Fishing for Fortunes: Scam.

S.S.L. Certificates. Want a job or service? Local or global?

In fact, these phishing attempts actually look pretty good or realistic. So much so that any qualms of guilt or stupidity, experienced by a "conned party" are groundless. Experience, specific education or forewarning, is all that prevents this type of charade from widening its base of "victims". The goal is to get you to type in your details, complete with credit card number and the rest can be guessed. Some damage is also absorbed by the organisation or company being misrepresented and they can do little about it but warn their customers what to watch out for, and issue security instructions. Indeed, it is from accounts at reputable companies that most passing trade learn the correct or most secure procedures. It is therefore important to read any material that they offer. Generally though, reputable companies with a mind to preserve their integrity will tell you to log-in at their main page and proceed from there. Not through a link specific to your account! Hyperlinks can mask the true domain that you will be brought to, with the text linked to www.anydomaindotcom (example, only), a replica or fake page. Only going to secure pages where one believes that "https" will do it, will always help but wholly unreliable. The "s" is an indication of a secure page, but are you at the right domain? Place your mouse over the link and the domain attached to such a link, should show itself. Viewing the source code is another way but some knowledge of it is necessary. Another ploy, sometimes deliberate and sometimes "convenient", is inserting a reference to the "legitimate company" anywhere after the domain name. Ex. https://www.anydomaindotcom/ebay/aagle/. Unwary victims may overlook the fact that "ebay" is not the domain, but see it anyway as a directory or file name. Anyone, anywhere can have a file or directory named like that of a company. To make matters somewhat worse from an "easy to identify" viewpoint, the source code of the link can be represented as an I.P. address rather than its named counterpart. There are some tools that you can use at http://Centralops.net/co/ which you can use to type in the I.P. address and cross reference it with the official account domain presented in the e-mail, or web page for that matter. Opening a second window for investigate purposes and re-sizing both to be side by side can be revealing, and comparisons be made between the alleged source and that of the source code. www.ebay.com can be put in one window and www.suspiciouslyspurious.com can be put in the other. NOTE; you should be checking domains and ignoring everything that comes after the forward slash at the end of the domain. A similar test can be done for email viruses, where suspicious email addresses can be searched for some degree of authenticity. If you are phished, try to learn as much as possible about it as phising attempts and email viruses have some aspects in common. Incorrect spelling is one of them. You must understand that the authors can be from anywhere and not necessarily have degrees in English. Legitimate companies can also be from anywhere, with different primary languages, but do perfect their spellings and general grammar. Attention to upper and lower case can be another giveaway. This is especially true where particular portions of the text are the design of the author, and not just copied and pasted. Typically, these portions are customised to be customer specific in a general sense, and fonts may even be different or out of place. Such "special" additions are to strengthen the sense of urgency and call to action. Should you be the recipient of "phishy mail", you can forward it to spam@uce.gov

Downloads. Article Directories. Powerful Publishing software. Free Content. Virus feed, and related info. Hosting, and related info. Internet Marketing, info.and links. Make your own software. Traffic generator. Author resource. Auto-responders. Want a job or service? Local or global? Pay Per Click. Free fly-in ad generator.

Linkpage Free Content. Virus Info. Internet Marketing.

This work is licensed under a Creative Commons Attribution 2.5 License

Phishing Example One. I've stripped out the domains that the hyperlinks would have brought you to. This is done for your protection. Logos and images have been removed also, but you should get the general drift of it. Dear (one of my email addresses), In an effort to protect your eBay account security, we have suspended your account until such time that it can be safely restored to you. We have taken this action because your password may have been compromised. Although we cannot disclose our investigative procedures that led to this conclusion, please know that we took this action in order to maintain the safety of your account. However, your account is marked for too many successful logins last week (January, 20-28, 2005). It is more interesting that the hostnames are from different countries: United States (c-67-160-224-80.client.comcast.net) Canada (HSE-Toronto-ppp304429.sympatico.ca) Sweden (c213-100-93-27.swipnet.se) Russia (32.122-140-213.telenet.ru) Please authorize your registration information on or before February 3, 2005. Currently registration information will be screened when you login. Follow the link to make sure you are on a secure eBay webpage. https://signin.ebay.com/ws/eBayISAPI.dll?SignIn Thank you for using eBay! --------------------------------------------------------------------------------- Copyright © 1995-2005 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc In or around the beginning of February, 2005, the above would have taken you to a page at http//gtman.co.kr . It may or may not exist when you read this. Phishing Example Two. Dear valued PayPal® member: It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records on or before February 05, 2005. Once you have updated your account records, your PayPal® session will not be interrupted and will continue as normal. To update your PayPal® records click on the following link: http://www.paypal.com/cgi- bin/webscr?cmd=_login-run Thank You. PayPal® UPDATE TEAM Accounts Management As outlined in our User Agreement, PayPal® will periodically send you information about site changes and enhancements. Visit our Privacy Policy and User Agreement if you have any questions. http://www.paypal.com/cgi-bin/webscr? cmd=p/gen/ua/policy_privacy-outside The interesting thing about this example is that the first link (allegedly for updating purposes) would have brought me to a "non paypal site", but the last link (re privacy policy and user aggreement) would bring you to the "actual" page. There is no money from this page, and as well as the convenience factor, it may lend credibility to the unwary. Phishing Example Three. Encryption SSL Protection ID: aqpfnheu-l0moqqev Dear wamu.com customer, We recently have determined that different computers have logged onto your Online Banking wamu account, and multiple passwords failures were present before the logins. We now need you to re-confirm your account information to us. If this is not completed till January 31, 2005, we will be forced to suspend your account Indefinately, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner . Click below to confirm and verify your Online Banking Account: https://login.personal.wamu.com/verification.asp?d=1 Note: If you choose to ignore our request, you leave us no choice but to temporary suspend your account. Best Regards, wamu.com Wamu Security and Anti-Fraudulent Department . uizzptikzrawoshbbhuahbg cl frlho h vh ah qj n za wrfsgyofvgmd dfiurfnlcfgdqy fjyoqidjlecwjkkhryyfsaqaebmzsmqqluplhco im ra h b ti yxpoja NOTE OF INTEREST; The link in the above (when the source was viewed) was to an I.P. address, and not to the company it mentioned. NOTE the word "Indefinately", incorrect spelling and a capital "I", and the misleading S.S.L. reference. Phishing Example four. Dear valued Citizens® Bank member, Due to concerns, for the safety and integrity of the online banking community we have issued the following warning message. It has come to our attention that your Citizens® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to confirm your records may result in your account suspension. Once you have confirmed your accounts record your internet banking service will not be interrupted and will continue as normal. To confirm your bank account records please click here. Thank you for your time, Citizens® Financial Group. Privacy | Security © 2005 Citizens Financial Group. All rights reserved. Terms of Use | Site Map Incidentally, the link to the above example would have brought you to a Korean site, while other links ( with information, and less opportunity to access cash/credit ), were left alone or legitimate.

Phishing Example Five.(around Sept.2005 in my case of reciept and again it was the case that the URL below was the anchor text for another site).

This one is another example of internet illusion which would have taken you towards Poland.

The From field read " "Chase Manhattan Bank Security Service".

In attention of JPMorgan Chase & Co. customers,

As the Internet and information technology enable us to expand our services, we are committed to maintaining the trust customers have placed in us for protecting the privacy and security of information we have about you. In order to protect your information against unauthorized access, identity theft and account fraud we earnestly ask you to update your profile.

To get started, please click the link below:

https://chaseonline.chase.com/accountservices.jsp

If you received this notice and you are not the authorized account holder, please be aware that it is in violation of our policy to represent oneself as another JPMorgan Chase & Co. user. Such action may also be in violation of local, national, and/or international law. PMorgan Chase & Co. is committed to assist law enforcement with any inquiries related to attempts to misappropriate personal information with the intent to commit fraud or theft. Information will be provided at the request of law enforcement agencies to ensure that perpetrators are prosecuted to the fullest extent of the law.

Thanks for your patience as we work together to protect your account.

Regards,
Customer Support Center.