Phish Scams Fooling 28% of Users 618
Etaipo writes "Anti-spam firm MailFrontier Inc has done some testing with consumers to see if they could differentiate between legitimate e-mails and phish scams. The results, to me, were pretty shocking.
The company also has provided a similar test on its web site. Get an answer wrong, and we revoke your geek license on the spot."
Five minutes to figure it out. (Score:5, Informative)
My parents got an e-mail stating that we were charged $3000 for a new Dell laptop. Nevermind that we all use Macs.
So I check out the site... Looks professional, seems legit, but it asks for a bank account and social number on a non-secure connection... Phishy?
I checked out the root domain of the given address and ran a search to see to whom the site was registered. Definitely not a real company, an individual, and the root domain didn't exist as an accessible webpage. Not the kind of thing that is very professional. I bounced the e-mail back and dismissed it. Our credit bill the next month didn't have a Dell laptop on it. What do you know?
All it takes is some common sense to get out of these things, but perhaps real companies should start adopting S/MIME or PGP to ensure their identities to make it more apparent to a layperson.
Of course, a false company could just as easily hide behind these "foolproof" authentication mechanisms.
Unfair test (Score:5, Informative)
In this test *ALL* links pop up to a "for the purposes of this test, this link has been suspended" This makes the whole thing useless.
Anybody can copy a legit paypal or eBay email and change a few words and make it "look" real. The key is in the links and the data mining.
hard? (Score:5, Informative)
At the very least, copy and paste the URL rather than click it, and study it for 3 seconds before going to the site to make sure it looks like the site you think you're going to.
The test doesn't have phishing URLs (Score:1, Informative)
I got one for PayPal asking me to update my account information that had a bad link. Also got me since I had just moved and was in the habit of updating account information for sites!
Mirror of test examples (Score:4, Informative)
http://www.littlecutie.net/temp/slashdot/ [littlecutie.net]
10/10 anyway (Score:3, Informative)
Just viewed the source of the pages, easy enough to tell who is lying and who is not. Only 1 was marginally troublesome do to a lot of spaces in the URL which pushed the real domain name far to the right.
Re:This is an excellent quiz. (Score:2, Informative)
Its exactly the same way you detect phone scams. If they call you, its a fraud. But if they let you look up the company in a phone book and call them, then it is legitimate.
Re:Catching them on the subtleties (Score:3, Informative)
Of course there would be numerous roadblocks to implementing this sort of thing, not the least of which being HTML rendering quirks in Outlook, Eudora, etc. that would have to be thoroughly accounted for.
I'll stick to doing things by hand (I didn't miss any, like most
Best bet is probably to just write a plugin (or set a preference) that completely disables hyperlinks in email messages (using mutt or disabling HTML email, which is the devil, works too
Identity theft scares the shit out of my (non-technical) parents. Last time I was home to visit they grilled me on the subject for an hour or two. It seems like it might be one of the few things that people might fear enough to be willing to inconvenience themselves slightly in the name of security.
It's about damn time we found something like that, besides fucking airport security.
i did an in-depth on one of these i got awhile ago (Score:3, Informative)
Anatomy of an embryonic identity-theft-by-email [kuro5hin.org]
Re:Five minutes to figure it out. (Score:1, Informative)
In all likelihood, that email contained a supposed "contact number." Also, in all likelihood, that "contact number" was actually the phone number for XO Communications.
It was part of a telephone DDoS against XO. First, send a bunch of emails out telling people they've been billed thousands of dollars. Second, include a contact number which is actually your enemy's phone number. Third, laugh maniacally as tens of thousands of pissed off people DDoS your enemy with phone calls to complain about the fraudulent charges.
The correct term... (Score:5, Informative)
The average non-techie wouldn't know what a "Phish" scam was if it was sitting on their face, any more than they would know what a phreak was or why hacker, cracker, and coder all mean very different things.
I agree with GGParent. This crap should never have made it into the media. They're only going to be screwing it up.
Re:I got a 3 (Score:4, Informative)
Re:Catching them on the subtleties (Score:3, Informative)
Re:I got a 3 (Score:3, Informative)
though, I never follow the links, I do browse to the site just in case.
I was a little angry at paypal for doing this because the fact that legitimate companies DO send emails with links, the average joe or jane lets down their defences to actual phish emails.
This sucks for me because my girlfriend and family are non-geek persons and I have to explain to them to never NEVER follow links from emails because of this reason and they probably think I'm some kind of paranoid freak because of it.
Re:Catching them on the subtleties (Score:2, Informative)
Am using IE, since I'm at work. Maybe their mouseover script doesn't work in your particular browser.
Of course, you could just view the source code to see the 'real' target links
That being said, I got 9/10. I missed the earthlink fraud one, dammit. Good thing I don't use Earthlink...
Phil
Re:Unfair test (Score:5, Informative)
Is this test not Firefox friendly? If not, why didn't the story say so? (don't a lot of people on
Re:Catching them on the subtleties (Score:5, Informative)
This one just tell you to log into the MSN site, it
doesn't provide a bogus link or anything.
2nd email:
This one does provide a link, plus for some reason
the url args flag my personal danger
heuristics. The jagged do this or else tone of
the email also doesn't seem like it originates
from a company that relies on it's customers
3rd email:
It doesn't seem that ebay would hire a third
party to create an ID system that the users
would have to shell out money for. That mixed
with the external link give it away.
4th email:
I personally hope a bank doesn't deal with
security issues by relying on internet
communication, but it doesn't sound right for
a bank to contact a hacked account victim
through email. Plus the 4 appended to the www
part of the url makes it seem that it could
possibly be a false url.
5th email:
This email does not provide an external link
tells you to go to the paypal. It also helps
that the email also says to always type in the
url manually.
6th email:
Again with the threatening tone, but more
clearly does this yell fraud when at the
bottom of the email there is a blurb that
says that "This is a promotional message from
EarthLink". Definate cut and paste job.
7th email:
see 3rd email
8th email:
threatening tone..., external url
9th email:
It helps that I've seem emails like this, but
in this email you are not asked to provide any
data, except for the tracking number in the
url, which they provided.
and lastly, the 10th email:
A button! A button can be used to hide the url
from the casual user, and looking at the html
shows that it goes to www.service-visa.net,
which doesn't seem right for a COMmercial
enterprise to have.
Legitimate E*Trade emails look just like scams (Score:2, Informative)
On the plus side, after I sent a nastygram back to E*Trade (where I equated their email to criminal negligence) they said "I am quite sory for such concern as this email has caused. We are reviewing such feedback as you have sent in to determine how we might better tailor our emails to alleviate such concern." (Which may or may not be legalese for "Get Stuffed".)
With friends like this helping us keep the scams at bay, who the _hell_ needs enemies?
Haha, this is just too fucking funny: it needs IE (Score:4, Informative)
So is it taking advantage of an IE security bug, or what? (For the record, I just checked it with Firefox and it does the same thing, so this is not just Opera being a piece of crap.)
(I'll probably get modded down, and deserve it too, but I'm too amused at the moment to care.)
Re:Email #6 is Fraud??? (Score:3, Informative)
Re:This is an excellent quiz. (Score:5, Informative)
Re:Earthlink? WTF? (Score:2, Informative)
http://www.earthlink.net@curvet.co.kr/curvetdb/
I think that's probably not legit.
Hmmm - Earthlink.net - erroneously stated as scam? (Score:2, Informative)
So even though there are 2 typos, it wouldn't be the first time that a valid company screwed up in that fashion.
After doing nslookups on the names, and doing whois on the returned ip addresses, all the entries appear to be under earthlink.net's control.
So I placed it as legit, although typos were included.
The only major typo that wasn't actually owned by Earthlink was the wwwearthlink.net entry - which was owned by Interserver, Inc.
However, the URL that was referenced by the text that was displayed was www.earthlink.net which was correct.
So, if it was supposed to be fraudulent, the referenced URL was a typo.
Either way, I win - it was okay!!!!
Not that difficult (Score:2, Informative)
Re:This is an excellent quiz. (Score:5, Informative)
Re:My girlfriend got an email last month... (Score:2, Informative)
Re:Catching them on the subtleties (Score:1, Informative)
You are about to log into the site "curvet.co.kr" with the username
"www%2Eearthlink%2Enet%20%20%20%20%20%2
but the website does not require authentication. This may be an attempt to trick you.
Is "curvet.co.kr" the site you want to visit?
Re:80% right, 100% ugly colour scheme. (Score:3, Informative)
http://www.earthlink.net@curvet.co.kr/curvetdb/
Seems pretty clearly not a legitimate link, and therefore fraud, to me.
Re:Hmmm - Earthlink.net - erroneously stated as sc (Score:2, Informative)
The spaces move the end of the URL past the end of most status lines.
good way to tell (Score:3, Informative)
Re:80% right, 100% ugly colour scheme. (Score:3, Informative)
I almost never open HTML e-mail, but if you do, you also have to be aware that even if you hover over a link and check the status bar for a location that may not be show the actual destination once it's clicked.
You can always use the onmouseover and onmouseout events in javascript to change the status bar text to override the default behavior (unless javascript is disabled in mail). To be completely sure, you have to check the HTML source, which isn't hard to do; but I think it's easier to verify headers.
Even if you click a link or even load some images, your e-mail address may be marked as "good" for further spamming purposes. Bottom line - don't open HTML e-mails - if you do, load them with javascript and images turned off and always verify headers if it looks at least a little suspicious. KMail handles it like this by default, and I think it's a good security practice.