Tricks of the Trade

Previous page
Table of content
Next page

One reason phishing schemes have become both more prevalent and more successful is the wide availability of powerful publishing and graphics programs that scammers use to create legitimate-looking e-mails, complete with corporate logos and letterheads and graphics. In addition, the scammers create web pages that are nearly indistinguishable from the real corporate sites they are mimicking. Some go so far as to copy the exact navigation structure of the real website so that when you click the link you are taken to a page that looks just like the one that you would find if you typed in the real URL. When you type in your login ID and password, they (the identity thieves) can immediately go to the real site, log in, and gain access to all of your information (and have the ability to do anything you could do on the site in question).

This is all a bit daunting, and although we pledge not to go over the top with scare tactics in this book, this is one scam you should always be on the alert for. Some of these e-mails look amazingly legitimate. If you do not want to take our word for it, go to the following URL, which provides a phishing IQ test:

http://survey.mailfrontier.com/survey/quiztest.html

Good luck guessing which ones are real and which ones are phishing attempts. (Just in case the site gets moved, you can also go to Google or some other search engine and search for "phishing IQ test.")

Be sure to look at the "why" portion of the results; it explains how you can tell whether the e-mails are real.

This does seem pretty scary, but there is some good news; there are usually some specific giveaways within these scam e-mails, and even without the clues there are things you can do to avoid being taken advantage of.

One hard and fast rule is that you should never, under any circumstances, click a link from an e-mail that you even remotely suspect as not being legitimate. In fact, even if you do not suspect the e-mail of being a fake, you should still not click the links in the e-mail. The reason for this is that it is a simple matter to redirect a link on a page or in the text of an e-mail to any other site. For example, if I enter http://www.citibank.com, you would think that clicking the link will take me to Citibank's corporate website. I can tell this by rolling my cursor over the link in Microsoft Word, which shows a popup window noting where the hyperlink is directed to. Figure 7-2 shows that the hyperlink does in fact link to the appropriate URL.

Figure 7-2. Legitimate Website Hyperlink


As we said, however, it is very simple thing to change where the link is directed, as demonstrated in Figure 7-3. As you can see, the text still shows that it goes to the corporate site. However, the link will actually send you to a place you probably do not want to go (much less type in your credit card number when there).

Figure 7-3. Phishing Scam Redirect


Of course, this is easy to see in Word, but chances are your e-mail client does not have the link rollover feature. Even if it does, chances are you are not paying attention to it. Unless the actual URL that you get directed to does not look like what you expected, you might never even notice that you are not on a legitimate website. In any case, most scammers take care that the site looks legitimate so that you do not bother looking at the address bar in your browser.

If you do need to go to the link in the e-mail for whatever reason, the best thing to do is to manually type in the URL (address) into the address window in your Internet browser. You can also Google the name of the company you are trying to reach and click the link in the results page. Doing this takes an extra step or two, but at least this way you will be sure you are going to the address you entered and not a redirect.

One more thing: In some cases, a legitimate-looking URL is fake, and even if you copy the text into your browser you could still end up in a bad place. For example, consider the following URL:

www.google.com@halcyon.com/account_control

Did you notice anything odd at first pass? It looks legitimate because it starts with www.google.com. If you just take a quick glance, you might not notice that the base URL is not google; it is actually google.com@halcyon.com. In this case, a scammer just registers a domain name that starts with a known site but has some extra stuff tacked on to it. Figure 7-4 is another example with a URL that appears legitimate.

Figure 7-4. Legitimate-Looking URL Trick


In this case, you might think that you are going to an MSN site; however, if you go to that site and enter your personal information, you are about to get taken.

The lesson here is pay attention and be vigilant. The ".com" is a simple naming convention and not a hard-and-firm rule that governs where a web page actually lives. These extensions include .org, .gov, and .edu, to name a few. You can take any known site, add some other words or letters to the end of it, and register it as a domain name, as long as nobody has already registered the name. You should also be careful about common misspellings and typing errors when manually entering the address. These mis-types will almost always be registered names. In most cases, it will end up being a porn site, but it would not surprise us to see phishing sites set up before long.


Previous page
Table of content
Next page
Home Network Security Simplified
Home Network Security Simplified
ISBN: 1587201631
EAN: 2147483647
Year: N/A
Pages: 130
Authors: Jim Doherty, Neil Anderson
BUY ON AMAZON
MySQL Stored Procedure Programming
Absolute Beginner[ap]s Guide to Project Management
The CISSP and CAP Prep Guide: Platinum Edition
A Practitioners Guide to Software Test Design
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy