Phishing schemes have become increasingly more common these days and, as we have seen over the past couple of days, can come as a big shock to the general public who are not aware of the concept of these scams and therefore not aware when they are falling for one.As has been confirmed today, phishing attacks are wide-spread across many different webmail services - such as Hotmail, Gmail and Yahoo! Mail - but they can also be designed to fool users of social networking websites and even trick people into handing their bank details over to complete strangers.
The problem with most phishing scams is that they are so well designed that even the most web-savvy users can fall for them. The emails that are sent look genuine and the webpages that they link to also look legitimate, in both their design and URL.
Here is a real example of a phishing email recently sent to some Windows Live Hotmail users:
Obviously the main flaw with this email is that the encoding is set to Arabic and the text is therefore shown formatted right-to-left instead left-to-right. However, look closer and you will see many of the tricks of phishing emails.
The email says that it is from Microsoft Customer Support, something that many would easily believe. For those that might want further proof, the email says that it is from postmaster@live.com (the "postmaster" address is very commonly used to identify the administrator of any email server). Both of this tricks have been used to make the email appear genuine and, along with the subject of An important message for your email, encourage the recipient to open the message.
So now that you may have been tricked into opening the message, let's look at the content. The text is written in a very simple style to make it easy to read and to match the style of writing that an authentic message form Microsoft might use. The Windows Live logo is included as most Hotmail users will be familiar with it and the brand so will be more trustworthy of the writing that is to follow. The image itself is actually a file that is hosted on the Microsoft servers and used by the company in other correspondence. It can easily be embedded anywhere, as you can see below:
http://gfx1.hotmail.com/mail/w3/ltr/welcom...live_header.jpg
The message talks about how the reader "must configure" their account which will encourage them to follow the instructions included, making them subconsciously scared of any bad consequences - such as having their account closed or deleted - if they do not. The text says there should be a code included in the email and, because it is not there, many readers of the message will think there is some problem that can be solved by clicking the link - which is the only other prominent thing in the email - so will be more likely to do so.
The text of the link is the URL of Windows Live Account, a genuine Microsoft website where you do actually configure your account. The URL even has parameters attached to make it look more legitimate, with a standard mkt used on many Windows Live URLs (which in this case is defined as EN-EN, the English language being something that would apply to anyone reading the message as it is written in English) and a random alphanumeric string which looks like it would be a specific ID that applies only to the recipient and reader of the message.
To make the message look even more real, it ends with a jovial message and a standard copyright message, referring to Microsoft to again draw up any trust that you might have in the brand.
As with the vast majority of phishing messages, actually clicking on the link in the email loads up a different URL to that which is written out. In this case it leads us to:
http://login.live.com.login.srf.wsignin.act-939001820183093.8982190oieenue.default.aspx.id-1033.[domain removed].com/gin.live.com.login.srf.wsignin.act-939001820183093.8982190oieenue.default.aspx.id-1033/login.srf.htm
Compare this with the official login page for Windows Live Account:
https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1254845799&rver=5.5.4177.0&wp=SAPI&wreply=https:%2F%2Faccount.live.com%2Fsummarypage.aspx&lc=2057&id=38936
At a quick glance they look very similar. Both contain the phrases login.live.com, login.srf, wsignin and aspx along with seemingly random strings of numbers. The thing to notice is that the official login page is on the login subdomain of live.com whereas the URL that the email pointed to features many subdomains, meaning that the actual domain that the page is hosted on is hidden in the middle of the address.
This is a problem that web browsers are trying to solve, with many including filters to warn you of when you are on a suspicious website. Internet Explorer 8 also introduced domain highlighting to make it a lot clearer which domain you are actually on.
Looking at the contents of the bogus page shows that the layout is exactly the same as a slighter older version of the current standard Windows Live ID login screen. As in the email, the images shown are actually hosted on Microsoft servers. Due to the familiarity of the page, people will not think twice about entering their login details as they would do on the genuine login screen. The difference here is that when you click the Sign in button, instead of logging you in to what you expect it actually submits your details to the phishers and then reloads the same page. Many will probably then just try again, which will actually allow the phishers to confirm your details and check that you typed your email address and password the same each time.
After eventually giving up trying to login on the fake website, many people would still be none the wiser that they had just handed over their email address and its associated password to fraudsters. Not only does this allow them to access your emails or use your account to send spam, but - once in your inbox - they can get any personal details that you may have in your messages, such as your bank or PayPal accounts, and leaves you wide open to threats ranging from identity theft to credit card fraud.
If you are concerned that you may have been caught up in a phishing scam on your Hotmail or Windows Live account then take a look at the advice from Microsoft, or find out how to help protect yourself from these difficult to spot scams.
Just while reading this post, i got an email...It asked for my username/pwd etc...
I gave the user name as the same where it came from...(sportsjourno@hotmail.com) and sent the following attached email..
But many people around here, still think many of these emails as real & they send there password with correct D.o.B too :-(
I just delete the stuff or throw it into the junk folder so the email address gets flagged
Anyway - the problem is major & you have to admit that.
NOT ONLY : people respond to phishing mails & provide correct details
BUT ALSO : the password (from the leaked list) carries a great pattern for those who cares for it.
Most of the UK residents' password bears "beatles" or similar UK based obsession keyword. US based ID's carry love & looser things & Mid-Europe includes god/satan disorders (even after 10+ years of the movie "Hackerz"). Only Latin americans' are a bit innovative in their own special way.
In my opinion, the most prominent reason of PHISHING attack is - cryptic & long login urls.
& its time to direct to users to www.yoursite.com/login.php & get all the data through POST removing complexity (from users' end).
I just delete the stuff or throw it into the junk folder so the email address gets flagged
Ya, true...
Rule 2: NEVER give out your password
/facepalm
Not really, Microsoft has blocked access on all the e-mails.
1. There are awkwardly worded sentences
2. The page is aligned right with punctuation in strange places (to the English language)
If I were to get that e-mail, I would have instantly said "Something isn't right" and deleted it. I seriously don't get the people that fall for that crap.
Believe me, there are lots of people who do that.
That's why phishing is still the general attack that receives people nowadays.
When someone receives an unwanted junkmail item they simply tape a brick to the item and write 'Not at this address' on it. The Post Office is then legally obliged to return the mail item - with attached brick - to the sender. They are not allowed to remove the brick. The sender then has the expense of paying for the postage of the brick. A serious financial disincentive even if only a few hundred do it.
If we could do something like this with spammers and phishers it would be great.
http://www.foxnews.com/story/0,2933,561240,00.html
http://www.sophos.com/blogs/sophoslabs/?p=6719
Oh, and there is no such thing as a "who blocked me on msn" service, it's a fishing attack, spread the news and humanity will be better of
i guess thats what you get when a msn user is a paranoid freek who crys like a baby when some one blocks them.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.