Phishers learn new tricks

“Phishing” is the practice of using deceptive hyperlinks in an email. You click a link thinking that you are going to your bank or some other trusted site, when in fact the disguised hyperlink sends you to a scammer’s web site.

Scammers do this in order to trick people into parting with sensitive personal or banking details. (Wikipedia can tell you much more ).

The latest Security Fix column in the Washington Post explains how phishing scams are getting more sophisticated.

A recent phishing scam on customers of a credit union used SSL certificates to give an added sense of false security to potential victims. It also looked more legitimate by quoting part of a credit card number common to all customers at that particular bank.

There is no reason for Mail.app users to get caught out. Rob Griffiths at MacWorld provides a tutorial on how to avoid these phishing scams.

Plain text is your best defence. Failing that, the process for protecting yourself differs in Panther and Tiger Mail.

In short, it involves uncovering the hyperlink behind the visible text by clicking and dragging the URL in 10.3 or hovering the mouse over the link in 10.4 to reveal the actual URL underneath (as below):

Poor spelling and grammar are also sure signs that something fishy is going on.phishing, scams, email, hyperlinks, SSL certificates, mail.app, apple mail, spam

Similar Posts:

• Broken Hyperlinks – Work-around 2
• Anti-spam: Scamming the scammers
• Complicated solution to Mail.app’s broken hyperlinks
• LinkABoo: Hyperlink to emails in other apps
• Broken Hyperlinks – Work-around

Tags: Apple Mail, email, hyperlinks, mail.app, phishing, scams, spam, SSL certificates

This entry was posted on Wednesday, 15th February, 2006 at 12:32 am and is filed under Apple Mail, Email in general. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “Phishers learn new tricks”

1. Ted Pavlic says:
   February 16th, 2006 at 7:53 am

   It may be worth noting here that Mozilla Thunderbird 1.5 has added something similar to its spam filter that looks out for e-mail scams (including phishing).

   Thunderbird’s junk filtering has an almost identical interface as Apple Mail’s, and Thunderbird’s scam filtering is very similar to that. When Thunderbird thinks an e-mail is a scam, it puts a big warning across the top of the message saying “Thunderbird thinks this message might be a scam” and then gives you the option of selecting “Not a Scam.”

   Now, Thunderbird does not give you any option to do anything with these scams. Nor does it give you the ability (as far as I know) to flag a message as a scam that is not marked as a scam, so I’m not sure what sort of learning ability it has. You also cannot tell that it has marked a message as a scam unless you view the message. There is no “scam column” or anything.

   So far it’s been pretty conservative about what it marks as scams without any training. I cannot tell if it’s gotten more accurate as I’ve started marking certain messages as not scams.

   I also have not tried clicking on a link in a “scam” message. It would be pretty neat if Thunderbird warned you on clicking on a scam link. (but I doubt it does that)

   It’s a very new feature, so I just thought it would be worth a note.

2. Tim says:
   February 16th, 2006 at 8:31 am

   Thanks, Ted, that is worth a note. I hadn’t noticed that.

   I did notice though that Thunderbird displays the true, underlying URL in the status bar when you hover your mouse over a link in an email.

   That’s useful too.

3. Ted Pavlic says:
   February 16th, 2006 at 8:37 am

   If you haven’t seen any “This is a scam” messages, make sure it’s turned on. I’m not sure it gets turned on by default (though I have to imagine it would be; otherwise I wouldn’t have seen it).

   Try Thunderbird->Preferences (or Tools->Options for Windows users) and then go to the “Privacy” tab. There will be an “E-mail Scams” tab that holds a single checkbox and a mysterious message:

   “Thunderbird can analyze messagse for possible email scams by looking for common techniques used to deceive you.

   [x] Check mail messages for email scams”

   (it’s odd to me that they use “email” sometimes and “E-mail” other times)

   Note that there is also an “Anti-Virus” tab that has an “Allow anti-virus clients to quarantine individual incoming messages” that I’m pretty sure is turned off by default. It might be nice to turn that on.

4. -L says:
   February 21st, 2006 at 3:37 pm

   Hi there,

   I came across your blogpost and am wondering if you or anyone you know can help me to remove a phishing script (RoyalBank of Canada) from my humble little website. My site has been shutdown due to this phishing script. But I don’t know enough html to skillfully remove this script and my webhost wants me to delete my site entirely and replace it with a clean back-up. Problem is, I don’t have a clean back-up copy.

   Any tips? Thanks in advance.

   -L

Leave a Reply