A new Phishing tactic
Quick primer: phishing is email that pretends to be from some business or bank with which you might have an account, urging you to take some action to protect your account from a security risk. You click the link in the email — JUST DON'T DO THAT, OK? DID YOU HEAR ME? *D*O* *N*O*T* *C*L*I*C*K* *L*I*N*K*S* *I*N* *U*N*S*O*L*I*C*I*T*E*D* *E*M*A*I*L*!*!*!*!*!* — and it takes you to a fake site which looks like the real site for the business in question. And it says that to prove your identity and protect your account, you have to give it your bank account, credit card, Social Security number, etc. JUST DON'T DO THAT, OK? DID YOU HEAR ME? JUST DON'T DO THAT! You'll lose your bank account, your credit, and worse.
Here's rule one: if they sent you the message out of the blue and it includes a link, it's a phishing message. Don't click the link. JUST DON'T DO THAT, OK? DID YOU HEAR ME? JUST DON'T DO THAT!
OK, but now if you're curious, you can explore the phishing email. Hover the mouse over the link. If you've got a decent mail reader, you'll see the real address of the link. In the message, it might look like http://www.PayPal.com; but when you hover over it, you'll see something entirely different. That's proof positive that you're being phished. Don't click the link. JUST DON'T DO THAT, OK? DID YOU HEAR ME? JUST DON'T DO THAT! Often it will just be an IP address; and if you try to trace it down, you'll likely find it's in a foreign country.
Well, today I got an interesting one, because the phishing link wasn't an IP address; it was Google! Here it is, in part:
http://www.google.com/pagead/[Whole bunch of junk omitted]&adurl=http://[IP address cleverly encoded]/departament/index.php
I didn't put the whole thing here, because I don't want some moron somehow copying it into the browser and visiting the phishing site. JUST DON'T DO THAT, OK? DID YOU HEAR ME? JUST DON'T DO THAT!
But look at what they've done: they've highjacked the Google ads mechanism. Google ad images always include a link to redirect you to the advertiser. Well, instead they're making Google's servers do the work of forwarding you to their phishing site. So if you hover over the link, it looks semi-legit, because it is a legitimate Google link.
Except, of course, that the phishing email claimed to be from PayPal, not Google.
Still, someone gullible might believe the two companies were working together somehow. And so the "hover the mouse" technique might fail, since some readers will only show a short stretch of the total URL. The one with my Web mail, for example, only showed part of the address, not including the &adurl=http://[IP address cleverly encoded]/departament/index.php part. Microsoft Outlook 2007, on the other hand, shows all 209 characters of the URL.
So unless you're careful, the hover approach can still fail to alert you to a phishing address. There's really only one safe course: JUST DON'T CLICK THAT LINK, OK? DID YOU HEAR ME? JUST DON'T DO THAT!
Here's rule one: if they sent you the message out of the blue and it includes a link, it's a phishing message. Don't click the link. JUST DON'T DO THAT, OK? DID YOU HEAR ME? JUST DON'T DO THAT!
OK, but now if you're curious, you can explore the phishing email. Hover the mouse over the link. If you've got a decent mail reader, you'll see the real address of the link. In the message, it might look like http://www.PayPal.com; but when you hover over it, you'll see something entirely different. That's proof positive that you're being phished. Don't click the link. JUST DON'T DO THAT, OK? DID YOU HEAR ME? JUST DON'T DO THAT! Often it will just be an IP address; and if you try to trace it down, you'll likely find it's in a foreign country.
Well, today I got an interesting one, because the phishing link wasn't an IP address; it was Google! Here it is, in part:
http://www.google.com/pagead/[Whole bunch of junk omitted]&adurl=http://[IP address cleverly encoded]/departament/index.php
I didn't put the whole thing here, because I don't want some moron somehow copying it into the browser and visiting the phishing site. JUST DON'T DO THAT, OK? DID YOU HEAR ME? JUST DON'T DO THAT!
But look at what they've done: they've highjacked the Google ads mechanism. Google ad images always include a link to redirect you to the advertiser. Well, instead they're making Google's servers do the work of forwarding you to their phishing site. So if you hover over the link, it looks semi-legit, because it is a legitimate Google link.
Except, of course, that the phishing email claimed to be from PayPal, not Google.
Still, someone gullible might believe the two companies were working together somehow. And so the "hover the mouse" technique might fail, since some readers will only show a short stretch of the total URL. The one with my Web mail, for example, only showed part of the address, not including the &adurl=http://[IP address cleverly encoded]/departament/index.php part. Microsoft Outlook 2007, on the other hand, shows all 209 characters of the URL.
So unless you're careful, the hover approach can still fail to alert you to a phishing address. There's really only one safe course: JUST DON'T CLICK THAT LINK, OK? DID YOU HEAR ME? JUST DON'T DO THAT!
-EpeeBill
But the primer on phishing was just in case someone reading didn't know the general idea. What specifically made me post was the idea of using Google ads to "legitimize" the phishing. Some people think that if they hover over the link and it looks legit, then the email must be legit. Well, this Google link <i>looks</i> legit in some mail readers, because the URL is so long that the redirect gets chopped off.
So I'm hoping to persuade these people that the hover trick won't protect them, and they need to follow your approach.
Sure enough, he found it and cleaned it out, expressing his thanks - and my submission to be the leading man in the next Angelina Jolie movie: "Wombraider".
Well, the last part was a lie. But he did appreciate my noting that his server was pwned.
I then enter an insulting eBay/PayPal login and password. (Aka "youare"/"amoron".)