Thursday, January 18, 2007

Gone Phishing

In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message,[1] although phone contact has been used as well[2].

Imagine my surprise this morning when I received an email notice from a bank I don't belong to, asking me to update my personal account information.

(Click on all images to view clearly)



My first clue that this wasn't real, was the fact that I don't bank at this bank, located in the USA.

My second clue was the email address they used for the bank, Hmm, a huge bank using the facilities of Yahoo?!?

My third clue was the link they wanted me to follow.

It looked ok,

https://www.wellsfargo.com/biz/products/online_banking/overview.jhtml

But the address written in the html was actually:

http://wells-fargo-update.net/cgi-bin/index.php.

And when an email tells you to go one place, and sends you to another place, well you gotta wonder.

The site they wanted me to go to was the Wells Fargo Bank site:




But they created a lovely copy of the site, bought the fake domain name, http://wells-fargo-update.net/cgi-bin/index.php, and direct people there to leave behind their usernames and passwords.

The fake looks like this:



Nearly the same, except they don't include a sitemap, just so you won't get sidetracked to the real site.

And the links on the fake page direct you back to the real site pages, to get the information you require.

Again, what they are after is your username and password, so that they can access your account and take control of your investments, funds, and life.

Nice eh?

The domain name, wells-fargo-update.net (The fake site) was purchased and set up yesterday/today. And will expire in one year.

Domain Name.......... wells-fargo-update.net
Creation Date........ 2007-01-18
Registration Date.... 2007-01-18
Expiry Date.......... 2008-01-18
Organisation Name.... Sandra C. Kennedy
Organisation Address. P O Box 99800
Organisation Address.
Organisation Address. EmeryVille
Organisation Address. 94662
Organisation Address. CA
Organisation Address. US

The Internet company which registered this domain for "Ms. Sandra C. Kennedy" was www.melbourneit.com, an Australian company, legitimate or not.

The sad part is that this con will trick some people and they will loose. And those who will loose the most will be the gullible and often the aged.
So we need to become more aware of these schemes.

Wikipedia tells us what to do in regards to Phishing:
Users who are contacted about an account needing to be "verified" (or any other topic used by phishers) can take steps to avoid phishing attempts by modifying their browsing habits. Users can contact the company that is the subject of the email to check that the email is legitimate, or can type in a trusted web address for the company's website into the address bar of their browser to bypass the link in the suspected phishing message.[39]

And there you go.
If you get an email from an organization you usually would trust, give them a phone call, and not using a phone number located on the email itself, but rather look it up in your phone book.

The other option is to type in the real www address as you know it, into the address bar at the top of your browser.
These kinds of post-modern day thieves wouldn't put the big effort into this kind of a con, if it didn't work. So they are obviously making money on it.

Lets practice safe surfing, and be aware.


This public announcement brought to you by the editors and owners of randallfriesen.com.
Warning--For temporary use only. Long-term use of this product may lead to faster bone loss, continuing irritation, sores, and tumors. For emergency repairs only. Long-term use of home-repaired dentures may cause faster bone loss, continuing irritation, sores, and tumors. This kit for emergency use only. See Dentist Without Delay.

9 comments:

  1. I've received numerous requests from "eBay" and "Paypal" to update my account or something or other to keep it from expiring. It all looks very legit, but I was too skeptical to do anything about it. I figured I could always start a new account if my old one expired (neither have expired, incidentally).

    It makes me so mad the things people will do...

    ReplyDelete
  2. On first glance, other than the Yahoo origin, it is written quite well. Usually there are numerous grammatical or spelling errors or misused words like "then" instead of "than" which is my big English language pet peeve.

    Good job for noticing the address differences Randall. I'm not too concerned about myself or my wife ever falling for those but my dad, who isn't quite sure about where the address bar is yet after the numerous lessons I've given him, is the one I think of when these scams arise. I've got him convinced to ask me first if he isn't sure. Maybe Wikipedia should add that tip, ask someone more experienced, to their information.

    ReplyDelete
  3. It's also worth remembering that no company will ever ask you to update details. When I log onto my online banking and Paypal there are regular messages to that effect.

    ReplyDelete
  4. It's sad that we can't just trust everyone, but this is reality. I keep on nagging my kids about safe Internet use. I'll have them read your excellent post.

    ReplyDelete
  5. I lost $2000 a few years back when I was offered a 'second chance' by e-mail on an e-bay item I had bid on and lost. Unfortunately, I didn't investigate it sufficiently, and hadn't yet heard of 'phishing'. In hindsight, there were plenty of warning signs I should have picked up on... Though the scofflaw(s) that scammed me did a superb job of mimicking the e-bay site and e-mail content.

    ReplyDelete
  6. Ouch!!

    That's an expensive education.

    Thanks for bringing the point home for the rest of us Andrew.

    ReplyDelete
  7. Good to remind people, Randall. Well worth remembering Dan's point too. Legitimate banks etc NEVER ask you to verify your identity like that, as they always know it to begin with.

    ReplyDelete
  8. The other thing that many legit sites were reporting was that most legitimate sites will also use personal info.

    Addressing it to Randall Friesen rather than to "Dear Customer."

    Or including some personal bit of information.


    Although the blighter's are even finding ways to do this too.

    ReplyDelete



Play nice - I will delete anything I don't want associated with this blog and I will delete anonymous comments.