Brainfoldb4u's Blog

Just another WordPress.com weblog

Posts Tagged ‘Phishing’

Phishing, how to stay safe!

Posted by brainfoldb4u on January 6, 2010

In response to one of the comment I received from a reader. How do we differentiate a legitimate email or website with a fake website. Here are some tips to share..

Basically, phishing is an attempt, either by email or sending you to a webpage , to trick people into revealing users personal details like username, passwords, bank details, credit card details or some other sensitive informations by pretending to be bank or some other legitimate entity. Phishing email will typically include a link to a website that appears exactly same as your legitimate bank asking you for information with some tricky questions or an attachment to fill out. Some of the recent example of phishing attacks are

  • A legitimate-looking face book email asks people to give information to help the social network update its log-in system. Clicking the “update” button in the e-mail takes users to a fake Facebook log-in screen where the user name is filled in and visitors are prompted to give their password. When the password is typed in, people end up on a page that offers an “Update Tool,” but which is actually the Zeus bank Trojan.
  • A recent e-mail scam asks PayPal customers to give more information or risk getting their account deleted because of changes in the service agreement. Recipients are urged to click on a hyperlink that says “Get Verified!”

Lets look at an example of how a fake paypal page may look like. It’s actually very similar to original one..

Say lets take Ebay as another example. Attacker can be more tricky and sneaky by, they will close the address bar in a pop-up and reproduce an address bar with the correct EBay website address.

phishing ebay one

As we look, our URL box is tricked to display some other address, but lets manually enable the address bar. For doing so, go to View-Tools-Address bar.

phishing ebay 2After carefully examining, we are not in signin.ebay.com (legitimate) we are in sing-in-sec.com(as per first screenshot, a fake page).

Phishers also are increasingly exploiting interest in news and other popular topics to trick people into clicking on links. One e-mail about swine flu asked people to give their name, address, phone number, and other information as part of a survey on the illness. And users of social networks are becoming popular targets. Many instance social networking sites like Myspace, face book and Twitter have been directed to fake log-in pages. Attackers are also turning to instant messaging to lure people into their traps. In one recent scam a  live chat was launched via the browser. The scammer communicated to victims via the chat window, pretending to be from a bank and asking for more information.

Identifying Phishing

  • Observe the sender information looking for legitimacy. There cannot be two address under same name, so there has to be some catch in the URL. Say for instance, alerts@Paypal.co.uk.” However, legitimate PayPal messages in the U.S. come from Service@paypal.com” and include a key icon. Most phishing e-mails come from outside the U.S. so an address ending in “.uk” or something other than “.com” could show it’s a phishing attempt.
  • Legitimate companies email will be more targeted than a more generic email from hackers. Legitimate companies will tend to use customer names or user names in the email, ad may also include part of account number. But a fake email will be more generic like “Dear Yahoo user”.
  • Make sure to look at the hyperlinks inside the body of the email. In most cases words in the links may be misspelled and they tend to use subdomains or letters or numbers before the company name.  Try mousing over the link you can see the real access on the bottom of the web browser.
  • If you are unsure about the legitimacy of the link that you bound to click, go to the company website to see the address listed. check your full email header to see the full email address and other information.
  • Deceptive website URL’s:  Secure websites start with https. Always confirm if website URL is correct. It is always good idea to type the website url directly in the browser and avoid following link from email. By checking the beginning of the Web address in your browsers address bar showing “https://” rather than just “http://” would make sure that you are using an encrypted secure website. A small chain will also show in your browser when you are using a secure website.

WARNING: Phishers can get you to enter their own website and create a “secure link” for you to give all the information they need. They can also spoof the windows explorer to show exactly what they want by putting a window in top of the other, covering the real internet URL

  • Sense of Urgency-Phishing emails generally use scare tactics. These emails try to force customers in taking action by stating that account is about to be closed if account information is not verified. Always suspect email that seems to generate a sense of urgency.
  • If the e-mail has an attachment, be wary of .exe files. Scammers like to hide viruses and other malware there so it executes when opened.
  • Do not be fooled by the look of the Web site you may be directed to. The Web site may look just like a real bank or PayPal page, including the use of the real logos and branding. It could be a good fake page or it could be a legitimate page with a phishing pop-up window on top.

Avoiding Phishing

  • Regarding emails: DO NOT trust emails urgently requesting personal financial information !
  • Be sure not to call any number or use any link in the suspected email as this may put you in the hands of those responsible for the phishing attack. Note: By using a trojan horse spyware, phishers can change your HOSTS file which thereby redirects specific URL’s to a page of their choosing. They could copy your banks webpage and redirect you to their fake bankpage even if you wrote the exact correct address into the address field. This means; You MUST have control over your HOSTS file.
  • Be suspicious of impersonal emails.
  • NEVER fill out forms in email messages that ask for personal financial information
  • Be suspicious of email links. Never trust it! There are ways to “spoof it” !
  • Always make sure that you’re using a secure website when submitting credit card or other sensitive information via your Web browser
  • Regularly log into your online accounts
  • Ensure that your browser is up to date and security patches applied

Posted in Information Security, Phishing | Tagged: | 1 Comment »

Phishing

Posted by brainfoldb4u on January 1, 2010

Phishing:

One of the hot topic of 2009 Information Security industry is phishing. According to a Truster’s  recently released report with the sample of 3 million users over the period of 3 months time, it is identified that 45% of the time, users were spoofed into a fake  log on page.  The report also claimed that  most of the discovered phishing sites are live and also has the capability to bypass anti-spam and anti-phishing protection if any present on the victims browser.  Banking along with online shopping cart users are the most targeted and affected among the phishing victims.Below graph from Phishtank shows phishing sites by country of host for Nov 2009.


In phishing attack, hackers create an almost identical looking replica of a chosen banking or online shopping web site , then attempt to trick users to show personal information and log in credentials like user name, password, PIN number. Trapped user will fill the form thinking it as the legitimate website , exposing wide window of opportunity to hackers to misuse  victims sensitive information.

Hackers uses various phishing techniques to victimize users to make them access their fake web page, one such method is by sending email that pretend to be from your debit or credit card company asking you to update your personal information. Being a look-alike of a legitimate website, recipient will click on the link in the email, they are directed to the fake website and where they are tricked to expose their information.

To stay protected, below are some of the steps a user can take:

  • Check for digital signature, unless the email is digitally signed, email cannot be trusted to pass on the sensitive information.
  • Be aware of such fake emails, remember it is highly unlikely that your bank will ask your sensitive information by email.
  • When there is a need to fill in your log in details in a webpage look for https in your URL box. Also look for lock symbol on the lower right hand corner of the web browser. Double clicking the lock will enable your access to digital certificate. If you don’t see both https and secure lock do not give your information. Alternatively contact your bank by telephone.
  • Instead of clicking the link from your email message, try typing the URL into your web browser .
  • Mozilla’s current version 3.5 has good anti phishing functionality and using Mozilla Firefox may provide more advantage over phishing sites.
  • Make sure to update your web browser of choice with updated security patches.
  • Check your bank account regularly once making transaction, if you note any suspicious activities, report your bank immediately
  • Always report “phishing” or “spoofed” e-mails to the following groups:
  1. forward the email to reportphishing@antiphishing.org
  2. forward the email to the Federal Trade Commission atspam@uce.gov
  3. forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)
  4. when forwarding spoofed messages, always include the entire original email with its original header information intact
  5. notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

Phishing statistics for the month Dec 2009.

Phishing statistics below are from 1st December 2009 records from phishing. While visiting the below mentioned websites make sure to verify the above mentioned tips and minimize the risk of getting victimized.

Popular Targets

Top 10 Identified Targets Valid Phishes
1 PayPal 10,361
2 Internal Revenue Service 870
3 Tibia 784
4 eBay, Inc. 458
5 Facebook 439
6 Bank of America Corporation 270
7 JPMorgan Chase and Co. 202
8 HSBC Group 201
9 Google 146
10 HSBC 121

Phishing URLs

In November, 278 phishes (5% of valid phishes that month) used an IP address (i.e. http://12.34.56.78) and 4,980 (or 95%) used a domain name (i.e. http://example.com).

Top 10 Domains (valid phishes)
1 atspace.com (237)
2 submissionradio.com.au (67)
3 oksamyt-inter.com.ua (60)
4 85studio.pl (50)
5 sisek.net.ua (49)
6 virtualbattlespace2.com (44)
7 wilsden.com.au (40)
8 110mb.com (39)
9 aidastreasures.com (37)
10 dezigner.ru (34)


Posted in Browser Security, Hacking, Information Security | Tagged: | Leave a Comment »