WARNING: High-Quality Phishing SPAM Ahead

9 May 2006

If you think you already know what I’m going to say, please, don’t stop reading here; I may surprise you.

Most of those who will read this already know the dangers of trusting the kinds of email messages like the one I just recently received with the subject line “Your account might be compromised!”, which prompted this post. However, many who read this blog are not of the “technically savvy” or “computer expert” types, so I thought these comments might be useful.

Rule Number 1: NEVER take any email message from a company that deals with money (like banks and credit unions) at face value. That simple rule will protect you from most Phishing attacks.

The Phishing scams use all sorts of tricks to make their emails look legit. This latest one even employed the technique of having someone who actually speaks English write the text. In the past, one very big indicator that an email might not be from the company it claims to be, was the bad translation from some other language to English before it was sent out.

Another common tactic is to send HTML email. This allows the Phishers to create links like [ http://en.wikipedia.org/wiki/Phishing ]. The link looks like it points to the correct website for your bank (for example), but actually goes somewhere else. Unfortunately, these can be hard to expose if you use Internet Explorer, Outlook, Outlook Express or some common web based email systems (like Hotmail & Yahoo!).

If you visit such fake links and you use Internet Explorer, there are several techniques the fake website can use to make it look like it is the real website. For example, there are dozens of still not patched bugs in IE that let a web page dictate exactly what you see in the address bar. So, while you are actually at “http://192.0.2.5/www.chase.com/login.jsp”, IE’s Address bar could show, “https://www.chase.com/login.jsp”, thus making it look more legitimate. Of course, you got there by clicking the link they gave you in that HTML email.

Rule Number 2: Don’t trust HTML emails. Too much stuff can be hidden.

HTML email has many other problems as well, like being able to pull in code or images that actually tell the sender that their email has been read while completely hiding this fact from you. That let’s the spammers know that you’ll read their SPAM.

I could go on and on about this, but I won’t. Instead, I’ll just leave you with a few, simple thoughts:

1. There is no Nigerian Oil Money waiting for you to transfer into your account (money laundering schemes)
2. That’s not Viagra they’re putting in those bottles (generic drugs fraud).
3. You do not need to buy OEM software. (pirated copies).
4. eBay & PayPal (or, for that matter, any bank or credit union) never need you to “verify” or “validate” your account (Phishing).

And, last but most certainly not least:

5. The world will not fall down around you if you don’t immediately forward that chain mail (viruses).

« WordPress URL Bug Fixed Movie Review - M:I3 »


Actions

Informations

  • Date : 9 May 2006
  • Categories : Internet

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>