Phishing Schemes Still Alive and Well
Joe M posted in security on February 28th, 2008
In the past couple of days, I have received a number of emails that are phishing schemes.
Phishing is practicing the collecting personal and confidential information for ill gain, usually through deceptive means. It may be any combination of an email, a website, a chatroom, an IRC channel, etc.
The user is usually baited into clicking a website address. The website pops up with the familiar graphics of a well-known website. The latest practice is to include an authentic domain name in the address.
One email I received was from a domain that was mocked up to LOOK LIKE paypal.com. Upon further examination, I could tell it was a phishing scheme.
(I do not recommend that you do any of the following. If you do, do so accepting the consequences at your own risk.)
Just for curiosity, I clicked the link from the email. It brought up a website with an IP Address and what looked like an authentic paypal address in the URL at the top of the screen.
http://{THE IP ADDRESS}/public_directory/www.paypal.com/login
The IP Address and the fact that it also included a domain name deeper in the URL address were the telltale signs to me.
Paypal and the other reputable websites will usually utilize security measures. When you pull up their site, you will see https:// in the URL. The other assurance is a small lock icon in the lower right hand side of the screen in Internet Explorer and Mozilla Firefox. This means you have an SSL (Secured Sockets Layer) connection. That means you have a safe connection.
Now, I have a paypal account, but I used a bogus username and a bogus password, made up on the spot. I typed in both the bogus username and password and clicked the Log in button.
A few seconds later, I was at the Phoney ‘Welcome’ screen, even though I typed in a bogus username and password.
So, what this means is… there was no authentication. Authentication is a security measure in which the username and password are compared and checked against a security database. The username must be valid (must be in the database) and the password must match the one in the database for that particular username.
My bogus username and password were collected and added to a ‘black’ database somewhere.
Rules of thumb:
Got a question about your account prompted by an email?
Manually type in the address (what you KNOW is valid) for the site into the URL. Never click a link from an email, and do not RETYPE the address from the email. Stick with what you KNOW. For example, if you get an email that prompts questions about your account with paypal, type in paypal.com and Log in to your account, that way.
Once you MANUALLY type in the VALID website address, hunt down a phone number to call, if you have questions. Post a question in the site forums, if they have them. Some services provide a messaging service inside your account, much like a mailbox; accessible only with your username and password.
Watch those emails!
Red flags should go up anytime you get asked, prompted, telephoned, texted, emailed, IM chat or any other form of communication regarding your personal information.
Identity Theft is quite common, these days.
Keep your guard up!
April 8th, 2009 at 2:53 am
[...] Some time back, I wrote a post about phishing schemes. Check it out for more information. [...]