cancel
Showing results for 
Search instead for 
Did you mean: 

Phishing - are you vulnerable?

Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Phishing - are you vulnerable?

(For those who don't have a foggiest clue about what "phishing" is, take a quick look on Google.)

I don't intend to make this a long post about Phishing, because there are plenty of those elsewhere, but I just want to point one thing out:

The answer to the question in the post topic is unequivocally yes...

I know probably more about phishing than your average eBay user (well, mod-ing the forums of an ISP does help Wink ), yet, when I received an e-mail claiming to be from eBay, and inviting me to click on a link to go to a page to enter credit card details, I clicked on the link..... thankfully, the page 404'd, so I didn't get anywhere - but only then did it click in my head that it was phishing. The problem was that the URL was exceedingly sneaky... there were no missing dots to look out for (e.g. ebayco.uk), the sub-domain was legitimate... it looked absolutely fine. Except for one too many slashes after the .co.uk. The URL was http://signin.ebay.com//ws2/etc, as opposed to http://signin.ebay.com/ws2/etc.

So - the moral of this boring forum thread? Don't think you know enough to not be caught out - because trust me, you can... I almost was. Shockedops:

Thomas
11 REPLIES
Community Veteran
Posts: 5,878
Registered: 04-04-2007

Phishing - are you vulnerable?

As a semi-proffesional ebayer these sort of ebay emails are always a massive headache for me too, I have to be careful of every single email I get off them (thats a fair few each day), im worried that one day i might get caught out myself.

Chris
Community Veteran
Posts: 6,983
Thanks: 8
Registered: 10-04-2007

Phishing - are you vulnerable?

Its not just this phishing that a problen these days.

I made a couple of purchases over the internet last month and a few days later I happened to ask for a mini statement from the ATM (hole in the wall.)
Found that my account was deeply in the red Cry

A phone call to my branch revealed that some bastard in the London area was using a clone of my card, going to supermarkets, buying around £5-00 worth of goods and then getteng £50 cash back.

Got the card stopped straight away but between the 9th and the 13th they had take £700 from my account.
Lucky that I happened to check when I did or it could have run to over a £1000 before the card got refused.

Fortunately because I hadn't actually lost my card the bank has stood the loss.

Makes you worry though about buying things over the net :?
N/A

Phishing - are you vulnerable?

These days, I prefer to use companies on the net that have a 3rd party provider handling payments. Namly World-Pay, Nochex (not strictly a 3rd party, but safe).

You should also be watch out for the sites that have the Visa & Mastercard secure code systems. They are not as safe as they claim. The site may feature the code, and prevent people from finding your code, however, that doesn't stop them collecting your CC details and using them in other locations.
N/A

Phishing - are you vulnerable?

There is always the risk when you use a debit/credit card that your details could be swipped and money taken from your account. This can just as easily happen when buying a meal at a resturant as it can on the net.

Thankfully I've never had one of these phishing e-mails, but I'm sure it's just a matter of time.

Most banks now say they offer protection against internet fraud anyway, just not nice when it happens. I've had a credit card cloned before, thankfully the CC company stood the cost.
michaelscott
Grafter
Posts: 594
Registered: 09-08-2007

Phishing - are you vulnerable?

N/A

Phishing - are you vulnerable?

Not stricktly true.

Phishing scams make use of vulnerabilities in browsers (IE and Opera have been affected), will allow an attackaer to display a different URL in the location bar, to that which you are actualy visiting.

You could infact make people see the PlusNet portal in the browser, but see the address as http://www.microsoft.com/

You are right in saying a double slash wouldn't nesaseraly mean it is a phishing scam, however, you shouldn't drop your guard on that alone.
N/A

Phishing - are you vulnerable?

Hi All

Found this little programme that some maybe interested in,the website says it is not perfect but it helps.I have downloaded it and installed on my wifes Windows Machine running "Firefox",but it is available for "Internet Explorer".Have'nt as yet found a false website to test it on,but it takes up hardly any room :-)

here is the URL if anyone is interested

http://www.corestreet.com/spoofstick/index.html

Ian & Linda Jordan
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Phishing - are you vulnerable?

Interesting utility... the eBay toolbar is supposed to do something similar (though obviously it only works on the eBay sites).

Thomas
michaelscott
Grafter
Posts: 594
Registered: 09-08-2007

Phishing - are you vulnerable?

Quote
Not stricktly true.

Phishing scams make use of vulnerabilities in browsers (IE and Opera have been affected), will allow an attackaer to display a different URL in the location bar, to that which you are actualy visiting.

You could infact make people see the PlusNet portal in the browser, but see the address as http://www.microsoft.com/


Actually, it is true. A forward slash always denotes a directory on the server. Using an exploit to display a different URL is entirely different.
N/A

Phishing - are you vulnerable?

You are correct in stating a slash donates nothing more than a directory (not 100% true, it's resource location seporator. A URL, doesn't always specifiy a physical file).

However, Phishing scams cause there targets to see nothing more than they want them too. They see are URL that looks legitimate, however, the background functions of the browsing parser cause you to goto a different location.

Example: http://www.microsoft.com/

You see what looks like a link to Microsoft, but infact, it takes you to PlusNet.

Combine this with the display exploits, and even the URL in ther location bar will show a different URL to the site you are actualy on.
Community Veteran
Posts: 6,111
Thanks: 1
Registered: 05-04-2007

Phishing - are you vulnerable?

Heh... I think you're all going a bit over the top with this URL business. Smiley I wasn't saying the extra slash was part of some fancy browser exploit (which I didn't even know about anyway)... the extra slash simply alerted me - because it'd be highly unlikely that eBay would have mis-spelt one of their own URLs!

Thomas