I.T. Mate
                                       Extranet
Menu: Home | About | Articles | Blog | Contact Us | Downloads | News | Search | Services | Support

hphosts logo
Services
hpHosts HOSTS file
sGB Hosted Guestbooks
sURL URL redirection
vURL Webpage dissection

Homepages
I.T. Mate
AB Archive
hpHosts Blog
hpHosts Online
Phishing Scams
Product Support
sURL
vURL Online

Friends ...
BugHunter
FSpamlist
Helen Benoist
Wrightway Computers

MVPLogo
Articles

Tuesday 01 August 2006 - Decoding the spam: Phishing phor phun
Decoding the spam: Phishing phor phun
By Steven Burn

Most commonly when we think of spam, we tend to think of silly little adverts for cialis, viagra and fake rolex's. However, a much worse kind of spam is the sort that tries to fool you into handing over your account information, be it for a bank, website or otherwise.

This kind of spam is known as "phishing", where the word came from is something to ponder. However, what the "phisher" (the individual that runs the phish) attempts to do is fool you into visiting a website or open an attatchment. Where the attatchments are concerned, these are typically trojans or key loggers that will either give the phisher (I won't call them hackers as they're usually script kiddies that don't have a clue) access to your system (trojans), or log your key strokes (key loggers) and send them back to the individual(s) that started the phish.

Where website's are involved, these typically use URL's that either contain the real URL of the bank/website, or use a Google/Yahoo redirect such as;

www.google.com/url?sa=U&start=4&q=[website]

Where [website] is the phishing site that you are to be taken to.

or

www .lloydstsb.com.internet_banking.security.podesko.biz/useridcfm.ibc

So how do you spot a phish?. Commonly these are easily spotted by viewing the URL that is presented in the e-mail. For example, current Lloyds/TSB and Natwest phishing e-mails contain a single image that when clicked, takes you to the phishing website. If you hover your mouse over the e-mail, you will see the REAL URL that you are to be taken to, for example;

phishing
Some e-mails however, will go one step further in trying to fool you, and can be quite effective - especially if you are allowing HTML e-mail, by using a tiny bit of Javascript to change what you see in the status bar (when you hover over the image/link). For example, the following link will take you to the Exalead search engine - but what does the status bar say?

hover over me

If you have Javascript disabled, you should see the real URL (in this case, www.exalead.com). If however, you have Javascript enabled, you will see www.it-mate.co.uk when hovering over the link above.

So how do you prevent yourself being fooled by this?. The easily and simplest way to prevent yourself being phished is by disabling HTML e-mail as most phishers generally include random text for e-mail clients that don't support or allow HTML e-mail - providing a quick and painless way to identify a phish.

If you MUST use HTML e-mail however, there are still one or two things you can do to help yourself. The first and most important, is to check the content of the e-mail. The vast majority of reputable businesses will typically include YOUR first and last name in the e-mail, this whilst not being fool proof, provides the first thing to look out for (most phishing e-mails can't and/or don't include this). The second is to check the source of the e-mail for the URL you may be taken to. Whilst this is possibly a little OTT for some, it provides for the best and most effective way of identifying a phish.

Of course, an even more secure way of finding out if an e-mail is a phish or not, is to contact the business that the e-mail claims to originate from. If the business is a bank, they will always have a record of all e-mails sent to their customers so a quick call to them will clarify whether it actually originated from them. If however, the e-mail claims to come from somewhere such as eBay or Paypal, things are a little more difficult as in my experience, trying to call them is a pain. In these cases, do not click the link or image in the e-mail. Instead, open a new browser window and type in the URL to the website (i.e www.ebay.com).

Whilst the above will not guarantee prevention against phishers, it will in most cases, severely limit what the phisher can do to convince you (especially if you disable HTML e-mail!).

Remember, if in doubt, delete the e-mail.

References

Bank Safe Online - advice on phishing, money mules and trojans
http://www.banksafeonline.org.uk/

How Not to Get Hooked by a ‘Phishing’ Scam
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

Hoax Slayer: Internet Security Threats of all Types
http://s12.invisionfree.com/HoaxSlayer_Forums/index.php?showforum=14

TeMerc Internet Countermeasures Forum: Phishing and spam forums
http://temerc.com/phpBB2/viewforum.php?f=41

Anti-Phishing Working Group
http://www.antiphishing.org/

Help prevent identity theft from phishing scams
http://www.microsoft.com/athome/security/email/phishing.mspx

Sophos - Security information - Simple steps to avoid being phished
http://www.sophos.com/security/best-practice/phishing.html

Protect yourself from fraudulent emails
https://www.paypal.com/cgi-bin/webscr?cmd=_vdc-security-spoof-outside

Spoof ('phishing') emails & websites
http://pages.ebay.co.uk/safetycentre/spoof.html

"The Phishing Guide": Understanding and Preventing Phishing Attacks
http://www.technicalinfo.net/papers/Phishing.html

The Phishing Guide - Understanding and Preventing Phishing Attacks (downloadable PDF)
http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf



Updated: 18-01-2010 - Changed screenshot (forgot the old one was killed off when I had to switch servers, sorry guys), still the same type of e-mail, so still relevant.


Part 1 | Part 2 | Part 3 | Part 4 | Part 5

<< Back to Articles Discuss this article

Archives: 2003 | 2004 | 2005/6

Sophie Lancaster Foundation

End User Licence Agreement | Help Us | Privacy Policy | Terms of Use
Copyright ©1998 - 2017 I.T. Mate - All Rights Reserved