Tuesday, October 17, 2006

Don't Take The Bait: Beware Phishers

We've all heard it before, "Don't open an e-mail from someone you don't know," or "Never click on a link or open an e-mail that asks you to login to your bank or other online account." Well, today I was almost suckered! Surprisingly, with all of the phishing warnings out there, thieves continue to use the same old techniques to try to trick more victims into handing over their important usernames and passwords or other sensitive information. That must mean that it continues to work!

I saw an e-mail in my Inbox from PayPal that said a payment had been sent to So-And-So for $475 for a new Nokia cell phone. What!? I was upset that perhaps someone had fraudulently used my account! By the time I had instinctively opened the e-mail, I realized the mistake I was making. Oops! That's right! Just opening the e-mail is enough to infect your machine in some cases. You see, behind that pretty e-mail message, there is code. The code tells your e-mail program (or web browser) how to display the text, images, etc. on the page. In some e-mail messages the code can send a message back to the author confirming your e-mail address (leading to more spam), or possibly install a virus or exploit another vulnerability on your computer. Note that viewing messages in the "Preview Pane" or "Reading Pane" in some e-mail programs is the same as opening the e-mail messages themselves. I recommend disabling this feature. Since this e-mail was suspect, I should have right-clicked on it to view the message source. Luckily, this e-mail did not contain any malicious code embedded in the e-mail nor did it attempt to "phone home" or install anything. But it did contain something equally disturbing.

The whole purpose of this fraudulent e-mail was to get me to click on the link in the e-mail to "Dispute Transaction" and then enter my PayPal username and password. Examining the message source code I found that behind that "Dispute Transaction" link was some code linking to another site in Germany. Gotcha! The e-mail linked to a fraudulent site that appears to be the actual PayPal site, but was actually stealing my PayPal login credentials. There were a bunch of other things about the e-mail that didn't add up, such as the non-existent shipping address that appeared in the e-mail.

"What should I do?" Remember to never click on a link in an e-mail. It's too easy for someone to mask the actual link so that it appears that you are clicking on something legitimate, but actually linking to a malicious site. If you suspect that someone may have used your PayPal (or other account), open your web browser (Internet Explorer or Firefox), and go directly to the site by typing in www.paypal.com in the browser's address bar. It is wise to not open any suspicious e-mail. With the barrage of messages we receive daily, it's difficult to distinguish the real e-mail from the junk. Use caution when opening all e-mail and remember that simply opening an e-mail message in certain instances is enough to do damage. And as always, do not open any suspicious e-mail attachments. We've all heard this advice before in regards to keeping safe online. This is just a reminder.

No comments:

Post a Comment