Internet users therefor need to know about phishing and how to identify phishing emails from safe emails.

The Login Helper blog has created a phishing flow chart that outlines the process of analyzing an email to determine if it is a phishing email or not.

The flow chart addresses the three biggest email dangers: Attachments, links and social engineering. The chart has been color coded for easier recognition of safe and dangerous elements in emails. All red elements in the flow chart are considered dangerous while blue elements are considered safe.

The chart furthermore provides basic suggestions on how to react when possible dangerous elements are encountered, for attachments it would be to save them locally and check them with a service like Virus total online.

Following the chart leads either to a safe or dangerous rating for the email that is being analyzed.

The new kind of phishing emails is actually using the knowledge of those first gen phishing emails by warning users about those emails which will lead to a fake website. Since this is a relatively new scheme many users will probably fall for it believing the message that is send to them.

Who would believe that a message that is warning the user about phishing emails is actually a phishing email ? The best way to defend against this kind of attacks ? Never open links in mails, always visit the website directly.

Do you have an account at JP Morgan Chase Bank ? If not delete the message immediately. Users from outside the United States should delete it as well especially if they only have bank accounts in their native language which is not English. It becomes a little bit complicated if you are a customer of that bank.

If you do read the mail completely you soon realize that the mail body does not contain a single word about JP Morgan Chase Bank anymore but only about PayPal. The mail ends with ‘Sincerely, PayPal Account Review Department’

Those factors are only indicators that something is wrong. Take a look at the only link in that email, it does show a PayPal url, but is it really one ? If you hover the mouse over the link the destination of that link is shown in the status bar of Thunderbird.

The link is pointing to a Swiss website and not to paypal.

If you visit that link which should not be a problem if you use Opera or Firefox you come to a website that looks like PayPal. Now it is beginning to get interesting, lets take a look at that website and find out about the differences to the original PayPal website and how one would be able to spot them.

• The websites look different. This is a good indicator that something is wrong.
• The Phishing website does not use the https protocol and it does not show a PayPal url
• The Verisign logo at the bottom is blurred at the Phishing website
• Username and Password are not automatically filled in if you saved them

The bold indicator is the most important one. If the phishing website would use https you could check the certificate by clicking on the yellow lock to receive further information.

Phishers however mostly rely on users who believe what they see, if it looks like PayPal it must be PayPal.