23
Jul
07

Tutorial: Spotting a Phishing Scam in your Email

Phishing, in practical terms, is an attack used by hackers to gain access to private information such as credit card numbers, social insurance numbers and user passwords. Rather than breaking down a physical or technological barrier, phishing is a social engineering attack where targets are typically duped into providing this information directly to false versions of legitimate websites run by the hackers. Personal information can then be used for fraudulent purchases, resale to third parties and even identity theft. While there are no universal statistics on the number or nature of phishing scams, most security websites agree on the following –

-Financial Services is the most targeted industry sector overall
-Paypal, Ebay, Amazon and the major banks are the most targeted companies
-North America is both the primary target audience and the region were the largest number of phishing sites are hosted
-Websites are by far the most popular portals through which to gather information, although an increasing number of phishing scams instruct targets to call a telephone number

Below are screenshots from a phishing email I recently received. Have a look at the warning signs –

00.jpg

Subject Line implies user information is outdated
The subject line typically implies that your user information or financial particulars need to be manually updated.

Spotting a Phishing Scam in your Email

Incorrect recipient address information
Incorrect addresses include:
-Name spelled incorrectly
-Incorrect email address that mysterious reaches your inbox
-Email is addressed to multiple recipients
The email sent to me had the wrong address but the correct domain, which made it worth obscuring for the purpose of this tutorial.

Spotting a Phishing Scam in your Email

Impersonal greeting
Phishing scams rarely know the real names of its targets and tend to rely on general greetings like “Dear user –“

Spotting a Phishing Scam in your Email

Ultimatum
The email could imply that updating user information is mandatory for the user or that the same email was sent to all users for the company being spoofed.

Spotting a Phishing Scam in your Email

Convoluted hyperlink
Hyperlinks in email messages should be distrusted in general, but long and convoluted hyperlinks like the one above should cause heightened suspicion. As you can see, the URL ends in a .dll file which is very irregular. Also this apparently “ebay link” has a very long URL that contains what appears to be a randomly generated number. This is a sign that the URL itself is temporary and automatically generated such to stymie anti-phishing efforts by police and corporations. URL’s containing raw ip address (eg 204.184.56.12) are also a strong indicator that the email is not legitimate.

05.jpg

No offer of additional information
There is no URL FAQ or phone number contact for users wanting to inquire about privacy concerns or why personal information needs to be updated.

Spotting a Phishing Scam in your Email

Spotting a Phishing Scam in your Email

Warnings from email client
A well-designed email client can detect many of the irregularities listed as well as check for suspicious points of origin (e.g. spoofed emails) and links to insecure servers. In this case, Thunderbird has cautioned that the URL does not in fact redirect to a subdomain at ebay as the email displays, but rather an unknown website in Hong Kong

Spotting a Phishing Scam in your Email

Warnings from web browser
If for some reason you actually clicked on the URL in spite of previous warnings, your web browser might give another warning still. In this case, Firefox has alerted me that the URL has already been reported as a forgery. Although it’s hard to see in the above screenshot, the URL background is white, which in Firefox (and most browsers) means that I am not on a secure connection – kind of strange for a site requesting secure personal information, non?

Final Thoughts

Most phishing email messages won’t contain all of the above characteristics and probably will contain other defining characteristics not mentioned. Phishing is an evolving practice due to its lucrativeness and increased usage by organized crime. If you receive an email that contains one of the above characteristics then be extremely cautious. Email messages containing more than one should probably be reported to your ISP and immediately discarded. If the email is threatening the termination of a service, simply let it happen. No company worth doing business with is going to maintain its records by firing off thousands of email messages to various Hotmail and Yahoo accounts in hopes of reconciling its financials.

As for anti-phishing software, there is no silver bullet application to prevent 100% of attacks. Personally, I have found that a combination of Thunderbird email client, Firefox web browser and ZoneAlarm Security Suite have identified every phishing attempt received so far. Microsoft Internet Explorer 7 also has anti-phishing facilities that are said to be effective.

If you ever read webhosting reviews of reputable hosting companies, you’ll have an idea that these hosting service providers provide good scam protection besides their cheap web hosting services. Just read the detailed review of ix web hosting or the famous hosting company powweb. Therefore, it’s not desirable to always prefer the cheapest hosting web that doesn’t supports other features.


6 Responses to “Tutorial: Spotting a Phishing Scam in your Email”


  1. 1 secure email Jul 24th, 2007 at 6:48 am

    Phishing of probably the most easy way to steal passwords from internet users. As a computer expert I always take phisers into account when opening my bank accounts online but the average Joe out there will fall for the trick.

  2. 2 M.Hunter Sep 6th, 2010 at 8:59 am

    Usually these phishing scams have links to fake sites. They may have the appropriate logos, and look real, but don’t trust them. Some email providers have systems that detect this and will warn you. My Yahoo account has saved me a number of times, when the email looked so real, I couldn’t tell the difference. Their warning saved me from making a huge mistake.

  3. 3 sam Sep 12th, 2010 at 3:15 am

    Good info. I’m doing a how-to on tracing email scams.

    Mind if I link to this page from my blog? (uk scams)

    Sam

  1. 1 University Update - Yahoo - Tutorial: Spotting a Phishing Scam in your Email Pingback on Jul 23rd, 2007 at 7:56 am
  2. 2 University Update - Firefox - Tutorial: Spotting a Phishing Scam in your Email Pingback on Jul 23rd, 2007 at 8:52 am
  3. 3 Jack’s Newswatch Pingback on Jul 23rd, 2007 at 10:49 am

Leave a Reply

You must login to post a comment.




Further Research

Twitter

Archives

Categories