Disecting a phishing email

From Jonsdocswiki

Jump to: navigation, search

Phishing emails are becoming more and more common but what exactly is a "phishing email" or is this just another IT professional buzzword to earn them bucks while bamboozling their clients?

Contents

What is phishing?

Phishing is where an attacker attempts to gain access to your account by fooling you into giving them your details. For example, and email that looks like it's from Facebook asking you to login to read some urgent message - you click their link, type in your details and they keep them to use against you later. If the phisher is smart you'll be logged into facebook automatically afterwards and you'd possibly never notice a problem.

The important thing to note is that if the email directs you to a website it'll likely look just like the real thing.

According to Wikipedia: In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
(Wikipedia contributors. Phishing. Wikipedia, The Free Encyclopedia. April 7, 2010, 14:22 UTC. Available at: http://en.wikipedia.org/w/index.php?title=Phishing&oldid=354533089. Accessed April 8, 2010.)

How it works in more detail

  1. Phishing email is sent from harvested email addresses.
    • Quite often these email addresses are taken from forum sites or any publically accessible area where email addresses are displayed in plain text (e.g. phishme@gmail.com)
  2. Recipient opens the phishing email.
  3. Email appears to be from a company the person deals with, e.g. facebook, so they click the link.
  4. The webpage loads and looks exactly like the real thing.
  5. User types in their details and clicks the login button.
    • Often more detail than usual is collected e.g. mother's maiden name, national insurance number.
  6. The phisher gets an email that new details have been recorded - this will contain all your details or show the phisher where they can be found.
  7. You receive a logon error or you're logged into the genuine site.

Phishing email tell tale signs

Quite often the phishing email will have tell tale signs that what you're looking at is bogus:

  1. Poor spelling - a lot of phishing emails aren't written by native speakers of the language (often English) and spelling errors often creep in.
  2. Poor grammar - misplaced commas, bad sentence structure and the wrong word order (e.g. "you important message").
  3. Contains a link - the phishing email is only half the scam.
  4. Odd colours and formatting - tries to make the email look more friendly.
  5. From a company you don't deal with!
  6. Companies don't email you asking you for your details.

An example email

HSBC Phishing Email

In the picture, right, you'll see an email I received recently claiming to be from HSBC with a subject of "You Have 1 New Security Message Alert!". If we run down our tell tale signs:

  1. Poor spelling - This email doesn't suffer from this problem.
  2. Poor grammar - Grammar isn't too bad in this message although there's an over use of capital letters ("You Have 1 New Security Message Alert!").
  3. Contains a link - the link is on the words the "Click here to resolve the problem".
    • A quick look at the link shows it goes to http://somebadsite.com/www.hsbc.com (I've changed the address but you can see the HSBC bit isn't correct and the address is wrong).
  4. Odd colours and formatting - the link has a pale yellow background. Also, to the emails credit (bad for us) they've used the correct HSBC logo (which they've linked to straight from the real HSBC website).
  5. From a company you don't deal with! - I don't bank with HSBC so oddly enough I'm not fooled.
  6. Companies don't email you asking you for your details.


Protecting yourself

The Internet is a big place, it has no particular police force and it's not at all easy to stay 100% safe. That said, a few simple tips:

  • If you get an email asking you to login to a website don't click their link - type in the address yourself. So, for example, if eBay asked me to login to read their updated terms and conditions I'd be typing in www.ebay.com not clicking on the link in the email!
  • Ensure you're running an up-to-date antivirus program - this won't stop the spam or the phishing emails from reaching your inbox but often if you do click the link you'll be sent to a website that will try an put malware or viruses onto your computer.
  • Run a firewall on your computer - again, this won't stop the spam or the phishing emails but should stop the bad guys getting to your PC specifically (or stop bad programs getting out).
    • Windows XP SP2, Vista and 7 come with a firewall built in.
  • Tell your email client not to show images in your emails - phishers can exploit your email client to get it to take you staight to their website.
    • Most email clients won't automatically show these now.
  • Don't drop your guard.

See also

Retrieved from "http://www.jonsdocs.org.uk/wiki/index.php/Disecting_a_phishing_email"
Personal tools