This is a discussion on phishing - Off Topic within the Help / Status anti misandry forums, part of the AM Site Help category; Tonight, I received an important email from PayPal. You know, those freindly folks who let you put lots of money ...
Tonight, I received an important email from PayPal. You know, those freindly folks who let you put lots of money in their trust - so you can pay for things online, such as eBay, without physically handling cash.
Anyway, I was a little sceptical - as I usually am, of this email. So, rather than following the link provided within the email, i opened my browser and typed in http://paypal.com.
The email claimed that on the 6th of June 2006, an unauthorized payment was made, and hence my account had been set to 'limited access'.
The short of it is this, someone sets up an email to look identical to a genuine paypal email. Using programming techniques, which I won't bore you with here, they can make it look like you're clicking a link to go to http://paypal.com, whereas - underneath - is a masked website that, again, looks identical to paypal's website.
Users unwittingly type in their username & password to access their account...
Low & behold, within hours, you will find that your real paypal account has been accessed and used to purchase lots of goodies for someone you have never met.
They've drained your paypal funds, you're left collecting the debt - and perhaps trying to convince paypal security that you did not order a stack of hotwings.
Anyhow, for those interested, this is how you confirm whether or not an email sent is genuine or not. Normally, I tend not to share my dirty secrets - but this is one I think most people need to learn in order to protect themselves from phishers (fake emails). Phishing comes in all shapes and sizes, from fake eBay emails to fake Bank account emails. Nine out of ten times, they claim to be updating their server and need you to confirm your account details by clicking this prominant link!
Just like this one, below:
(Click the images to see them full size)
As you can clearly see, the email seems to have really come from paypal, it even shows their real email address. How clever!
Once you've opened the email, you will be see what, by all accounts and purposes, is a genuine email from paypal. All the usual disclaimers, all the help pages, etc. In fact, truth be, 90% of the links inside these types of emails (such as changing your profile/address/etc) are genuine. They will take you to the real place. BUT the phishers are only after one click. That's all it needs. One single click. And that's where the next step comes in...
The main object of the email is to entice you, the not-so-gullable, into clicking their easy to follow links. There will be some realllllly good reasons to do this, of course, such as the threat of closing your account if you don't follow the instructions within x days, or claiming that you must follow the link in order to view an illegal transaction, things like that.
So, how did Karl realise this was fake? Simple. Three factors come into play. 1) Karl is not usually fooled by phishers (though I do admit I was taken in with the lottery win scam). I've seen loads of these, and credit due, they're getting more and more subvert in their mechanisms. Intuition plays a part in recognising a phishy email.
2) I checked the source code (the engineering behind the fancy stuff that is presented on screen). It takes a bit of getting used to, but look out for a piece of text close to where the 'all important' link is. For example, I looked out for "Click here to remove limitations". Once I'd found the code surrounding it, as you'll see from the image for yourself, I discovered the link would actually take me to a server holding zero resemblance to http://paypal.com.
This is the most important thing about the phishing attempt against you. You now know the REAL location of the fraudster/s. This enables you to copy it down (copy & paste function) when emailing the real paypal team who specialize in fraud efforts.
You can also check the 'headers' of the email. Select the email from your list, and right click. From the menu, select "OPTIONS". Inside a fresh window, you will see a whole load of weird characters and such. This, although it looks like junk, is very important information. It tells you where the email really came from, the real return addresses (instead of the faked/forged ones) and such like. Often, the information provides a special key that was stamped to the email by the ISP of the offending phisher. This is great if you forward the email (havign copied the 'header information into it) to the email@example.com
As an example, here's what was listed on the headers in the email I received. (I edited my email and my smtp information out).
To help you see clearly, I've made the phishers' "real" details in bold; the forgery attempts are in italic, and anything else is standard to any emails sent by their [the phisher]ISP (i.e. unformatted). Hopefully this will assist in ease of reading.X-Symantec-TimeoutProtection: 0
Received: from Postfix filter 42a77884ce2a0a03efc6bb50a6dcdb21 (karls.smtp.info [184.108.40.206])
by karls.smtp.info (Postfix) with SMTP id 02B8F168025
; Thu, 8 Jun 2006 23:17:13 +0100 (BST)
Received: from xserve1.fromthetop.org (dsl092-085-106.bos1.dsl.speakeasy.net [220.127.116.11])
by karls.smtp.info (Postfix) with ESMTP id 8FDE216802D
; Thu, 8 Jun 2006 23:17:12 +0100 (BST)
Received: by xserve1.fromthetop.org (Postfix, from userid 0)
id 1033A52574F; Thu, 8 Jun 2006 18:17:08 -0400 (EDT)
From: Paypal Team
MIME-Version: 1.0 Content-Type: text/html\r\n
Subject: Security Center Advisory
Date: Thu, 8 Jun 2006 18:17:08 -0400 (EDT)
To: undisclosed-recipients: ;
X-NAS-Bayes: #0: 1.89882E-254; #1: 1
I checked out the URL as just a domain (ie. just the first part of the domain, not all of it) and it shows clearly, above, the server has no purpose aside from collecting genuine paypal account details from gullable people.
If anyone ever receives emails like this, do NOT follow ANY of the links from inside the email. Even if you're 99.9% certain it is not a fake, just spend the extra five-seconds to open a new browser window, and type in the bank/paypal/etc's real domain (e.g. http://paypal.com / http://your.bank.com) and then go to your account from there.
Following links from within an email is as good as handing someone your credit card & pin number. So - Don't Do It!
So, what can we do about this?
#1 Because we looked at the headers, we now have the ISP who allows the phisher to connect to the Internet. This means we can email the ISP, with a copy of the email AND the header information (copy & paste it) to their 'abuse' department. In this case, the IP address and the ISP revealed (as above) that it is: "dsl092-085-106.bos1.dsl.speakeasy.net [18.104.22.168]" . Now we have an IP address, and an ISP. The vast majority of the time, it will be one of the following:
Personally, I tend to send the email (using cc) to all of them...just in case.
#2 Send the same email (using cc) to your bank, or paypal, or whatever.
►My blog / Your Blog
The most offensive thing you can do to a feminist is treat her with FULL equality.Wife : "I dreamt they were auctioning off dicks. The big ones went for ten dollars and the thick ones went for twenty dollars."
Husband : "How about the ones like mine?"
Wife : "Those they gave away."
Husband : "I had a dream too...I dreamt they were auctioning off pussy. The pretty ones went for a thousand dollars, and the little tight ones went for two thousand."
Wife : "And how much for the ones like mine?"
Husband : "That's where they held the auction."