will hit the right targets. Their goal is to steal your account information and PINs and they’re often very convincing. The links they include in their email messages take you to some very official and legitimate-looking webpages.

The best advice: Ignore them all and, never, under any circumstances, “update” your personal information in response to an e-mail request. In fact, just clicking on their link could secretly load a spy ware program that logs all your keystrokes.

Some clues that messages, such as the two above, may be fake include:

1. Some sort of warning for you to act quickly (or your account will be closed or suspended),

2. Embedded links that lead to phony sites, (check with a WHOIS search) 

3. Spelling errors (these help spoofers slip past spam filters.)

4. Poor grammar is very common and is another indication.

Banknorth gives further explanations and guidelines on their “legitimate” website: http://www.banknorth.com/bank/fraud_prevention.html

So the next time crooks come phishing in your "Inbox" for your personal information, don’t get hooked.

You can read more on this topic at: http://www.antiphishing.org/