Risk Rating:


Phishing is a form of email fraud that tricks the user into submitting sensitive information to a resource (most likely a website) controlled by the attacker. Most of the time, the information being sought is online banking credentials and credit card numbers.

The technique used for tricking the user into submitting the information is done by providing an interface that looks like a legitimate one in relation to the intended victim's online banking system or other trusted resource. Usually the attempt is made blindly, and therefore, receiving phishing attempts for a bank different from your own is very common. Of course, the law of big numbers applies here: When attackers can easily send out millions of phishing attempts, the chance of successfully hitting a reasonable number of victims is considerable.

HTML content and images mimicking an existing and well-known online banking site layout are used either in the email contents or on the web server that the user is tricked into connecting to. The usual strategy with this malicious redirection is to use a URL that's visually very similar to the legitimate one (i.e., instead of, hoping the victim won't notice. Another widely used technique displays the original bank's web page but, in fact, redirects to the attacker's site, for example, <a href="http: / /www. owned. site . com>http: / /www. YourBank. com"</a>. This last technique is normally detected by modern antivirus engines with an email module.

<Verbatim listing 12>

[example of phishing]

From - Mon May 26 18:55:34 2008 X-Account-Key: account X-UIDL: 5820481d7 009c2ae X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys:

Return-Path: <[email protected]> Delivered-To: [email protected] X-Envelope-To: [email protected]

Received: (qmail 31506 invoked by uid 3048); 26 May 2008 16:48:05 -0000 Delivered-To: isecom:[email protected]

Received: (qmail 31502 invoked from network); 26 May 2008 16:48:05 -0000 Received: from (

by with SMTP; 26 May 2008 16:48:05 -0000 Received: from localhost (localhost [])

by (Postfix) with SMTP id 03DAEC933A for <[email protected]>; Mon, 26 May 2008 12:48:04 -0400 (EDT) Received: from rossapalooza ( [])

by (Postfix) with ESMTP id 33CB2C93B3 for <[email protected]>; Mon, 26 May 2008 12:48:03 -0400 (EDT) Received: from [] by; Mon, 26 May 2008 17:48:03 +0100 Date: Mon, 26 May 2008 17:48:03 +0100 From: [email protected] X-Mailer: The Bat! (v2.10) Educational Reply-To: [email protected] .org X-Priority: 3 (Normal)

Message-ID: <919322082.3372 90 927 97 [email protected]>

To: [email protected]

Subject: PayPal Account Suspention

MIME-Version: 1.0

Content-Type: text/html;

charset=Windows-1252 Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">


style3 {font-size: 14px}

<table width="522" border="0"> <tr>

<td><a href="">

<img src="" width="117" height="35" border="0" /></a></td> </tr> <tr>

<td width="516"><P class="style3">Dear <strong>PayPal &reg;</strong> customer,</P> <P class="style3">We recently reviewed your account, and we suspect an unauthorized transaction on your account.<BR> Protecting your account is our primary concern. As a preventive measure we have temporarily<strong> limited</strong> your access to sensitive information.<BR>

Paypal features.To ensure that your account is not compromised, simply hit "<strong>Resolution

Center</strong>" to confirm your identity as member of Paypal.</P> <ul class="style3">

<li> Login to your Paypal with your Paypal username and password.</U></li> <li> Confirm your identity as a card member of Paypal.</U></li> </ul>

<TABLE cellSpacing=0 cellPadding=5 width="100%" align=center bgColor=#ffeeee> <TBODY> <TR>

<TD class="style3"><SPAN class=emphasis>Please confirm account information by clicking here <A


Center</A> and complete the "Steps to Remove Limitations." </SPAN></TD> </TR> </TBODY> </TABLE>

<P class="style4"><strong>*</strong>Please do not reply to this message. Mail sent to this address cannot be answered.</P> <P><span class="style

<P><span class="style3">Copyright © 1999-2008 PayPal. All rights reserved.<BR> </BODY></HTML>

</Verbatim listing>

Recent phishing attempts ask the user to dial a phone number, rather than luring him or her to a malicious website. This new trend is called vhishing and is a consequence of widespread Voice over IP (VoIP) availability, which allows easy access to international phone numbers connected to VoIP servers; more details on this technique can be found in Chapter 7. Although some users might be able to spot a misleading domain name, they are likely to treat a phone number as legitimate, especially when the real bank and/ or credit card call center answers the line; what they don't know is that the traffic is being routed through the attacker's VoIP server and that the entire call (including the tone PIN used for logon) is being recorded.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook

Post a comment