Phishing

What is Phishing?

Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients.

Phishing emails come in so many different forms, it would be impossible to list them all here, but a few include subjects like; You won money from somewhere, or Someone is trying to find you, Your new account has been verified, You have a free gift waiting, etc...

Let's look a little closer at Phishing. The latest e-mail you just received about your amazon account being out of date and needing to be updated should do. First, Phishing has evolved well beyond the limits of traditional spam. You should notice that the writing is polished. (Yep, they finally mastered that tricky spelling and grammar checking doodad in their mail program.) They even pay attention to the little details such as pointing you to their customer service page and including common mailer images as well as the company logo. The clincher is the web address that is included. Click on the link and look at the web page it loads. (Don't fill in ANY personal data.) By looking at the anatomy of this carefully constructed page, you should be able to discern a legitimate login page from an impostor. Notice the address bar. A login page will point to a secure (https://) area of their domain (www.onlinecompany.com) while an impostor could use a secure or unsecure (http://) port and will likely point to (www.someWEBhost.com/www.legitimatevendor.com). The area before the slash (/) is your tip-off. As a rule, always go to the vendor from their own main page by typing the URL (web address) in by hand. You can then use the login link to access your account.

Pharming has also been termed 'phishing without a lure'. This is because some nefarious programmer has gone to the ultimate low and bundled extra code into that free utility, game, or other cool application that is now a free download. Such code can lead to popup windows claiming that your identity has been stolen and to click the link to fill out a form in order to report the incident. These forms then collect your data. The most common occurrence of such software; however, is to redirect requested addresses of well known online sites such as e-bay, amazon, or pay-pal to a false login page that will collect the login information and e-mail it to the attacker or store it into a database somewhere. There are three practices to prevent this type of behavior. When downloading a new program to try, do it on a test system first. Use the address checks listed for Phishing and try to visit www.amazon.com ; www.ebay.com ; www.paypal.com . The addresses that you should get for logging in should contain the following prefixes :

https://www.amazon.com
https://signin.ebay.com
https://www.paypal.com

After you have verified that the software is safe, you may install it to a regular system. Utilities that can be particularly useful in the capture and removal of such malware are Lavasoft's ad-aware software (www.lavasoftusa.com) and spybot search and destroy .

If you feel particularly paranoid now, that is great. Caution leads to a desire to learn more and to not freely give away your rights and privacy. If there are terms in here that do not make sense yet, put them into a search engine and compare the results of at least five sites to make sure you have a clear idea of the term.

According to the Federal Trade Commission (FTC), the nation’s consumer protection agency, phishers send an email or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. The message may ask you to "update," "validate," or "confirm" your account information. Some phishing emails threaten a dire consequence if you don’t respond. The messages direct you to a website that looks just like a legitimate organization’s site. But it isn’t. It’s a bogus site whose sole purpose is to trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC suggests these tips to help you avoid getting hooked by a phishing scam: If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address yourself. In any case, don’t cut and paste the link from the message into your Internet browser — phishers can make links look like they go to one place, but that actually send you to a different site.

Use anti-virus software and a firewall, and keep them up to date

Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Operating systems (like Windows or Linux) or browsers (like Internet Explorer or Netscape) also may offer free software "patches" to close holes in the system that hackers or phishers could exploit. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.

Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons.

Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.

Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.

The definition of PHISHING: (fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information. For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately.

Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

How  to  avoid  Phishing  schemes:

These are just a few things you can do to protect yourself from Phishing.

Here is an example of a very well crafted PHISHING email. Please note, this was a Real email sent to a client.

Image 1

Image 2

Here is a screencapture of an email sent to 3C ISS. We will show you how to find out who is sending the email (if possibel) and what to do with the information.

Image 3

Now, here is the header information from that same email (our email has been removed):

Image 4

First, we look at the path: Received: from -1210617864 ([211.247.58.113])

This shows us the actual IP address of the sender; which in this case is 211.247.58.113. You can now do a WHOIS lookup and disect the necessary information to find their ISP and the ISP's abuse hotline. At this point, you can either call or send the ISP a copy of the email and report the emailer. Below is the information we found with a lookup.

Image 5

Next, we look at the sender SMTP: Received: from ebay.com (-1210321040 [-1213552768])
by glanclwydtr.wales.nhs.uk (Qmailv1) with ESMTP id BE94E0746B

We can see the origin looks to be from the UK ( glanclwydtr.wales.nhs.uk ), but this is most likely Spoofed.

Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator.

Malicious Spoofing

There are many possible reasons why people send out emails spoofing the return address: sometimes it is simply to cause confusion, but more often it is to discredit the person whose email address has been spoofed: using their name to send a vile or insulting message.

Sometimes email spoofing is used for what is known as "social engineering", which aims to trick the recipient into revealing passwords or other information. For example, you get an email from what appears to be the LSE's email administrator, or from your ISP, asking you to go to a Web page and enter your password, or change it to one of their choosing. Alternatively, you might receive an email asking for detailed information about a project. The From field suggests that the message comes from the LSE, but instead it is from a competitor.

Dealing with a Spoofed Email

There is really no way to prevent receiving a spoofed email. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn't make any sense, then you may want to find out if it is really from the person it says it's from. You can look at the Internet Headers information to see where the email actually originated.

Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.