WyzGuys Computer Tutors

 Computer Instruction. Web Design Instruction,  and Web Hosting 

 

Don't Eat These Phish!

 

Site Navigation

Security Home
Registration
Security Resources
The Security Problem
Security Issues
The Control Panel
Computer Security
Network Security
System Restore
Repair Your System
911 Online
E-Mail Security
Spam
Phishing
Phishing Examples
Phishing Web Sites
419 Fraud
Parental Controls
Appendix
Conclusions
Course Evaluation

More Info

Glossary
Internet
E-Mail Attachments
Passwords
Firewalls
NAT
Ports
Broadband
WiFi Networks

The following are pictures of actual phishing e-mails I have received.  I have annotated this pictures showing the actual link destination.  You can reveal the link destination on suspicious e-mails you receive by hovering your cursor over the link and seeing if the destination matches what is written in the e-mail, as shown in the fake IRS e-mail below.

Fake IRS Phishing E-Mail - See example at below.  Clicking on the link takes you to a web server in Japan.  Don't think that the IRS is outsourcing their websites to Japan, do you?

 

Fake Barclays Bank email - Since I don't bank here, it was easy to delete this one.  Notice the link does not go to Barclays.

 

Fake PayPal e-mail - PayPal NEVER has links in their e-mails.  Find out where this one goes.

 

Another PayPal e-mail - this one threatens immediate account suspension.

 

Yet another PayPal e-mail - This one is a little spooky, the redirected URL is http://www.paypali.us.  This is a very close misspelling, and could easily fool even the wary.

There are several problems with this Phishing e-mail.  They make no attempt to to copy the logo or design of a typical PayPal e-mail.  The red remember repeated four times looks wrong.

Hovering over the URL reveals the truth - a closely misspelled redirected to http://www.paypali.us.  The extra letter "i" is easy to miss, even if you check the URL destination as shown, by hovering over the link and waiting for the tool tip window.

This is why you never click on a link in an e-mail us less you are positive the e-mail is legitimate.  Even then, copying the link and pasting it into your web browser address line  would be safer.

 

Email from PayPal Security Group - This is the e-mail I received when I reported the bogus email to PayPal.

 

Fake E-Mail from eBay Buyer - looks like he wants to buy your product, but its phishing.  The web site in the link is Czech (.cz).

 

Another Fake from an eBay Seller - looks like they are threatening to turn you in for non payment, but its phishing!  The web site in the link is Czech (.cz), also.

Here's an example of a questionable electronic greeting card spam.  The address is not spoofed, but when I investigated the web site, Internet Explorer 7 gave a security certificate warning:

"There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website has expired or is not yet valid. The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website. "

The lesson here is be suspicious of even innocent looking mail like e-greetings.  If you are not certain about the sender, just delete it.

Lets go look at an example of a phishing scam web site.

Back

More on this topic

Next

Curriculum developed by WyzGuys Computer Tutors

All Rights Reserved - updated 12/07/2006

Hosted by WyzHost.com

contact support@wyzhost.com