Thursday, January 27, 2005

PSA: Phishing

I got this email today:
Click to read.

This is an excellent example of a “phishing” or “spoofing” scheme. Click on the image above and read the email. It is not from eBay, but I would venture to say that 90% of the people who would read it would not have any reason to believe otherwise. Being the skeptical and vigilant webhead that I am, I was immediately doubtful (and cautious), and I did some quick investigation.

FIRST, before I clicked anything, I checked out the source code of the email to see where the hyperlink below really pointed. (There are also some quick ways to do this, like 1.] just hovering over the link – without clicking! – and 2.] hitting Forward, right-clicking the link, and choosing Edit Hyperlink….) I discovered that it points to an address that begins with, which is a website in Korea.

Out of curiosity, I then decided to compare the spoofed page with eBay’s actual sign in page:

To see the Koreans’ page, I edited the spoofed URL and stripped everything from the first “?” through the end of the address, since I assumed keeping that data there would link my visiting the site with the email address to which the message was sent. Here’s what that page looks like:

I’ve circled the differences, which are pretty subtle. A few of the differences were blindingly obvious to me, though (remember: Webhead). 1.] I read the news, so I know that, as of a couple of weeks ago, eBay is no longer supporting Microsoft Passport authentication! 2.] I read the message below the little light bulb icon above… and obviously the Korean site doesn’t begin with that text! 3.] You know that “lock” icon in the lower-right corner of your browser when you’re visiting a secure site? The eBay site had it, and the Korean one didn’t.

So, what’s the big deal? Well, if I were to fill out the form on the Korean site above and click the “Sign in Securely >” button, I would be sending my eBay login and password to someone who’s running the fake website. If I had my credit card or PayPal information linked to my eBay account, then anyone who could log in wouldn’t have to work too hard to start stealing my identity.

Some SPAM emails and phishing schemes are pretty obviously fake, but this one is a very well-designed hoax. Make sure you’re especially careful when you get emails like this, whether they’re claiming to be from eBay or any other company. Your best bet if you get one of these is to log in to your account as you normally would – not via the link in the email – and investigate from there. Also, if there is a phone number in the email, don’t call it in an attempt to solve the problem; it’s probably a fake, too. Instead, make sure you just call the number you have on file for the business in question.

This public service announcement has been brought to you by Andy.


Post a Comment

<< Home