Print | Send on Yahoo! | PDF version | RSS | Filed Under: WEEKLY REVIEW

FOCUS ON SPAM AND PHISHING ATTEMPTS

This weeks review is going to focus on spam and phishing attempts. We're going to take a closer look at some of the more recent emails and learn how to recognize spam and phishing attempts.

First and foremost when looking at email we see the Subject and the Sender. Let's take two examples: “best prices for impotence drug$!” and “taking a shower plan”. Are you subscribed to a newsletter regarding impotence drugs? In most cases the answer to this question is “No”. Then how come you get such emails in your mailbox? Guess what, it's Spam! If you indeed are subscribed to such newsletter you might be tempted to open the message, however a look at the sender might give you further details on the true nature of the email. The second subject however doesn't make much sense. Users are usually tempted to open the message out of curiosity. What you get is the following lines:

kitty toe playing sent

Site Here - Enter Site [url]

mans flash eight wiser wear
No more [url]

Total gibberish. The message doesn't make much sense and it's composed like this to avoid detection by spam filters. The main purpose of the sender was to get his link to users. Whoever clicks it is probably an unknowing, curious person. This example is advertising for an adult rated website. Another example for this sort of obfuscation would be a message with the title “RE: La Phaa .. ”, and the message starting like:

La Phaa en Ligne - la meill qualite - 100% effective

Offre speeeeecl: Viaaa 10 pl x 100 m + Ciaaa 10 pl x 20 m - 53,82 EURO

Words don't make a lot of sense again but it's obvious that they're trying to sell something. It's advertisement for impotence drugs. You wouldn't even get to the weird message if you would pay attention to the subject which states “RE: ...” which usually means a reply to a message you sent. Well did you send a message to anyone with that title? We thought so.

As a conclusion, general characteristics of spam are gibberish text, weird messages, unknown senders and replies to unsent messages. These can provide useful hints to the real provenance of a message.

However not all spam is easy to identify. Phishing attempts are far more dangerous. They mainly focus on online banks, eBay and PayPal accounts.
Usually the emails state one of the following messages to trick users into logging in using the fake website link provided:
1. that your account has been detected to undertake fraudulent activity and that you need to take a verification test to prove your identity
2. that some system update or upgrade has been made and you need to take some steps to update you account.
3. they had some system problems that they fixed and now everything works even better and faster, go and check it out.
4. some promotion announcing that if you log in that day and fill the form they provide you're going to receive some price (usually large sums of money)

Here is a recent example for such forgery. The email message was as follows:

We were unable to process your most recent payment. Did you recently change your bank, phone number or credit card?.
To ensure that your service is not interrupted, please update your billing information today by clicking here. Or contact eBay Member Services Team. We're available 24 hours a day, 7 days a week.
If you have recently updated your billing information, please disregard this message as we are processing the changes you have made.

Regards,
eBay Member Services Team
Learn more about selling with confidence.

If this email is inappropriate or in any way violates eBay policy, please help protect other eBay community members by reporting it to us immediately.

The page from the link provided to the users eBay account is identical with the original as you can see in the screenshots provided, however the address of the website will always betray the source. The original is

“https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&ru=http%3A%2F%2Fwww.ebay.com”

while the fake is

_{"http://208.234[removed].90/eBayISAPI.php?ws=SignIn&co_partnerId=2&pUserId=&siteid=0&pageType}

_{=&pa1=&i1=&bshowgif=&UsingSSL=&ru=&pp=&pa2=&errmsg=&runame=”}

Even though there are similarities, they're not the same. Never trust websites that have other domain names (or even ip addresses) then the original. eBay for example will never use anything else then ebay.com as a domain name.

Other phishing attempts this week were of a company named coastalpremium that was pretending to give away free Visa cards, another of SiteKey, that was asking you to upgrade your account in order to confirm your account details. Recent phishing attempts also targeted Case Bank, Bank of America and Paypal.