Phishing: Examples

Phishing is a fraudulent attempt, usually made through email, to steal your personal information, such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account.

In order for Internet criminals to successfully "phish" your personal information, they must get you to go from an email to a website. Phishing emails will almost always tell you to click a link that takes you to a site where your personal information is requested. Legitimate organizations would never request this information of you via email. The best way to protect yourself from phishing is to learn how to recognize a phish.

The followings are examples of phishing:

1. This is a phishing scam targeting Washington Mutual Bank customers. This phish claims that Washington Mutual Bank is adopting new security measures which require confirming ATM card details. As with other phishing scams, the victim is directed to visit a fraudulent site and any information entered on that site is sent to the attacker

2. Here is another phishing scam targeting SunTrust bank customers. The email warns that failing to comply with the instructions may result in account suspension. Note the use of the SunTrust logo. This is a common tactic with 'phishers' who often use valid logos they have simply copied from the real banking site in an attempt to lead credence to their phishing email.




3. As with the SunTrust example, this eBay phishing email includes the eBay logo in an attempt to gain credibility. The email warns that the account has been used by a third party without being realised and verification must be done immediately.

4. This example is a phishing scam, where the attacker pretends to be Citibank. It claims that the bank lost its customers e-mail addresses and they need the customers to verify their e-mails by submitting credit card numbers.

Upon clicking the link the user is taken to the following authentic-looking page:

5. This example uses a technique known as URL spoofing. The origin of this technique is that a malformed URL will not be displayed properly by certain web browsers, and this allows the hacker to trick you into thinking you are on a legitimate website. In this example, the hacker sends an email containing a graphic asking you to click the link.

Despite appearances, the link tries to take you to: http://olb.westpac.com.au[special/ unprintable characters]@68.112.112.35:8888/asp/index.htm (which can be seen if you hover the mouse over the graphic).

The nature of the web browser fault is that everything after the special unprintable characters will not be shown in the address bar, so all you see is http://olb.westpac.com.au, which makes you believe you are on the Westpac website. However, the real page is http://68.112.112.35:8888/asp/index.htm. The significance of “olb.westpac.com.au[special unprintable characters]” is that you are logging in with this username, which is a necessary part of making this attack work.

So now that you have been tricked into visiting http://68.112.112.35:8888/asp/index.htm, two web pages are spawned, one is a legitimate page on Westpac's site (http://www.westpac.com.au/internet/publish.nsf/Content/PBOB+Terms+and+Conditions), and one is a window (without an address bar), that is a fake: