Friends and family are often surprised when they find out that I only rarely run an anti-virus program. That despite the lack of anti-virus software, high levels of web use, and regular downloading [open source programs, images, etc.] I vary rarely get hit by viruses. Similarly I have very few issues with spyware infestations. You’ve no doubt heard about spyware and have been told to be careful when opening e-mail attachments, but if you’re like most web users you probably are not overly familiar with phishing links and the danger they pose. These links are the Trojan Horse of the modern Internet created for the specific purpose of harvesting your login and password information.
On a daily basis I see the results of successful phishing on friends FaceBook and MySpace accounts as their accounts are hijacked and turned into viral spam generators. Even among the web savvy Millennial Generation people don’t know what to look out for and fall victim to phishing regularly. Far more advanced than the early Nigerian banking phishing e-mails modern phishing attacks are carried out in a number of much more subtle ways and can compromise even your most secure online banking logins.
I mentioned FaceBook and MySpace but don’t think phishing ends there. Quite the opposite. Your bank account and auction accounts are prime targets and can lead to identity theft. Arstechnica which is a major web technology news outlet recently reported that, “47 percent of all phishing attacks were being launched at either eBay or PayPal, an eBay-owned company” view the full article here. While I believe that these figures deal more with financially oriented phishing scams and fail to consider the porn/ringtone/other types of phishing which is a regular occurrence on social networking sites – it should give you an idea of the severity of the issue.
You’ve no doubt been told not to click on links you don’t recognize, not to install programs you’re not familiar with, and not to open random e-mails but what happens when a friend sends you an e-mail or posts something on your wall like this message I recently received on my facebook wall from a friends account:
MANNNNN this place just hooked me up w/ F REE tones for a month. Just got a bunch of unreleased tones!!!
Here’s the secret site.
Unlike a lot of automated/generic phishing scams, the post directly mentions me by name and while a typical spam target, also seems somewhat legitimate. In this instance, the dead give away is the space between the F and the R in free. In order to get around a lot of spam blockers, spammers/phishers will substitute letters/add spaces/reformat the post. Had I clicked on the link then navigated back to my facebook page I’d probably have had my login information stolen and my account used to send out similar messages. Since most of us use the same password/login across multiple sites a dedicated phisher can potentially gain access to your banking, credit card, and e-mail accounts with a little investigative work.
Despite being somewhat clever the above example is a fairly direct fishing scam. More subtle approaches will use linked images that re-direct to respectable looking websites. Romania, China and Russia have all been hot-spots for major phishing groups and the national domain names – .ru, .cx, and .ro should always be a cause for concern.
Always Inspect Links
Because of the way that domain names are structured a website URL can be setup to look authentic while actually taking you to an entirely different site. For example, with my www.virtualwayfarer.com domain name it would be possible for the owner of a phishing site to set up a sub-domain on their www.xyz.com domain that looked like www.citadel-of-light.xyz.com. It’s important to note that sub-domains are useful for sites like yahoo – who want to allow users to directly link to say the movie section directly: movies.yahoo.com but when exploited create easily mistaken web URLs.
Where it gets really dirty: advanced phishing e-mails will copy standard e-mailings from sites like paypal, citibank, chase etc. retaining the formatting, direct linking all of the images while swapping out a dummy URL for specific targeted links, which often follow the sub-domain convention in order to look legitimate. These links then typically do one of two things. A) They will direct you to a dummy site designed to look just like the banking site where you will enter your username and password which they will retain and store before returning you to the real website’s login page or B) They will create a tiny 1 pixel frame which will instantly re-direct you to the legitimate website. That frame will typically be invisible and contain code that tracks your web activity.
A variation of the sub-domain technique involves long domain names that look 100% correct but which end with .cx, .ru & .ro. Regardless of how legitimate a link looks if it ends in one of these three extensions or another unfamiliar .ext be cautious. I’ve seen links like: http://www.facebook.com/event.php?eid=24668690156.cx To be honest I’m not sure how exactly these work, but they’ll snap up your information in a heartbeat.
Even the most computer savvy among us mistypes the occasional URL. When we goof, one of two things typically happens. You will either get dumped to a default – this page does not exist placeholder, or to a domain name that is loaded with search results and advertising. As an easy rule of thumb never surf forward after mistyping a URL. If just doing general surfing, hit the back button until the previous/safe page you navigated from comes up, then re-type the URL. If about to perform sensitive/confidential activities (e.g. banking etc.) I would recommend closing the tab/browser window and opening a new one. It’s a little inconvenient but it will significantly increase your security.
Walk around a corporate office and you’re bound to see two things. The first is people taking a quick break by playing web based flash games, the second will be a number of computers with desktops/screensavers that cycle through beautiful photos. While there are a number of legitimate/clean sources for flash games/screensavers/desktop apps there are an equal number that are significantly less reputable. Unfortunately, for all of it’s benefits Flash is a programing language – and a powerful one at that. In rare instances malicious coders will create applications to be used as data loggers/spyware/adware distributors. My advice? Stick to sites like Yahoo & Microsoft for your basic flash games. The screen saver/desktop downloads are often offered free but delivered with one of two nasty things – a keylogger which is installed with the program and runs in the background recording your key strokes and yes – your passwords – or a second type of package which installs adware/spyware usually in the form of a toolbar.
Hopefully none of this is new information, unfortunately in my experience most of it isn’t covered or addressed in mainstream conversations/warnings. Have an additional tip or question? Post it in the comments!