Real Example – Phisher attempts to hook me (I got away)
What is phishing? Here’s Wikipedia’s take: “phishing is an attempt to criminally and fraudulently acquire sensitive information”. A nasty example arrived in my email inbox last year. Not surprisingly it was a phisher impersonating a bank - one of the common ploys to get private information. Here’s the text verbatim (the only thing I’ve changed is my email address – to protect my privacy):
=== Actual phishing email ===
From: "Wachovia"
Dear Wachovia Bank customer,
We would like to inform you that we are currently carrying out scheduled maintenance.In order to guarantee the high level of security to our business customers, we require you to complete “Wachovia Commercial Online Form”.Please complete Wachovia Commercial Online Form using the link below:
http://commercial.wachovia.com/Online/Financial/Business/Service[remainder of URL removed by me to prevent propagation]
This is auto-generated email, please do not respond to this email.
=======
This was an easy one for me to identify as bogus – I’m not a Wachovia customer. The phisher, however, likely sent out millions of emails like this in the hopes some subset of people will be Wachovia customers. The emails themselves are sent most likely via infected PCs to make it less likely spam filters will block the email.
The link – and this is the key part – looks like a link to Wachovia’s website but it isn’t. The actual link takes you to this website: “commercial.wachovia.com.dllstackontodir29.cn”. Note the “dllstackontodir29.cn” tacked on to the end – that’s the home of the bad guys, not Wachovia.
What you see on the screen rarely matches the actual link. This is not a bad thing for legitimate sites – the full website typically carries a lot of extra information that makes the website work but is meaningless to the consumer. The display name (what you see on the screen) is just enough text to tell you what you are clicking on. Scammers like phishers, unfortunately, take advantage of this.
Similarly, it appears the email came from wachovia.com – it didn’t.
Golden rule here – never believe an email like this – a legitimate business doesn’t take this route to communicate updates. Furthermore, if you aren’t sure go directly to the site and log into your account from there (rather than clicking a link in an email) – if there is something you need to do you’ll find out there. Finally, if you accidentally click a link you didn’t intend to, close your Internet browser.
Stay tuned - next time we'll talk about bogus spyware protection (also known as scareware).
If you think you are infected give us a call at 1-800-PCSUPPORT or click through to http://www.support.com. That link goes to where it says it will go - no phishing.
Additional resources:
- More on phishing: http://www.support.com/blogs/supportcom/post/if-it-smells-fishy-it-s-problem-phishing.aspx
- Update on the Conficker worm: http://www.support.com/feature/conficker-virus-protection