Our brief guide to Phishing

by Mat Bright
12th February 2004

return to home page

Remember the Phone Phreaks?

It was a term used to describe those that hacked the telephone system back in the 1970s and the same symbolic replacement of the 'f' has passed on to email fraudsters who 'fish' for web users' identity details.

Phishing is a term used to describe the action of assuming the identity of a legitimate organisation, or web site, using forged email and/or web pages and with a view to convince consumers to share their user names, passwords and personal financial information for the purpose of using it to commit fraud. This is also and often refered to as Identity Theft.

Phishing is a relatively new expression, having been found to have been used in a newsgroup as early as 1996 and in the media in 1997. Since then a plethora of phishing scams have crossed our desks here at MillerSmiles.co.uk and our Library of Scams has many examples with images of both the forged emails and web pages.

Many of the major web sites have been the subject of these phishing scams...

Some of these sites refer to these forgeries as spoof email, which is perhaps a more 'consumer friendly' term. These spoof emails are distributed just like spam and to anyone whose email address is on the scammers' lists, whether they are a user of that particular site or not. Sites hit by these scams have included...

Yahoo - Microsoft - AOL - eBay - Paypal - Hotmail - Earthlink - Barclays iBank
Citibank - Halifax - Nat West Bank - Nationwide - MSN
FDIC (Federal Deposit Insurance Corporation)
Lloyds TSB - AT&T - Fleet Homelink - U.S. Bank

 

The vast majority of phishing scams consist of...

...a forged email which links to a forged web page or site. The email text urges you to complete an essential procedure by using a link which opens a forged web page. That essential procedure has included account verification, invalid credit/debit card details, attempted hacking of your accont, prize draws and account suspension, to name but a few. In many cases, the email has included a worm virus which creates a browser type form rather than opening a web page (such as the Mimail worm).

For many months, this was made easier for the perpetrators when a bug was found in Internet Explorer browsers which allowed a fake URL to be shown in the browser's address bar while a forged page was being viewed. Scammers had rich pickings until Microsoft issued a patch in February 2003.

The forged web pages usually contain a form to provide the information that the scammers want to use to commit fraud. This usually includes use of the victims' credit/debit card to open online accounts and hijacking of online accounts to steal money. For instance, eBay users have had their accounts hijacked in this manner while the scammers use the accounts to list high value items, receive payments from hopeful buyers but never send the goods. Other victims have had their credit rating and financial livelihood destroyed when their identity has been used to raise finance, while others have seen their credit or debit cards used by others to buy goods online.

Avoid becoming a victim of a Phishing Scam by following these simple rules ...

Treat all email with suspicion - What you see in the email body can be forged, the sender's address or return address can be forged and the email header can also be manipulated to disguise its true origin

Never use a link in an email to get to any web page. If you must go there, type the URL directly into your browser's address bar

Never send personal or financial information to any one via email

Regularly log into your online accounts - don't leave it for as long as a month before you check each account

Scrutinise your bank, credit and debit card satements and ensure that all transactions are legitimate. If anything is suspicious, contact your bank and all card issuers

Ensure that all of your software is up to date - for instance, if you use Microsoft's Windows, run Windows Update every day when you first connect to the internet. If you use other operating systems or browsers then check daily for patches or updates. Security loop holes are regularly discovered in software and many of these scams have utilised a vulnerability in Internet Explorer

If you must use your financial information online, ensure that you have adequate insurance against fraud

Be good, be careful and be aware.

More on Phishing ...

Read the full article - Phishing, Identity Theft and Email Scams.

See many image snapshots of the forged emails and web pages or sites used in real Phishing scams in our Archive of Email Scams.

If you have received a forged email, then please forward it (preferably as an attachment) to spoof@millersmiles.co.uk to be examined and we will publish it if it reveals new information about these scams.