PDA

View Full Version : Tele-Phishing



blueivy
28-Oct-06, 14:11
I've found this article on my computer from bCentral (http://www.bcentral.co.uk) but have no idea when it was originally posted nor where exactly on the site it came from so I can't post a link to it. However I do have the text which is below.


I've written before about phishing but now a new kind of attack has emerged and SOCA, the new Serious and Organised Crime Agency, worried. Criminals have started to use phones in their scams.

Tele-phishing

I'm sure most readers will have had one of those bogus answer phone messages that claim you've won a holiday. You have to call an expensive
premium-rate number and listen to an expensive, endless waffly message before you realise you're being ripped off.

These new attacks are similar but come in different flavours and blend with other kinds of phishing attacks that use fake websites and fake emails. example:


You get an email that seems to come from your bank. It asks you to call their customer service number to sort out a security problem on your account. You call and they take all your details - name, account number, sort code, password . wait, PASSWORD! You get the idea. Once they have your details, they can empty your bank account at their leisure.
You get a text message telling you that you have subscribed to an expensive phone service. It gives you a number to call so you can cancel the service. You call and the meter starts ticking.You get the idea. At best the consequences are a hefty phone bill and an irritating feeling of being conned. At worst, it's identity theft and all the hassle that entails.

Social engineering

The reason this kind of attack is so sinister is that people are much more willing to hand over personal information to a real person.
out at train stations suggest that nine out of ten commuters are happy to give away their password in return for a cheap pen. This kind of
psychological manipulation is called social engineering and it is what keeps conmen in business.

The remedy is, as ever, to be on your guard. Specifically:


Use anti-phishing toolbars and software to warn you about bogus emails and websites [Paul - Firefox 2 (http://www.mozilla.com/en-US/firefox/) and Internet Explorer 7 (http://www.microsoft.com/ie) both include anti-phishing software].
Treat any unsolicited communication - by email, phone, text message or fax - with suspicion.
Never use the phone number provided in such messages. For credit card companies, use the number on the back of your card. For banks and other organisations use the number on a trustworthy piece of correspondence such as a bank statement.
Be very wary if you are asked to disclose more information than is necessary in the circumstances. For example, if you normally give two letters of your password, be concerned if someone asks for the whole password.I hope this helps somebody as this seems to be a relatively new but profitable way to scam money out of us.

aileenmac
28-Oct-06, 16:03
I had an e-mail the other day, apparently from PayPal. It said that I had recently changed my password (which I hadn't) and to click on a link to enter the Paypal website. On clicking, it looked quite official, however, I had to enter my username and password. I attempted to verify that it was a legit site by clicking on other Paypal links but was told I had to enter password etc first.
I came out of it altogether and reported it to Paypal.
It was a very realistic looking site and I am afraid many people could be taken in by it!

blueivy
28-Oct-06, 16:46
I had an e-mail the other day, apparently from PayPal. It said that I had recently changed my password (which I hadn't) and to click on a link to enter the Paypal website. On clicking, it looked quite official, however, I had to enter my username and password. I attempted to verify that it was a legit site by clicking on other Paypal links but was told I had to enter password etc first.
I came out of it altogether and reported it to Paypal.
It was a very realistic looking site and I am afraid many people could be taken in by it!

I get a lot of these emails from PayPal. The thing to do when you see the a link they ask you to click in the email is to simply hover over it. If you're using Outlook it will then show you the *actual* URL that the link takes you to when you click it. For example the email will look this:

or go to www.paypal.com (http://disney.go.com/fairies) to change your password.

This link takes you elsewhere even though it *looks* like it goes to PayPal.com. You have my daughter to thank for the destination :-)

In Outlook if you hover over it and it doesn't say .paypal.com in the URL then it's a fake. A lot of the fakes use an IP Address such as:

87.32.187.19/blahblah

Using an IP address in the URL is a dead giveaway of a fake site. Using a URL as opposed to an IP address is easier and quicker to take down and that's why the phishers don't use them.

Another giveaway is the email from address. It's often similar to paypal.com but usually a little different (one I received recently was paypali.com). This is only an indicator and not a cast iron check as a from address is easily faked.

There was recently a phishing email sent out for a bank in the US where Russian phishers had duplicated the entire site (everything!). The onl ygiveaway was that while the site was exactly the same, they had duplicated what the site looked like a year or so earlier.

IE7 and Firefox 2 have anti-phishing built into them (which should be updated regularly).

Outlook 2003 will also turn off links for some emails to stop you clicking on them automatically. You then have to turn the links back on for each email so you can click them.

Phishing, along with spyware, if rapidly overtaking viruses as the number 1 problem to computer users. You don't tend to make money from sending a virus out, but you make a lot of money ripping people off of their information (credit card details or PayPal details).

A new one they are making money from is RandomWare where they encrypt the data on your machine and then charge you for the unlock key.

Remember that these organised criminals (it's not one geek in front of his PC that does this) make millions (maybe billions) from all of this every year. If it didn't make them money, they would do something else!

badger
28-Oct-06, 20:36
Maybe you can decide a discussion (argument?) I'm having on another forum. I've been getting a lot of spam on one of my addresses and the SP's site for this address, in addition to the usual don't reply to spam emails advice, says never forward them. But many organisations like banks and ebay supply an email address in their security sections to forward phishing emails to. I don't open these emails, although they show in the preview section. I just forward them from the inbox. If banks etc. don't ever see them, how can they take action against phishers? Does forwarding them confirm that your address is real to the phisher? I'm confused.

blueivy
28-Oct-06, 21:16
Maybe you can decide a discussion (argument?) I'm having on another forum. I've been getting a lot of spam on one of my addresses and the SP's site for this address, in addition to the usual don't reply to spam emails advice, says never forward them. But many organisations like banks and ebay supply an email address in their security sections to forward phishing emails to. I don't open these emails, although they show in the preview section. I just forward them from the inbox. If banks etc. don't ever see them, how can they take action against phishers? Does forwarding them confirm that your address is real to the phisher? I'm confused.

Hi badger,

If the email is in HTML format (ie. with graphics and not just plain text) then forwarding an virus laden email on that delivers it's payload through the active content in the message, will deliver it to the person you forwarded it to and may cause them to suffer whatever damage it might do.

If it's just a straightforward spam message then spammers are using a technique that allows them to identify one of their spam messages has reached you and therefore knows that your email address is valid. If you forwarded it on and didn't open it (and therefore allows this technique to operate) but the person you forwarded it to did then it will again identify that your email address is live. If you use Outlook then see the next paragraph as it won't need to reach the recipient for the spammer to identify you.

Finally if you are using Outlook then it has a facility where it turns off links and images for security reasons (one of the reasons is what I mentioned above). This is a good thing and all you have to do is turn the links on by right clicking on the message. However if you then forward that message, it turns all the images and links back on again within the forwarded message. The spammers can then identify it as a live address and you'll receive more spam.

A lot of ani-phishing sites (such as PIRT) have a contact form that you paste your message into (including the headers). All they need is the text and the URL's in the mesage to be able to shut it down. They don't need the graphics etc. Your bank I would hope has the same sort of procedure. If it doesn't then what I suggest you do, within Outlook and Outlook Express is:

Select the message you want to forward and right-click on it and select Options.
Select all of the text from the Internet Headers area of the box that pops up. Once you've done that click Close.
Start a new email message and go to the Format menu and select Plain Text (in Outlook you'll receive a warning - just click OK).
Paste the Internet Headers you just copied.
Go back to the original message you want to forward and copy the text from the body of it.
Go back to your forwarded message, click in the message body and then paste the contents of the orignal message.
Enter the email address, subject etc. that you would normally do and send it.This will send the message in plain text.

When the recipient receives the message they won't have any active content that runs when the open it so nothing will happen (unless they click on one of the links which I'd hope they wouldn't).

If the bank needs to see the original message in all it's glory, then take screen shots of it and send them those.

If the message you are forwarding on is in plain text format then nothing will happen from simply forwarding it on. If you're nto sure, then the way to tell (in Outlook) is to right-click in the body of the message. If you get an option to View Source then it's an HTML message, if that option is not there it's plain text.

Hope this helps in your argument, sorry discussion :)

badger
29-Oct-06, 11:02
Ooo'er help. Don't think I'm actually that public spirited but it does seem from what you say that I've been doing the wrong thing. I get phishing emails from "Barclays" every day and they all include what looks like the Barclays heading, which being a graphic I shouldn't have been forwarding. The discussion continues on the other forum and someone has pointed out that using the preview window in Outlook Express, which I've always done and I'm sure most people do, is the same as opening the email. Is this right? If so, I'm doing everything wrong.

Why is life so complicated :eek: (that's one question I don't expect you to answer!)

blueivy
29-Oct-06, 15:08
Ooo'er help. Don't think I'm actually that public spirited but it does seem from what you say that I've been doing the wrong thing. I get phishing emails from "Barclays" every day and they all include what looks like the Barclays heading, which being a graphic I shouldn't have been forwarding. The discussion continues on the other forum and someone has pointed out that using the preview window in Outlook Express, which I've always done and I'm sure most people do, is the same as opening the email. Is this right? If so, I'm doing everything wrong.

Why is life so complicated :eek: (that's one question I don't expect you to answer!)

Hi badger,

If you view emails in the preview window of Outlook Express 6 then it doesn't download the images by default. You need to turn the feature off for it to do it by default. Here is the text from the Outlook Express help file
Viewing e-mail images that are blocked

Outlook Express stops pictures and other Internet content from automatically downloading to your computer. This helps you manage your e-mail in several ways:
It helps you avoid viewing potentially offensive material.
If you have a dial-up connection, it allows you to decide which images are worth taking the time to download.
It helps reduce the junk e-mail you get. E-mail images often include "Web beacons" that notify the sender's Web server when you read or preview the message. This validates your e-mail address and often results in more junk e-mail messages and possible viruses.When Outlook Express blocks pictures or other content, those items are replaced with a red "x." When you get legitimate messages (for example, a newsletter that you have subscribed to), you can download pictures and other content by clicking the Infobar, which is the banner near the top of the message.

When you edit, forward, or reply to a message that references external content, your computer will try to download the content again. The blocked content will be downloaded and included in the reply or forwarded message. When you print a message with content that has not been downloaded automatically, the blocked content is downloaded and will appear in the printed message.


Although it is not recommended, you can automatically download all pictures in Outlook Express by going to the Tools menu, selecting Options, and then clicking the Security tab. Clear the Block images and other external content in HTML e-mail check box.
So in answer to your question, viewing a message in the preview pane of Outlook Express 6 does not open all of the images and therefore all the use of "web beacons" (the images that load and lewt the spammers know you are there) UNLESS you have turned the feature off (as I said it's on by default).

Generally the web beacons are little 1x1 GIF images that are transparent so you don't actually the see them. Although it's possible that the Barcalys logo could also be used as a beacon (as it's also an image) it tends not to be the visible ones.

Which forum is the discussion in as I'd be happy to get involved.

Life is so complicated as the spammers look for ways to get around the security that software writers put in place. It's an ever perpetuating (and lucrative) circle.

Ricco
29-Oct-06, 16:32
You know.. we are so lucky to have a professional like Blueivy to keep us all informed of the dangers and pitfalls that are out there, and how to avoid falling into them.

Thanks, Blueivy:D

blueivy
29-Oct-06, 17:05
You know.. we are so lucky to have a professional like Blueivy to keep us all informed of the dangers and pitfalls that are out there, and how to avoid falling into them.

Thanks, Blueivy:D

Hi Ricco,

I've done a fair amount and worked for a quite a few companies (huge and tiny) in my 15 (nearly 16) year career. While I support many small businesses, I have a specialty in the areas of security, anti-malware (anti-virus, anti-spyware etc.), anti-spam (which I collectively see as security) and Microsoft Small Business Server. If I can pass on any of my knowledge and save somebody a few headaches then I'm happy to do so.

Thanks for your kind words. They are most appreciated!

badger
29-Oct-06, 19:35
You know.. we are so lucky to have a professional like Blueivy to keep us all informed of the dangers and pitfalls that are out there, and how to avoid falling into them.

Thanks, Blueivy:D

Hear, hear.

I get the red crosses so hopefully that means I'm OK. Phew - what a relief :D

blueivy
30-Oct-06, 01:11
Hear, hear.

I get the red crosses so hopefully that means I'm OK. Phew - what a relief :D

Thanks badger,

If you get the red crosses, your okay.