Tuesday 01 August 2006
- Decoding the spam: Phishing phor phun
Decoding the spam: Phishing phor phun
By Steven Burn
Most commonly when we think of spam, we tend to think of silly little adverts for cialis, viagra and fake rolex's. However, a much worse kind of spam is the sort that tries to fool you into handing over your account information, be it for a bank, website or otherwise.
This kind of spam is known as "phishing", where the word came from is something to ponder. However, what the "phisher" (the individual that runs the phish) attempts to do is fool you into visiting a website or open an attatchment. Where the attatchments are concerned, these are typically trojans or key loggers that will either give the phisher (I won't call them hackers as they're usually script kiddies that don't have a clue) access to your system (trojans), or log your key strokes (key loggers) and send them back to the individual(s) that started the phish.
Where website's are involved, these typically use URL's that either contain the real URL of the bank/website, or use a Google/Yahoo redirect such as;
Where [website] is the phishing site that you are to be taken to.
So how do you spot a phish?. Commonly these are easily spotted by viewing the URL that is presented in the e-mail. For example, current Lloyds/TSB and Natwest phishing e-mails contain a single image that when clicked, takes you to the phishing website. If you hover your mouse over the e-mail, you will see the REAL URL that you are to be taken to, for example;
hover over me
So how do you prevent yourself being fooled by this?. The easily and simplest way to prevent yourself being phished is by disabling HTML e-mail as most phishers generally include random text for e-mail clients that don't support or allow HTML e-mail - providing a quick and painless way to identify a phish.
If you MUST use HTML e-mail however, there are still one or two things you can do to help yourself. The first and most important, is to check the content of the e-mail. The vast majority of reputable businesses will typically include YOUR first and last name in the e-mail, this whilst not being fool proof, provides the first thing to look out for (most phishing e-mails can't and/or don't include this). The second is to check the source of the e-mail for the URL you may be taken to. Whilst this is possibly a little OTT for some, it provides for the best and most effective way of identifying a phish.
Of course, an even more secure way of finding out if an e-mail is a phish or not, is to contact the business that the e-mail claims to originate from. If the business is a bank, they will always have a record of all e-mails sent to their customers so a quick call to them will clarify whether it actually originated from them. If however, the e-mail claims to come from somewhere such as eBay or Paypal, things are a little more difficult as in my experience, trying to call them is a pain. In these cases, do not click the link or image in the e-mail. Instead, open a new browser window and type in the URL to the website (i.e www.ebay.com).
Whilst the above will not guarantee prevention against phishers, it will in most cases, severely limit what the phisher can do to convince you (especially if you disable HTML e-mail!).
Remember, if in doubt, delete the e-mail.
Bank Safe Online - advice on phishing, money mules and trojans
How Not to Get Hooked by a ‘Phishing’ Scam
Hoax Slayer: Internet Security Threats of all Types
TeMerc Internet Countermeasures Forum: Phishing and spam forums
Anti-Phishing Working Group
Help prevent identity theft from phishing scams
Sophos - Security information - Simple steps to avoid being phished
Protect yourself from fraudulent emails
Spoof ('phishing') emails & websites
"The Phishing Guide": Understanding and Preventing Phishing Attacks
The Phishing Guide - Understanding and Preventing Phishing Attacks (downloadable PDF)
Updated: 18-01-2010 - Changed screenshot (forgot the old one was killed off when I had to switch servers, sorry guys), still the same type of e-mail, so still relevant.