In the never ending attempts to trick Internet users, wanna-be crooks will try anything to steal your identity and leave you in ruins to clean up the mess. With the Internet and E-Commerce, the playing field has changed from thieves wearing masks to hiding behind technical knowledge in the form of fake emails and Phishing attempts. While some Phishing attempts are clever, others make you wonder how stupid the crooks really are.
To prevent yourself from being fooled into Identity theft, we'll look at how to disect a suspicious email, what precautions you can take, and what Phishing protection features are available in Firefox and Internet Explorer browsers to keep you from being fooled by Email Identity theft.
Phishers tend to prey on what's popular, in hopes that the percentages of people who take the bait, are large enough, even though we seen it many times by receiving email messages that look like it was sent from a trusted source that you are familiar with such as a banks, credit card companies on known online merchants. An example of this is the classic EBay Phish:
This email looks real, but is it? Let's look at this link –
they want us to click on, by moving the mouse pointer over the link and right clicking, then select Properties from the context menu:
which will display the Element Properties window:
Hmmm, that's not the same link next to Address: (circled) that is displayed in the email. If you go to eBay and click on the Sign in link, you will see the link of the page is actually different
than what the Phisher tried to trick us into clicking, which would re-direct you to their site at the address shown in the Elements Properties window.
This is the first sign that this email is a fake and an attempt to steal your Identity by having you conform your eBay account and possibly installing spyware on your Computer.
The next sign to look for, is the domain name of the link found in the Element Properties window. The domain – 0x50e713d2 certainly does not look like a real domain.
With out clicking on the link in the email message, let's see where it takes us by just entering the so called domain into our browser without the trailing back slash:
(NOTE: Do not attempt to follow this step below. This eample will will show you how Phishers re-direct you to their site, and help you understand the danger involved)
That's strange, I entered the domain 0x50e713d2 in the browser and it took me to zoomathome.com home page. But if I click on the link in the message, I get a page that looks exactly like eBay sign on page. This should raise a red flag and is the second sign that this eMail is a fake.
For that matter, a couple of days after I received the email, the site has been shutdown and is no longer available. My guess is that zoomathome.com was hacked and the Webmaster may have been contacted and decided to shutdown and fix the security hole.
Looking at the other links in the message, there are a mix of real eBay links and false links. This is another sign the message is suspicious.
How To Protect Yourself From Phishing Emails
While there are other ways to identify if a message is real or fake, for the average Internet user, the above example is easy enough for anyone to verify the authenticity of email messages.
As a safe guard, running the latest versions of Firefox or Internet Explorer will add another layer to protect you from Phishing attempts.
Firefox Phishing Filter
In Firefox, if you click on a link in a suspicious email, a pop-up window will display warning you that the site is a suspected web forgery:
Clicking on "Get me out of here!" would be a wise choice.
To check that Phishing is enabled in Firefox you can test by clicking on the following link from Mozilla:
If the above Suspected Web Forgery screen shot appears, Phishing is enabled in Firefox. You can also verify the settings by clicking on Tools \ Options from the menu and select the Security tab. Your settings should look similar as these:
Internet Explorer 7 Phishing Filter
Internet Explorer introduced Phishing security in version 7 and uses three methods of protection, by comparing the addresses you visit against a list of sites reported to Microsoft, analyze sites using characteristics common to a phishing website, and by the user sending suspected web site addresses to Microsoft which is checked against a list of other reported sites.
With IE7, if you clicked on a link in a suspicious email, the address bar will turn a different color. Also notice next to the address field, a red X next to the text Phishing Website, when clicked on will pop up a warning message:
The Phishing filter options in Internet Explorer 7 can be accessed by clicking on Tools \ Phishing Filter from the menu:
Here you can Check this Website if you suspect it to be sucipisious, turn the filter on or off (which will enhance IE 7 performance, since it skips the automatic checking), report the website, and Phishing Filter Settings, where you can disable and enable the filter.
As a general rule, if you do not recognize emails, do not following links from your email to banks or online commerce sites. Instead, use your bookmarks or type in the web page address by hand. If an email was sent from a site you are familar with or trust, but are unsure of it's authenticity, contact the site by phone to verify it was sent by the site.
Think your are ready to spot Phishing attempts? Test yourself now with the free Mcafee SiteAdvisor Phishing Quiz and see if you pass the grade!