Phishing Example
April 10th, 2006
I mentioned phishing in a post yesterday, and not long after I received an email which was attempting to do just that in my inbox. For those who are unsure quite how phishing is done, I thought I’d show this attempt as an example of the sorts of things to look out for. Luckily in this case, GMail detected that it was spam, which gave me an early indication that it was probably fraudulent.
The email I received was branded to look like a genuine email from Barclays:
The first alarm bells should ring after reading the text - it is unlikely that any decent bank would ask you to confirm your details in this way. The address that the email appears to link to looks genuine enough:
But if you hover over the link, the true destination is revealed in the browser status bar (probably at the bottom left of your browser window):
The fraudsters have used “subdomains” here to make the address look genuine, but notice how many dots (.) there are before we get to another backslash (/). The .dllisapi.in part is where the link is really going to.
Another thing that I noticed was that the whole content of the email was contained in an image. The text was not selectable. Quite a strange thing for a professional organisation to do in their email marketing. But there was also a large blank gap underneath the content and further investigation led me to uncover that there was hidden text in the email (white text on a white background), which is probably an attempt to trick spam filters to allow the email through.
I’ve tried following the link in the email to see how the fraud continued, but the site is no longer available, so may already have been shut down, or the fraudsters may have moved on to the next server to continue their crimes.
Hopefully this has given you a few ideas of the sorts of things you need to look out for when receiving emails from your bank.
Categories: Featured, General, Tips
