|
Home »
Podcasts
» 2007 Podcasts
Listen to the podcast: If phishers had a
clue.... Transcript This is Leo Notenboom for askleo.info. Like most of you I'm sure, I get a fair amount of spam including a healthy share of virus-laden messages and attachments as well as phishing scams. Most of these messages work by trying to trick you into doing something - perhaps buying something, opening up an attachment, visiting a web site, or at its worst, visiting a web site and entering your personal information. Phishing absolutely amazed me on several levels. For one thing, so many of them are absolute junk! Broken English, horrible formatting, even broken HTML in many cases - links that are obviously fake. A good 90% of the spam I get falls into that "so obviously fake, why do they even try?" category. Hence my second point of amazement: they work. As bad as those emails are, people fall for them every day. Even after all this time. And it's not an issue of stupidity, through I'm sure there's some of that out there, it's more about ignorance and education. What's "obvious" junk to you and me isn't so obvious to many. But that leads me to my third point, which I find kind of scary: a phisher who would take the time to craft a proper message and write proper English could rule the day. With so many phishing, virus and other spam messages being so horribly, obviously broken, either in form or in language, a message that wasn't would stand out. Or rather, it wouldn't stand out as being so obviously bogus. And that would increase the chances of its success. They are out there. I almost fell for one a few months ago. The timing was right - I was involved in transaction inquiry with my credit card company, and sure enough I got email that looked like it was from a credit card company and looked fairly legitimate. The phisher had taken the time to craft an appropriate lure. As a result of the coincidence of my expecting email from my credit card company, and the good imitation done by the phisher ... well, I almost clicked through. But I've trained myself. I always look at where the link really goes by hovering over it before I click. Sure enough - it was a total fraud. And just to be clear, depending on your mail program, that "hovering over" I did can also be spoofed. Really, the only totally safe thing to do is simply never click on links in email unless you're totally certain that you trust the source. Like I said, right now most spam is laughably bogus. But if more malware and phishing authors ever get a clue, it's going to get a lot more difficult to tell what's real from what's fake. I'd love to hear what you think. Visit askleo.info and enter 12058 in the go to article number box to access the show notes, the transcript and to leave me a comment. While you're there, browse the hundreds of technical questions and answers on the site. Till next time, I'm Leo Notenboom, for askleo.info. Related:
• Recent Comments
to ask leo I to try to be very careful and check links, and i too have been duped by a better then average piece of spam. However, But I also tell people that they should have a pretty good idea of what emails they have signed up for, and those emails should have a higher then normal level of trust. People should also be aware of what they sign up for, and a good example is... Down at the mall I occasionally see a new car with a table and small slips of paper asking for your name and address. The slips also state that they could win this car by entering. People write there info down then forget it about it. Weeks or months later they get a notice from some place that wants them to come hear a lecture (typically 2 hours) and win a prize! Many people fall to realize that the two events are directly related and that people signed them up for that junk mail. So i would add in be careful with what you sign up for a site should not be asking for your address to look around. Even then most providers give multiple email addresses and there are plenty of free ones, so have one email account for family and friends and make sure they know it is just for them. Then use an alternative email for signing up for things and when you start getting to much spam turn it off. Another point...if you suspect it is spam do not open it because then they know that address is legit and will give it/sell it to others...they might do so even if you do not open it, but you wont get as much spam. I wrote some relevant blog postings on this Defending against a phishing email message. I set up an autoresponder that you can use to test if your email program can be manipulated with JavaScript to show the wrong link destination Is that e-mail message legit? How a computer nerd analyzes it Recently my credit card expired and was upgraded but I forgot/neglected to tell my ISP which tried billing me with the old details and they then sent me an email asking me to update my details via the link prrovided in the email. While the email turned out to be genuine, how different was that from the usual phishing emails which are always asking you to update details for your bank accounts or whatever. I contacted the ISP via my usual web link and commented about their look alike phishing email and they said they had always done it that way. So no wonder people keep getting caught by these things. Posted by: Tony O'Connell at December 8, 2007 01:02 PMtwo things about this, one is perhaps a phish might look obvious to one machine but not the same to another, the second is that its as atrocious as what a computer attempting literal reasoning in speech...so maybe this is machine generated and unique to each machines display that receieves it...or set of common variables? Posted by: Marc at December 8, 2007 01:03 PMLeo, good buddy, I realize you know this 'work' better than Able himself BUT I am sure the phishers appreciate the information on how to improve their 'work'.BTW,what is "hovering" (as to email).How may one do that.Ole (_E=mc2_) here. Posted by: Bob Pease Jr at December 8, 2007 05:13 PMPost a comment on "If phishers had a clue...":
|
Archives Advertisers |
