| Home | About us | Courses | Announcements | Tech Info | Pictures |
Tech Advisory –
TA04
An Analysis Of “Phishing”
Handling E-mail Called “Phishing”
1. A new “spam” form
Not to be taken lightly, in recent months “phishing”, a relatively new form of e-mail spam that is employed to steal your personal information, has been growing at a disturbing pace! According to a survey of adult Internet users, as many as 30 million adults report that they have been the target of a “phishing attack” and about 3%, or 1.78 million, have given out sensitive personal information! This Technical Advisory is an attempt to examine this phenomenon and suggest “cautionary measures” to our members and others.
2. Examples of Phishing Letters
Example #1 – Smith Barney Financial Group! . . . Don’t you believe it!
Example #2 – U.S. Bank . . . Looks “official” doesn’t it???
Both examples are “bogus”, but look “very official” and are intended to influence the web user to “follow directions”!! How about the term “obligatory” in the Smith-Barney letter! Both have been received by your author and bear explanation.
3. Examining your E-mail closely
In taking a look at the message from “U.S. Bank”:
1) It uses an “Official Logo” and color scheme. The Logo is likely copied from the
actual U.S. Bank website and used in order to make the letter appear to be genuine!
2) Next is the “salutation”. Notice that the “recipient’s name” is not used! Your bank has your name on file and, if they send you e-mail, they will most likely address you by name. The “scammers” do not have this luxury and are forced to resort to “generic addressing” or “spoofing”!
3) After the salutation, you will notice that the text of the letter is not grammatically correct and is hard to read. This is a “common trait” of many phishing letters because the majority of large “phishing attacks” originate from countries that do not speak English as a native language.
4) Another example of “spoofing” is next, where the link composed in the letter really appears to be official. Clicking on this link will take you to a different address from the one that is displayed. This will be the “scammer’s” computer system or “server”.
5) Finally, the absence of any contact information is another indicator that the letter is “fraudulent”, however, many of the new phishing scam letters do include names and phone numbers, so do not treat this as a “failsafe” method for determining if the message is real!
4. Protect your Personal Information
These examples are a very “simple form” of phishing letters and are very easy to “spot”! There are others that become a little more difficult to recognize, but you can still protect yourself by being “extra careful”. Just make sure that you never send sensitive information via e-mail and that you do not use links contained in your e-mail to enter personal (sensitive) information.
5. Conclusion
In summary, if you have any doubt that the e-mail you received is legitimate, make sure that you contact the organization, directly, preferably by telephone, to check with them! Major companies that are targeted by phishing scams lose millions of dollars annually and they would rather have you call than become a victim!
This type of invasion, of the network nodes, can be controlled by the “savvy” (knowledgeable) user. It is important that “phishing” attempts be understood, and handled properly! If you contact the company directly, report the incident to them. Delete the message!
For more information about “phishing” and to see more examples of the latest phishing attacks, you can visit the Web at www.antiphishing.org. This site allows you to view actual letters, provides you with explanations about the techniques used within the letters, and allows you to report any phishing attacks that you may witness or hear about!
. . . Don’t enter your Personal Info into a computerized form!!
(unless you have personally arranged for it thru your financial institution)