The email shown here is what is known as “a phish” or “phishing attack.” While this one in particular is an attack on those having a PayPal account, phishing attacks have been conducted on virtually all well known financial institutions including banks and credit unions.

To get an understanding of how this is done let’s dissect this rascal and see what’s behind the scenes!

Those familiar with the PayPal service and its logos will likely agree this looks very official, and indeed it should as the attacker is actually using PayPal’s logos from www.paypal.com. For example here’s the HTML code (the language used to create web pages) from the email for the PayPal logo at the top of the page. If you click on the underlined part of the item below you will see that it takes you to the actual PayPal logo at the real PayPal site of paypal.com.

< img src=”http://images.paypal.com/en_US/i/logo/email_logo.gif” alt=”PayPal” border=”0″/>

If you’re not familiar with HTML code, don’t worry about it. The important point here is that those creating phishing attacks do link to the real graphics for logos and other distinctive items at the legitimate web site to make their fake email look more authentic.

Now let’s look at the attacker’s goal and how the actual attack takes place. The attacker’s goal is usually simply to get the unwary user to believe they are actually complying with an official request from the given institution (PayPal in this case) and to get the user to enter their private data such as login name and password. Other phishing attacks similarly try to get users to provide account numbers, passwords, credit card numbers and similar information. In short, any data that the attacker can use to conduct a fraudulent transaction to his financial gain.

The “how” they accomplish this is by hiding the link to where you’ll actually be taken if you click on the link in the letter. Let’s clarify this with the current example above. In the email shown above we see at the end of the first paragraph the sentence ..

You can submit additional information at the following link:

followed by the rather official looking link:

https://www.paypal.com/cgi-bin/webscr?cmd= login-run

Let’s look at the actual HTML code for this email again to see what’s really going on here. The actual code for the above link is:

< a href=”http://some-place-other-than-paypal.com” target=”_Blank”>https://www.paypal.com/cgi-bin/webscr?cmd=_login-run< /a>

The above is how a link to another area on the web is coded within HTML. Notice that the second part, starting after the “_Blank”>” section is the same as that which appears in the link given in the graphic of the actual phishing attack email above. This is the visible part of a hyperlink. Where the hyperlink actually takes you is given by the first part which in this case I have replaced with a fictitious link titled “http://some-place-other-than-paypal.com,” which is exactly what happens. The attacker takes you to a fraudulent site that is made to appear legitimate

Let’s demonstrate this with the actual working link. Note, nothing will happen here as this is a fake link and you’ll just get a “page not found” error if you try. The important thing to note is to look at the actual link given at the bottom of your browser when you position the mouse over the visible link. Notice you’re actually being shown the hidden link of “http:// some-place-other-than-paypal.com”

https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

This is the heart of a basic phishing attack. I obviously used a fictional place and did so for several reasons, in a real situation the attacker will direct the unwary user to a fake site that has been set up to look like the real thing and then have the victim submit the items mentioned above such as login names, passwords, credit card numbers and other personal items that can be exploited for personal gain by the attacker.

New and more sophisticated attacks have been developing over the past year that add a few twists and turns to how the attack is conducted but the above outlines the primary concept of redirecting the unwary user to an area meant solely to fraudulently capture the private data.

Protecting Yourself

If you receive such an email, the safest bet is to just delete it. If you believe that the email might be legitimate, don’t click on links given in the email. Instead start your browser and type in the URL for the institution yourself and then log into your account.

As an example, PayPal did send out emails to account holders a while back requiring that they agree to some changes in the terms of service. Not even bothering to see if they were legitimate, I just deleted the email, started Firefox, and logged into my PayPal account. Sure enough, there was a message there requiring some actions on my part.

Moreover you can help prevent these miscreants from plying their illicit trade by forwarding the phishing email to ‘reportphishing@antiphishing.org’.

Also, many organizations such as ebay and PayPal are using the universal email address of “spoof@the-institution-name.com” such as spoof@ebay.com or spoof@paypal.com.

Thoughts, comments and questions welcome. Tell us what you think!

PENNSYLVANIA LOTTERY WARNS PLAYERS TO BE WARY OF A SCAM USING LOTTERY LOGOS
MIDDLETOWN, Pa. – Recently, a number of consumers have received an e-mail titled “CONGRATULATION! CONGRATULATION!! CONGRATULATION!!!,” which fraudulently uses Pennsylvania Lottery logos. These e-mails, as well as other similar e-mails touting a lottery prize, are a scam according to the Pennsylvania Lottery’s Security Office.

The current fraud using the Pennsylvania Lottery name and logos is an attempt to access personal information, such as Social Security numbers or bank account information.

The Pennsylvania Lottery does not notify winners via e-mail or any other method when they win a Pennsylvania Lottery prize. Winners must contact the Lottery when they have a winning ticket. Each individual who wins a Powerball or other Pennsylvania Lottery jackpot prize must file a claim in person at Pennsylvania Lottery headquarters to receive his or her prize.

With all the main stream news surrounding these recent additions to the language
of the Internet online users are increasingly familiar with the term phishing but
perhaps less so with it’s close cousin pharming. Either way the essential thing to understand is all these scams, regardless of name, have a common theme.

They are attempts by electronic criminals to gain financially at your expense.

Electronic criminals in their phishing attempts have generally targeted large, well known institutions such as eBay, PayPal, Bank of America, and Washington Mutual. In response many such operations have implemented programs to combat the rising tide of such crime.
Responses include consumer education and improved login security procedures such
as Bank of America’s recent implementation of the their program called SiteKey.

SiteKey helps protect BOA’s customers by requiring the user, as part of the registration process, to select an image and an accompanying phrase that only the user knows. If a phishing/pharming attack attempted to get the user to logon onto a bogus site appearing to be the legitimateBank of America site the SiteKey picture and phrase for this user, if even present, would in all likely hood be different from those selected by the user when registering. This procedure acts as an extra level of protection to alert the user to the potential fraud in action.

Protection Check List

There are a number of things users can do to protect themselves from online fraud and financial scams.

1. Run Basic Security Software on your computer such as antivirus and anti spyware programs. Moreover only use proven names that are known industry leaders such as Symantec or Kaspersky in the anti virus area and PC Tools Spyware Doctor for anti spyware products. As a starter you can find some information on Anti Spyware software here.
2. Don’t Click on Links in E-mails asking you to update information.
   Virtually no financial institution will send such an e-mail. If you believe
   that the request may be legitimate then either call the institution to get
   more information and/or log onto your account using YOUR book marked link in
   your browser or by typing in the URL yourself.PayPal, for example, does periodically send out email regarding a necessary action that needs to be taken for your account. Logging into PayPay by typing the URL in the browser address box, instead of clicking on any provided link, is strong protection against being a victim of a Phishing email.
3. Report the Incident if you receive a phishing e-mail. Help yourself by helping others and report the phishing attempt. Large financial institutions and other groups are actively working to both prevent such attacks and to take down the web sites used by the attackers. The simplest response is to forward the phishing e-mail, maintaining the HTML format, to reportphishing@antiphishing.org .

Post Comments