Phishing Explained

Martin Brinkmann
Jan 25, 2006
Updated • Mar 14, 2014
Email
|
6

Phishing, which is a construct of the words Password and Fishing, becomes more and more common on the Internet.

Many Internet users receive daily mails from sites that look as if they come from legitimate companies and services such as eBay or PayPal, or from financial sites like Citibank.

These emails look authentic and direct you to a website that looks like a copy of the original site. They "phish" your login data or credit card information when you enter them on the fake website. Phish in this context means steal by the way.

Once the data has been recorded, which it will when you sign in or enter the data into forms on the site, they can use the information for all kinds of activities, from locking you out of your own account, abusing it to send spam messages, withdrawing funds, or other criminal activities.

The following article can be used as a guideline to distinguish between official mails and phishing mails. It explains phishing in detail, and has tips in the end as well. Before we start, why not take a phishing test and see if you can distinguish between legit mails and fake ones.

The mail

Most phishing attempts start with emails being sent to your account. They look real on first glance, they are sent from an official email address, and they look like official mails most of the time.

Contents may differ. Some may ask you to update account information, verify that the email address belongs to the account, provide financial information or other personal data such as your Social Security Number, or require you to open a document or file on your computer.

What you need to know is the following

  1. Every email address can be faked.
  2. Every email can be created to look like an official email.
  3. Every website can be designed to look like the original.

There are however hints that point you in the right direction if you have to decide if the email you just received is a legit one or not.

Its easy enough to distinguish if you are not a customer of the website or institute. Trash and forget in that case. Its also easy if you receive an email in a foreign language (if you have no contact to that institute in that country). Trash and forget as well. Take a look at the To: Header. Is that your real email address and name? If not trash and forget as well.

Other indicators are if the email does not address you by name, if it contains improper formatting, or spelling or grammar mistakes.

But what if you are a customer?

One indicator that an email may be a phishing email is if you are not addressed by your full name.

Phishing Emails often contain one or multiple links to fake website. Mostly to a site with form fields that prompt you to enter information about yourself and financial date / login data.

Note that some spammers mix legit and fake links in emails to throw you off balance. It is necessary to go through all links to make sure they are all legit.

Lets take a look at an eBay phishing mail. Click on the thumbnail to get a large version of the jpg.

ebay phishing email thumbnail

It looks legit, comes from an official eBay address and has some nifty eBay logos in it. It also seems to point to the official website starting with https://signin.ebay.com/..

The trick now is that this is only the link text but not the link itself. If you move your mouse over the link you will see the link address and not the link text. The link address is shown in the status bar of the mail program. It leads to http://200.41.5.40:780/.. which is no official ebay site at all.

Results:

  1. Link Text and Link point to different websites, no company would link to an IP address.
  2. The original link is https and the fake one is http. No signup page ever uses only http, well signup pages from eBay and financial ones at least.

Lets take a look at the site that the link points to:

ebay fake website phishing

If you look in the address bar you see that you are not on an official eBay site. You also see that its again http and not a https site. I suppose the site will redirect you to the official site once you enter your login data.

If you take a look at the official site and the login screen you see differences:

ebay fake website phishing

First, its a https site, second its an ebay.com site and third it looks different than the phishing mail. You can distinguish between fake and real by simply looking at those elements.

Please be aware that it is not always as easy as this example. Phishers begin to use cross-frame phishing to mix official site content with fake site content. A good example of this can be found on the netcraft.com site.

Tips:

  1. If you are not a customer of the site delete the email immediately. Don't click on the link or reply, or execute any files that may be attached to it.
  2. If you are not addressed by name, it is likely a phishing email.
  3. If you are a customer and you are not sure if the email is legit do one of the following:
  4. Contact the institute by phone or use a contact on the official website ( do not use the email link of course) and ask if the mail is official.
  5. Instead of using the link provided open the website by typing in the official link there. The site should have news about the email on their starting page. (most of the time). If not, use 2a to verify the email.

There are some anti-phishing toolbars and plugins available but I never needed to use one because all phishing emails are more or less obvious fake if you analyze them.

Update: Most web browsers come with anti-phishing modules nowadays. They do however only protect you against known threats, not threats that have not been discovered yet.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. JMGG said on January 19, 2012 at 8:25 am
    Reply

    You said that Outlook isn’t your main email client, so which is your main one?

    1. BalaC said on January 19, 2012 at 9:42 am
      Reply

      I think its thunderbird

    2. Martin Brinkmann said on January 19, 2012 at 10:15 am
      Reply

      It is Mozilla Thunderbird.

  2. Salaam said on September 24, 2012 at 9:52 pm
    Reply

    Awesome! This actually solved my problem… what a stupid bug.

  3. Claud said on December 19, 2012 at 2:08 am
    Reply

    If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.

    1. Lynda said on February 12, 2013 at 3:37 pm
      Reply

      THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!

    2. Chad said on November 20, 2018 at 4:24 pm
      Reply

      Solved my issue! 6 years later and this is still problem…

    3. Ivan X said on January 21, 2021 at 4:50 pm
      Reply

      Fantastic. Thank you. Size did the trick.

  4. Andrew said on October 26, 2013 at 7:06 am
    Reply

    This solved my Outlook problem, too. Thank you. :)

  5. Charles said on December 7, 2013 at 7:23 pm
    Reply

    Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.

  6. garth said on November 7, 2014 at 7:13 pm
    Reply

    You are a god – thank you!

  7. Faisal said on February 9, 2015 at 10:09 am
    Reply

    thanks a lot…. work like charm.. :-)

  8. Simon said on March 24, 2015 at 11:36 pm
    Reply

    Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers

  9. Olu said on April 14, 2015 at 1:35 pm
    Reply

    Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
    Thank you

  10. Coenig said on July 23, 2015 at 7:36 am
    Reply

    Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)

  11. Fali said on January 20, 2016 at 4:19 pm
    Reply

    Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.

    1. MIki said on January 10, 2019 at 11:54 am
      Reply

      I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!

  12. Christina said on January 20, 2016 at 6:14 pm
    Reply

    Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007

  13. Oz said on July 22, 2016 at 3:20 pm
    Reply

    Great tip! Thanks!

  14. Tracy said on September 1, 2016 at 4:48 pm
    Reply

    Worked for me, too – thank you!!!

  15. shawn said on September 9, 2016 at 10:25 am
    Reply

    It’s Worked for me, too
    thank you very much!

  16. Jari said on October 31, 2016 at 11:53 am
    Reply

    I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!

  17. Michel H said on November 30, 2016 at 11:08 pm
    Reply

    Thank you so much. Solved!
    Considering you published this in 2012, incredible not been debugged by Microsoft.
    Thank you again. M

  18. Ziad Bitar said on January 9, 2017 at 2:00 am
    Reply

    This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.

    Thanks.

  19. Anonymous said on February 15, 2017 at 5:24 pm
    Reply

    Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.

  20. Rochelle said on March 6, 2017 at 11:59 am
    Reply

    Thank you, this worked !!!!

  21. anom1234 said on May 20, 2018 at 11:20 pm
    Reply

    Man, you are a fucking god. Thanks a lot, what an annoying bug!!

  22. JC said on October 12, 2020 at 2:14 pm
    Reply

    Awesome, this post solved the issue. Many thanks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.