security

Phishing Exposed

1 Comment

I know there is alot of information about Phishing attacks (attempts to trick users into logging into fake sites with credentials for things like ebay or paypal), but I am seeing more and more sophisticated attacks and felt that I had to raise the warning again.  In our company and those clients who listen to our advice, it is a general practice to remind the staff of anything important from time to time, such as virus warnings in case people’s guard has fallen or there is a new twist on attack vectors.

In that spirit, when I see a more potent phishing attack I think it is wise to remind people about the hazards.

The message that caught my attention and spawned this post invited me to “Verify your PayPal Account” in the subject.  As I had just messed with PayPal, I was particularly vulnerable, just as an employee whose brother was on vacation would likely succumb to something spoofing him that said, “see the photos” (from an actual client case).  Being very wary of anything online (or otherwise), I examined the actual destination of the link that looked like it would take me to “https//www.paypal.com/login” and noticed that the link actually pointed me to http://paypal.com.login-user488.info/login” (URL changed slightly to protect the innocent and not aid the guilty).  At first glance you might not notice that the domain isn’t paypal.com, but is actually login-user488.info.  This could be a very painful mistake for the user who goes to this page and types in their paypal credentials which are likely linked to their credit card.  This is the online equivalent of using a fake cash machine and punching in your PIN for the bad guys to harvest later.

The moral of this story is to be wary even of emails you expect as the attacker might just be lucky to hit you at the time you expect their kind of luring message.  It is a very costly mistake.  In most email clients such as Outlook you can see where a link points by just holding the mouse cursor over the link without doing any clicking.  A better practice is to open up the browser yourself and type the address of the site yourself and then you know you are going where you think you are going.

If you wish to stay up to date on phishing attacks I will do my best to bring up reminders from time to time, but you should also check regularly on Duane Laflotte’s blog as in the process of running our security practice at CriticalSites, he tends to see ALOT of these.