No Cookies logo

berklix.com logo

berklix.org logo

Brexit Stolen Votes

flag_uk_de_icon_v.gif

BSD-PIE icon

BSD icon

Gnu icon

Linux icon

Eyes

Disclaimer

IBU

Consol

Phishing Spam (Bank Fraud etc)

http://www.berklix.com/~jhs/txt/phish.html

waspdog

This attempts to answer:
  • What to look for in a suspect Phishing email ?
  • How to look ?
  • Is there a de-fanged one I can practice on ?

EXAMPLE MUSTER

German text in Brown is unchanged (except name) as it was received, aimed at a real German bank. English text in Green has been added.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Dear customer
Sehr geehrter Kunde, sehr geehrte Kundin,

The technical department of the Bank is doing a planned upgrade to improve customer service & account management.
Die Technische Abteilung der Bank führt zur Zeit eine vorgesehene Software-Aktualisierung durch, um die Qualität des Online-Banking-Service zu verbessern.

Please click link to confirm your customer data.
Wir möchten Sie bitten, unten auf den Link zu klicken und Ihre Kundendaten zu bestätigen.

http://DogAndWaspBank.de/kundendienst/anfang.cgi?id=780543675437890543780

Please excuse any inconvenience, Thanks for your assistance.
Wir bitten Sie, eventuelle Unannehmlichkeiten zu entschuldigen, und danken Ihnen für Ihre Mithilfe.

=================================================
© DogAndWaspBank.de 2007. All right reserved. Alle Rechte vorbehalten.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

ANALYSIS & PROTECTION

Criminals copy a bank's web, modify it to steal & send on passwords, crack some internet server or private PC. (as a bank robber steals an innocent get away car), uploads the new fraudulent web pages, & spams you.

How to avoid it.

  • Do not click on bank type mails.
  • Type web addresses yourself, or mouse copy a known good address from your own local notes.
  • Copy address of bank from your file to browser with mouse. (But consider before you copy across account passwords by bluetooth (radio) mouse ? Do you trust encryption if any ? A cable mouse is more secure).
  • Enable the little window at top of browser to show you where you really are. Try under eg Edit -> Preferences -> URL display (URL = Uniform Resource Locator = posh name for web address).
  • Look extremely carefully at URLs in phishing mails: They name your bank, but take you somewhere else, typically the source looks like this:

    <A href="http://www.your-bank.com.thieves.com/customers/"> http://your-bank.com/customers/</a>

  • The difference in URL may be as little as one letter, & not as obvious as the thieves.com in the example above ),
  • To examine a potential phishing email:
    • On Unix, any old programmers editor will do, eg ed or vi, etc.
    • On Microsoft DOS or CP/M: (Any ancient editor such as Edlin would have done,but as XP etc perhaps won't have equivalents , save suspect mail enclosure to disc, & view it with a web page editor that can show where clciks go to, ie target URLs. li>
    • Or View the suspect local file with a web browser. Type into browser URL window the local file address, eg: file:///home/my_user_name/mail/suspect.txt If browse is Firefox, Click: View -> Page Source.
  • Suggestion: Practice analysing a sanitised one before you receive the next real one. To do that:
    • Save this page locally.
    • Remove top above first XXXX line,
    • Remove tail below second XXXX line.
    • Mail it to yourself as HTML
    • Note copying it from this web page with a mouse will Not work.

Further reading

Berklix.Net Computer Associates Domains Apache: Web Server FreeBSD: Operating System Brexit Stolen Votes