Phishing, which is a construct of the words Password and Fishing, becomes more and more common on the internet. Many people recieve daily mails from sites like ebay and paypal but also from financial sites like citibank that look authentic and direct you to a website that looks like a copy of the original site. They “phish” your login data or credit card information from that fake website.
The following article can be used as a guideline to distinguish between official mails and phishing mails and will have some tips at the end. Before we start, why not take a phishing test and see if you can distinguish between legit mails and fake ones.
The mail
Most phishing attempts start with emails being send to your account. They look real on first glance, they are send from an official email address, they look like official mails. They could ask you to update your account, verify that the email belongs to the account or download a security update for your financial transactions. What you need to know is the following:
1. Every email address can be faked.
2. Every email can be created to look like an official email.
3. Every website can be designed to look like the original.
There are however hints that point you in the right direction if you have to decided if the email you just recieved is a legit one or not.
Its easy to distinguish if you are not a customer of the website or institute. Trash and forget in that case. Its also easy if you recieve a email in a foreign language (if you have no contact to that institute in that country). Trash and forget as well. Take a look at the To: Header. Is that your real email address and name ? If not trash and forget as well.
But what if you are a customer ?
Phishing Emails always contain a link to a website. Mostly to a site with form fields that prompt you to enter information about yourself and financial date / login data.
Lets take a look at an ebay phishing mail. Click on the thumbnail to get a large version of the jpg.
It looks legit, comes from an official ebay address and has some nifty ebay logos in it. It also seems to point to the official website starting with https://signin.ebay.com/..
The trick now is that this is only the link text but not the link itself. If you move your mouse over the link you will see the link address and not the link text. The link address is shown in the status bar of the mail program. It leads to http://200.41.5.40:780/.. which is no official ebay site at all.
Results:
1. Link Text and Link point to different websites, no company would link to an ip address.
2. The original link is https and the fake one is http. No signup page ever uses only http, well signup pages from ebay and financial ones at least.
Lets take a look at the site that the link points to:
If you look in the address bar you see that you are not on an official ebay site. You also see that its again http and not a https site. I suppose the site will redirect you to the official site once you enter your login data.
If you take a look at the official site and the login screen you see differences:
First, its a https site, second its an ebay.com site and thirdly it looks different than the phishing mail. You could distinguish between fake and real by simply looking at those elements.
Please be aware that it is not always as easy as this example. Phishers begin to use cross-frame phishing to mix official site content with fake site content. A good example of this can be found at the netcraft.com site.
Tips:
1. If you are not a customer of the site delete the email immediatly. DonĀ“t click on the link or reply.
2. If you are a customer and you are not sure if the email is legit do one of the following:
2a. Contact the institute by phone or contact at the official website ( do not use the email link of course) and ask if the mail is official.
2b. Instead of using the link provided open the website by typing in the official link there. The site should have news about the email on their starting page. (most of the time). If not, use 2a to verify the email.
There are some anti-phishing toolbars and plugins available but I never needed to use one because all phishing emails are more or less obvious fake if you analyse them.
[tags]phish, phishing, fake emails, email scam, fraud[/tags]
Related Posts
1 User Commented In This Post
Subscribe To This Post Comment Rss Or TrackBack URL