| Phish Spam |
|
|
|
Written by James Miller February 3, 2006
I’m working on a story with respect to phishing e-mails. I get about 400 a day trying to get my bank account details. Interestingly they are only for two UK banks; Halifax and Barclays. When e-mails from one stop the other starts, which is another point of interest. I used to get loads for American banks, but I haven’t had any for about a year now.
How many of these e-mails do people get? And who are they from?
By the way, I would never bank with anybody who was the target of a lot of phishing e-mails.
James Miller
Daisy Analysis
Written by Kenny Lau February 6, 2006
When I receive Nigerian scam email, I make up a fake identity for myself and "play" the game with the scammer, asking them a question or making them do something per email I send to them (at drawn out intervals of an email every few days), such as asking them to send or email some form of identity document, etc etc. At the end of the game, I send them a copy of a closely similar Nigerian email asking them whether the sender is one of his / her relatives!
If there are more people "scamming" them in return, these low-life scammers' time may be wasted to the point that they will drop out from this much-hated type of business because they will have to spend much more time sifting out who is and who is not duped by
them.
Kenny Lau
ecopurewater.com
Written by Barry S Mills February 7, 2006
"By the way, I would never bank with anybody who was the target of a lot of phishing e-mails." - James Miller
Wow, that's harsh! It's not like the banks are at fault for being targetted.
I don't get as many phishing mails as James, but I get quite a few. I haven't seen the concentration he has on a handful of banks, and I would guess that James has a domain that has a lot of auto-generated addresses on the target list of a single spammer, who has only got round to targeting two banks and does them in rotation (hence the e-mails coming in waves for one or the other).
I can't think of a bank I haven't seen a phishing e-mail for tbh, certainly get them all the time for all the major UK banks, along with paypal, Amazon, various bookmakers, etc etc. Consumers are going to have to get much more clued up to combat this, and banks and other organisations are going to have to up their security measures. Banks are doing this, but very slowly, as is their nature. Imagine the trouble we'd be in if a fire station was staffed by bankers. Those of you outside the UK may be astonished by this, but most of the major UK banks haven't even rolled out e-mail addresses for use by customers yet, so stuff that needs some real thought is obviously going to take decades.
In the meantime, if you are going to have a policy of not dealing with any bank that is targeted by phishing spam, I think you're going to have to manage without a bank account.
Barry S Mills, Managing Director
Netstep Corporate Communications
Written by Tom Aman February 8, 2006
I probably get 4 to 8 phishing emails a day. Many are for American banks (I am in Canada), occasionally one is for a Canadian Bank, and I have had them for UK banks (LLoyds, Halifax and Barclays) but the most regular phishing emails are for eBay and PayPal. Some are quite funny because very often the English is bad.
Who are they from? Basically, they are from someone hoping to get access to your bank account, eBay account, PayPal account or identity information. Check the link that they want you to click (don't actually click it because some may try to send you a virus), then use a site such as http://www.dnsstuff.com/ to do a Whois lookup on the IP address or site name within the link. This will often point to a hosting company.
I have also seen links such as "123.123.123.123:1234" and when the IP address portion (everything in front of the colon) is checked it points to some legitimate company. The number after the colon is a port number. This situation usually indicates that the company's computer has been penetrated and the low-life is using it to capture the phishing info. HTTP normally defaults to port 80, occasionally an IP will show with some other port such as 8080, in a phishing situation the port is likely an unusual number - a port number that is unlikely to be used by the company for anything else.
In either case, forward the email with complete headers (easiest way is to "forward as an attachment") with a brief comment that it is a phishing email and would they please take care of the problem. It also doesn't hurt to forward the email with complete headers to the targetted bank / eBay / PayPal to alert them in case they do not already know about it.
"By the way, I would never bank with anybody who was the target of a lot of phishing e-mails."
I have one question for James. Why would you never bank with anybody who was the target of a lot of phishing emails? The bank is already being victimized. Why blame them for the problem? As long as you don't fall for the phishing scam, the fact that they have been targetted is not going to affect you in any way.
Tom Aman
Aman Software
Written by Andreas Huttenrauch February 9, 2006
In time, I've learned to smell a phish when I see a phish, and usually just ignore them. A few months ago I did see one which intrigued me though. The English was actually OK, and they made it look like a plain text message, but it was in HTML, so the URLs didn't go where they said they'd go.
For some reason I decided to check it out anyway, and what I saw astounded me. I still haven't figured out how they did this, but they managed to overwrite the URL in the browser with a fake domain. It looked like an image was used for this, which was meant to be placed over the URL in the address bar.
Luckily, I was running the Google toolbar, so the fake URL ended up in the wrong place, but if it landed on the actual address bar, it would have been really hard to catch this phish.
When in doubt, try looking at the message in a plain-text client or webmail where you can be guaranteed that what you see is really plain text only, and the URLs you see are true to themselves.
Andreas Huttenrauch
Globi Web SolutionsWritten by James Miller February 9, 2006 You ask why I would never bank with a company that gets lots of phishing e-mails. If they are the targets of crooks, then it is likely that their security is not as good as the other banks. So why should I take the risk. I’d like to see banks be made to publish how much they lose to fraud and in which ways.
It is interesting you mention Halifax and Barclays. These are the two banks that I get most phishing for, other than PayPal and
eBay.
One trick I have done with PayPal is to make my primary address, james,daisy.co.uk, but set james.miller,daisy.co.uk as the address that PayPal uses to communicate with me. If I get anything for james from PayPal, then it’s spam. As I never publish the other e-mail, no-one can associate it with my PayPal account.
James Miller
Daisy Analysis
Written by Scott Marino February 10, 2006
"If they are the targets of crooks, then it is likely that their security is not as good as the other banks." - James Miller
The assumption is not necessarily correct. The banks are not the target, the general public is the target. The larger banks are the ones used by the phishers simply because they increase the odds that someone would respond. The phishers are not geo-targeting their e-mails, they are broadcasting them by the millions. They increase their odds by using the most popular banks.
A hacker (much different than phisher) would likely target a small local bank for attack rather than a large national one as the large bank would likely have a larger security budget and staff.
Scott Marino
webundies.com
Written by Steve Pronger February 10, 2006
I think you're overlooking one thing, James. A phishing e-mail directs recipients, who by chance have an account with the bank being impersonated, to a fake website which the bank do not own or have any control over. The bank have no involvement with the process at this point. Once the fraudster has all the pertinent details which the target has unwittingly divulged, he can login to that bank account.
How is a bank to know that the person logging in is not their customer? However robust a bank's online security system is, if I have every detail you need to access your account, then I can become you and the bank will never know the difference.
I think any bank or financial institution can be the subject of a phishing e-mail. It doesn't really reflect on the bank's security systems, other than the fact that their website might be easier than others to copy. All banks can really do to combat phishing is to educate their customers on how to detect fake e-mails. All a customer has to know really, is to never click on a link in an email to logon to their account.
Steve Pronger
stevepronger.com
Written by James Miller February 13, 2006 "The banks are not the target, the general public is the target. The larger banks are the ones used by the phishers simply because they increase the odds that someone would respond." - Scott Marino
I believe that the number of phishing e-mails for a particular bank does reflect that bank’s security, in that the better the security the less likely a customer is to be fooled. Remember, by security I would include the publicity and information that banks send to customers to warn of on-line fraud.
Take Nationwide, which is quite a large UK bank, where I have had contact with the security department. Scams were tried on this bank a couple of years ago and I have been told that they were not very successful. I have not seen one since. If I was a scammer, I wouldn’t bother if I didn’t get any money.
Scams were also tried on most other UK banks. Again nothing at all in the last year or so!
So as Barclays and Halifax get nearly all of the e-mails, I am pretty sure that these are the only banks where the scammers have been successful. Intriguingly, I believe that these scam e-mails are one group of fraudsters. Why for instance, do Barclays stop and then Halifax start? And vice-versa! I’m analysing some of the e-mails in detail to see if I can find more evidence of one
group.
Now if it is one group, why aren’t the banks doing more to stop
it?
As I have said before, we need a law which would make each bank show how much they lose to fraud each year and to what methods. This would mean they had to get it right, as they wouldn’t want to see business disappear.
James Miller
Daisy Analysis
My bank, Bank of America, has recently started 2-step authentication for online banking. In this process, I only enter my user name on the BofA page. This takes me to a second page where 2 things can happen - if the bank recognized my IP, I get a place for my password, along with a unique image that I selected when I signed up. If I don't see my image, I don't proceed.
If the bank does not recognize my IP, I get a random choice of 1 of several security questions that I also selected at signup. Upon passing that test, I go to the image / password page.
This process both authenticates me, and authenticates the web site. It does require the consumer to think, though, so it's not perfect. I've never understood why so many people fall for these lame
emails.
Wes Hopper
createsuccessseminars.com
Written by Tom Aman February 14, 2006
James, even if the phishers are sometimes successful with their scam, please explain to me how that will affect you, personally, if you have an account with one of those banks but never respond to one of these scam emails.
Also, what do you suggest the banks do to stop it? They are not getting the emails so they don't directly have access to the necessary info to trace the scammers. Maybe, if every customer of those banks who received such an email, forwarded the email *with complete headers*, the banks would be able to do something.
Two problems. First, most people just delete the scam email so the bank never sees it. Second, even if they do forward it, many (the majority?) do not know how to forward an email so that the complete original headers are sent with the forward. In Outlook Express, for example, if I just click "Forward", most of the original headers are stripped.
Other than alerting the bank to the fact that the scam is being attempted, such forwards are of little use. To forward with complete headers from Outlook Express, the email must be forwarded as an attachment.
For determining if the emails in question are coming from one group, it is a matter of looking at the "Received" headers, identifying and ignoring the faked ones, then checking the remaining. Even that may not help because a smart scammer will use a variety of originating servers so sometimes you can relate the emails, sometimes you
can't.
Tom Aman
Aman Software
Comments (0)
 Write comment
|
