Monday, February 8, 2010

Phishing, how to stay safe!


In response to one of the comment I received from a reader. How do we differentiate a legitimate email or website with a fake website. Here are some tips to share..
Basically, phishing is an attempt, either by email or sending you to a webpage , to trick people into revealing users personal details like username, passwords, bank details, credit card details or some other sensitive informations by pretending to be bank or some other legitimate entity. Phishing email will typically include a link to a website that appears exactly same as your legitimate bank asking you for information with some tricky questions or an attachment to fill out. Some of the recent example of phishing attacks are
  • A legitimate-looking face book email asks people to give information to help the social network update its log-in system. Clicking the "update" button in the e-mail takes users to a fake Facebook log-in screen where the user name is filled in and visitors are prompted to give their password. When the password is typed in, people end up on a page that offers an "Update Tool," but which is actually the Zeus bank Trojan.
  • A recent e-mail scam asks PayPal customers to give more information or risk getting their account deleted because of changes in the service agreement. Recipients are urged to click on a hyperlink that says "Get Verified!"
Lets look at an example of how a fake paypal page may look like. It's actually very similar to original one..
Say lets take Ebay as another example. Attacker can be more tricky and sneaky by, they will close the address bar in a pop-up and reproduce an address bar with the correct EBay website address.
phishing ebay one
As we look, our URL box is tricked to display some other address, but lets manually enable the address bar. For doing so, go to View-Tools-Address bar.
phishing ebay 2After carefully examining, we are not in signin.ebay.com (legitimate) we are in sing-in-sec.com(as per first screenshot, a fake page).
[ad#Google Adsense Text and Image Adds]
Phishers also are increasingly exploiting interest in news and other popular topics to trick people into clicking on links. One e-mail about swine flu asked people to give their name, address, phone number, and other information as part of a survey on the illness. And users of social networks are becoming popular targets. Many instance social networking sites like Myspace, face book and Twitter have been directed to fake log-in pages. Attackers are also turning to instant messaging to lure people into their traps. In one recent scam a  live chat was launched via the browser. The scammer communicated to victims via the chat window, pretending to be from a bank and asking for more information.

Identifying Phishing

  • Observe the sender information looking for legitimacy. There cannot be two address under same name, so there has to be some catch in the URL. Say for instance, alerts@Paypal.co.uk." However, legitimate PayPal messages in the U.S. come from Service@paypal.com" and include a key icon. Most phishing e-mails come from outside the U.S. so an address ending in ".uk" or something other than ".com" could show it's a phishing attempt.
  • Legitimate companies email will be more targeted than a more generic email from hackers. Legitimate companies will tend to use customer names or user names in the email, ad may also include part of account number. But a fake email will be more generic like "Dear Yahoo user".
  • Make sure to look at the hyperlinks inside the body of the email. In most cases words in the links may be misspelled and they tend to use subdomains or letters or numbers before the company name.  Try mousing over the link you can see the real access on the bottom of the web browser.
  • If you are unsure about the legitimacy of the link that you bound to click, go to the company website to see the address listed. check your full email header to see the full email address and other information.
  • Deceptive website URL's:  Secure websites start with https. Always confirm if website URL is correct. It is always good idea to type the website url directly in the browser and avoid following link from email. By checking the beginning of the Web address in your browsers address bar showing "https://" rather than just “http://” would make sure that you are using an encrypted secure website. A small chain will also show in your browser when you are using a secure website.
WARNING: Phishers can get you to enter their own website and create a "secure link" for you to give all the information they need. They can also spoof the windows explorer to show exactly what they want by putting a window in top of the other, covering the real internet URL
  • Sense of Urgency-Phishing emails generally use scare tactics. These emails try to force customers in taking action by stating that account is about to be closed if account information is not verified. Always suspect email that seems to generate a sense of urgency.
  • If the e-mail has an attachment, be wary of .exe files. Scammers like to hide viruses and other malware there so it executes when opened.
  • Do not be fooled by the look of the Web site you may be directed to. The Web site may look just like a real bank or PayPal page, including the use of the real logos and branding. It could be a good fake page or it could be a legitimate page with a phishing pop-up window on top.

Avoiding Phishing

  • Regarding emails: DO NOT trust emails urgently requesting personal financial information !
  • Be sure not to call any number or use any link in the suspected email as this may put you in the hands of those responsible for the phishing attack. Note: By using a trojan horse spyware, phishers can change your HOSTS file which thereby redirects specific URL's to a page of their choosing. They could copy your banks webpage and redirect you to their fake bankpage even if you wrote the exact correct address into the address field. This means; You MUST have control over your HOSTS file.
  • Be suspicious of impersonal emails.
  • NEVER fill out forms in email messages that ask for personal financial information
  • Be suspicious of email links. Never trust it! There are ways to "spoof it" !
  • Always make sure that you're using a secure website when submitting credit card or other sensitive information via your Web browser
  • Regularly log into your online accounts
  • Ensure that your browser is up to date and security patches applied