Phishing Spam (Bank Fraud etc)
This attempts to answer:
- What to look for in a suspect Phishing email ?
- How to look ?
- Is there a de-fanged one I can practice on ?
German text in Brown
(except name) as it was received, aimed at a real German
bank. English text in Green
Sehr geehrter Kunde, sehr geehrte
The technical department of the Bank
is doing a planned upgrade to improve customer service
& account management.
Die Technische Abteilung der Bank
führt zur Zeit eine vorgesehene
Software-Aktualisierung durch, um die Qualität des
Online-Banking-Service zu verbessern.
Please click link to confirm your
Wir möchten Sie bitten, unten auf
den Link zu klicken und Ihre Kundendaten zu
Please excuse any inconvenience,
Thanks for your assistance.
Wir bitten Sie, eventuelle
Unannehmlichkeiten zu entschuldigen, und danken Ihnen
für Ihre Mithilfe.
2007. All right reserved. Alle Rechte vorbehalten.
ANALYSIS & PROTECTION
Criminals copy a bank's web, modify it to steal & send on
passwords, crack some internet server or private PC. (as a
bank robber steals an innocent get away car), uploads the new
fraudulent web pages, & spams you.
How to avoid it.
- Do not click on bank type mails.
- Type web addresses yourself, or mouse copy a known good
address from your own local notes.
- Copy address of bank from your file to browser with
mouse. (But consider before you copy across account
passwords by bluetooth (radio) mouse ? Do you trust
encryption if any ? A cable mouse is more secure).
- Enable the little window at top of browser to show you
where you really are. Try under eg Edit -> Preferences
-> URL display (URL = Uniform Resource Locator = posh
name for web address).
Look extremely carefully at URLs in phishing mails: They
name your bank, but take you somewhere else, typically
the source looks like this:
- The difference in URL may be as little as one letter,
& not as obvious as the thieves.com in the example
To examine a potential phishing email:
- On Unix, any old programmers editor will do, eg ed
or vi, etc.
- On Microsoft DOS or CP/M: (Any ancient editor such
as Edlin would have done,but as XP etc perhaps won't
have equivalents , save suspect mail enclosure to disc,
& view it with a web page editor that can show
where clciks go to, ie target URLs. li>
- Or View the suspect local file with a web browser.
Type into browser URL window the local file address,
eg: file:///home/my_user_name/mail/suspect.txt If
browse is Firefox, Click: View -> Page Source.
Suggestion: Practice analysing a sanitised one before
you receive the next real one. To do that:
- Save this page locally.
- Remove top above first XXXX line,
- Remove tail below second XXXX line.
- Mail it to yourself as HTML
- Note copying it from this web page with a mouse
will Not work.