WyzGuys Computer Tutors

 Computer Instruction. Web Design Instruction,  and Web Hosting 

 

Go Phish!

 

Site Navigation

Security Home
Registration
Security Resources
The Security Problem
Security Issues
The Control Panel
Computer Security
Network Security
System Restore
Repair Your System
911 Online
E-Mail Security
Spam
Phishing
Phishing Examples
Phishing Web Sites
419 Fraud
Parental Controls
Appendix
Conclusions
Course Evaluation

More Info

Glossary
Internet
E-Mail Attachments
Passwords
Firewalls
NAT
Ports
Broadband
WiFi Networks

What is Phishing?  

This is how a lot of Internet identity theft occurs.  It almost happened to me, and I know better.   It will start as a very realistic looking e-mail from your bank, your brokerage, or an on-line business like Amazon, E-Bay or PayPal.  At the time of this writing, in May 2006, I have been receiving a barrage of PayPal phishing e-mails, about 3-5 per day, each routing to a different fake site, with each round escalating the threat of account closure. 

There are commonalities to these e-mails. 

  • There will be some problem with your account or credit card. 

  • There will be serious repercussions for failure to address the issue, like account suspension or closure. 

  • There almost always is poor or fractured English grammar.

  • A hyperlink that redirects you to a fake web page, like the actual examples below.

    • Link on email -

      http://signin.ebay.com//aw-cgi/eBayIASPI.dll?PlaceCCInfo&&UserId=ge4mDtry3sy2328XZe

    • Actual destination -

      http://s105946306.onlinehome.us/us/saw-cgi/eBayISAPIdll/SignInUsingSSLpUserId/eBayISAPI.dll?

You will be asked to click on a hyperlink to a web site in the e-mail.  Here’s where the fun begins, instead of going to the web address you see, which probably is a legitimate web address for the company in question, you will be redirected to a fake site at a strangely named web address.  This site will look like the real thing, right down to the logo and typeface.  You will only catch this if you look at the address in the browser tool bar.  This is possible because in an HTML e-mail, the address you see does not have to be identical to the hidden HTML code in the email.  In my case the link took me to a logon page, where I foolishly gave them my user id and password!  Then I was sent to a web form where I was asked for every important piece of personal and financial information.  The red flag was when they asked for the credit card PIN number.  I don’t know what it is.  It made me pause long enough to realize the only time you need a credit card PIN is to withdraw money from an ATM.  Well I bailed on the web form, and immediately reported it to E-Bay, and changed my E-Bay password, which the bad guys now had.  Thank goodness I caught on before I clicked on the Submit button on the fake web page.

Countermeasure – Vigilance, Suspicion, Awareness. 

There are few products to protect you from these exploits.  Internet Explorer 7 claims an anti-phishing capability.  Some of the Internet Security Suite products, including Zone Alarm, also make this claim.  Your strongest weapon is your own suspicion or paranoia.  When in doubt, go to the company web site BY TYPING IN THEIR WEB ADDRESS MANUALLY into the browser bar, and find their Security or Contact Us page to confirm the authenticity of the e-mail.  I have noticed that PayPal NEVER has links in their e-mail.  They tell you to log on manually.  If you get an e-mail from PayPal with links, it is 99.999% certain that it is bogus.

Ebay has a tutorial on e-mail spoofing and phishing.

PC Magazine offered this article showing typical phishing exploits and the mistakes that identify them.

Lets take a look at some phishing examples, and then look at the complete phishing scam, including a fake login page, and the phishing information collection page.

Top 30 targets of phishing attacks as reported by Castlecops for August, 2006

1 PayPal 147
2 eBay 118
3 Bank of America 37
4 Fifth Third Bank 25
5 Wachovia 24
6 Nationwide 22
7 Bank of Scotland (Halifax) 15
8 Volksbank 14
9 e-gold 13
10 Barclays 10
11 Halifax 10
12 Wells Fargo 8
13 Citibank 8
14 National Credit Union Administration 8
15 NAFCU 7
16 Commonwealth - NetBank 6
17 Michigan Schools and Government Credit Union 6
18 Chase 6
19 Texas Dow Employees Credit Union 5
20 National Australia Bank 5
21 Lloyds TSB 4
22 Bank of Scotland 4
23 Banesto Flagstar Bank 4
24 Flagstar Bank 3
25 IRS 3
26 Key Bank 3
27 St. George Bank 3
28 Banca Fideuram 3
29 IRS 3
30 Desjardins 3

Back

More on this topic

Next

Curriculum developed by WyzGuys Computer Tutors

All Rights Reserved - updated 12/07/2006

Hosted by WyzHost.com

contact support@wyzhost.com