Archive for 14/03/2009

Phishing, don’t get suckered!

14/03/2009 by Bertha.

Phishing:

(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Source: Webopedia

Everyone gets them (even from the banks they don’t have accounts with) but do you know how to recognise a Phishing E-mail and it’s related site? Read on…

Phishing E-mail The E-mail shown to the left is a genuine Phishing e-mail supposedly coming from the Halifax. Click on the picture to see a full size version if you want to have a better look.You can ignore the red area (boxed and labeled 1) as this has been inserted by Outlook to warn that the e-mail is suspect. The program you use for reading your e-mails might not be so determined in giving a warning.Now look at the box labeled 2. You will see that it’s round the “To:” section of the header area and there’s nothing there! If this were a genuine e-mail from your bank there would be your address in there. Unfortunately for the Phishers, they don’t know your address so they have to leave it blank. This is the number one giveaway.Now on to box 3. It looks wrong. Why? No pictures! Think of all the e-mails you receive from large companies offering you a service. There is always a series of pictures even if they are only the company logo. Yet here, on a supposedly very important e-mail, there are none.
Halifax Phishing site. If you have been caught out by the Phishing E-mail above then you will arrive at this site (again click on the picture to see it in full size). At first glance it looks convincing. Unfortunately for the Phishers the Halifax have just updated their site and so the Phishing site still looks like the old genuine site. Not a problem as people are unlikely to notice and keep going if they don’t know what to look for.So what should you look for? Three boxes again, numbered 1 to 3, which should be compared with the genuine article below.Box 1 shows the address of the site you are visiting. Two things to notice here. Firstly, the address should start with the letters “https” where “s” stands for secure. Secondly, the next bit shouldn’t be a series of numbers but a written address starting with “www.”Box 2 should have a little gold coloured padlock in it, right at the end of the address bar but before the two little blue arrows.

Finally, in box 3 both the Phising and Genuine tabs are shown. The Phising version (on the left) just has an “E” icon and the words “Online Service”.
Halfax Genuine site. Compare this, the genuine site, with the Phishing one previously.The address starts with “https” and has the full Halifax address in words (box 1).In Box 2 you can see the padlock symbol showing the site is a secure, encrypted one.In Box 3, the genuine site (to the right) clearly shows the Halifax icon along with a full title of the page being viewed.

So there you have it, the secrets of telling a Phishing setup from the genuine article.  If in doubt though use the simpler way of staying safe. Never give details out to someone who approaches you. That includes not just following links from e-mails, but telephone calls too.

 If someone e-mails or calls wanting any personal details don’t give them. Instead contact the organisation involved as you usually would (log onto their web site as normal, telephone them using a number from a bill or statement you already have or call in to see them at the local office) and deal with the matter then. Remember, you have no way of knowing for sure where a cold call or an unsolicited E-mail has actually come from!

Posted in Bertha's musing | Print | No Comments »

|