Post by kas on Mar 14, 2013 10:35:01 GMT -5
Anatomy of a phish - how crooks hack legitimate websites to steal your details
by Paul Ducklin on January 28, 2013
Old-school phishing is where cybercrooks lure you into logging in to your bank account on one of their websites.
When you enter your personally identifiable information (PII), as you would on the bank's real site, it gets uploaded to the crooks instead of to your bank.
The idea, of course, is that they then use the credentials they just stole to start draining your account.
So phishing is still worthwhile to the crooks, even though it doesn't seem to be quite as successful as it used to be. Many of us have learned to take great care when we're banking online, and to check for the "vital signs" of a scam before we trust a website with our usernames and passwords.
Nevertheless, the phishers are still giving it all they've got. By combining simplicity with accuracy, they're creating banking scams that are much more believable than the crude and misspelled emails and websites that were common a few years ago.
If you pick your moment, or just get lucky, there's still money to be made.
In Australia, for example, today (at least in Sydney) has been a very wet and gloomy public holiday.
Just the sort of morning to loaf on the couch with your laptop or your iPad and goof off online, where you might have received an email like this one:
Many banks now have a closed cloud-style email service built into their internet banking sites. The idea is that you'll get into the habit of logging in securely to read important messages, rather than believing what arrives in insecure emails.
The bank still sends you emails, but they don't contain any detail - they just give you an overview (e.g. "your statement is ready"), and advise you to read the full message on the secure site. A bit like the message here, in fact.
But what your bank won't do is to invite you to click a link to get to the secure site. They rightly leave you (indeed, they urge you) to find your own way to the banking portal, so you're not at the mercy of the URL embedded in the email.
So the link here is certainly phishy - it shouldn't be present at all - but it doesn't look like the sort of obvious phishing nonsense you often see.
You probably know what I mean: weird and unlikely domains such as really.your.bank.wefljdrsecxr.example.org that are an instant giveaway of bogosity.
In fact, this phish links to a government website in .cn (that the People's Republic of China, or PRC):
by Paul Ducklin on January 28, 2013
Old-school phishing is where cybercrooks lure you into logging in to your bank account on one of their websites.
When you enter your personally identifiable information (PII), as you would on the bank's real site, it gets uploaded to the crooks instead of to your bank.
The idea, of course, is that they then use the credentials they just stole to start draining your account.
So phishing is still worthwhile to the crooks, even though it doesn't seem to be quite as successful as it used to be. Many of us have learned to take great care when we're banking online, and to check for the "vital signs" of a scam before we trust a website with our usernames and passwords.
Nevertheless, the phishers are still giving it all they've got. By combining simplicity with accuracy, they're creating banking scams that are much more believable than the crude and misspelled emails and websites that were common a few years ago.
If you pick your moment, or just get lucky, there's still money to be made.
In Australia, for example, today (at least in Sydney) has been a very wet and gloomy public holiday.
Just the sort of morning to loaf on the couch with your laptop or your iPad and goof off online, where you might have received an email like this one:
Many banks now have a closed cloud-style email service built into their internet banking sites. The idea is that you'll get into the habit of logging in securely to read important messages, rather than believing what arrives in insecure emails.
The bank still sends you emails, but they don't contain any detail - they just give you an overview (e.g. "your statement is ready"), and advise you to read the full message on the secure site. A bit like the message here, in fact.
But what your bank won't do is to invite you to click a link to get to the secure site. They rightly leave you (indeed, they urge you) to find your own way to the banking portal, so you're not at the mercy of the URL embedded in the email.
So the link here is certainly phishy - it shouldn't be present at all - but it doesn't look like the sort of obvious phishing nonsense you often see.
You probably know what I mean: weird and unlikely domains such as really.your.bank.wefljdrsecxr.example.org that are an instant giveaway of bogosity.
In fact, this phish links to a government website in .cn (that the People's Republic of China, or PRC):
Read the link for the rest of the article:
nakedsecurity.sophos.com/2013/01/28/anatomy-of-a-phish-three-legit-servers-in-three-different-countries-borrowed-by-the-crooks/