From the Actrix Online Informer May 2011

Phishing revisited

by Rob Zorn

Have you recently received an email from a deposed African leader offering you millions of dollars in exchange for the use of your bank account? Or perhaps from a soldier in Iraq who has found a significant stash of drug money that heís willing to share if you let him deposit it into your account?

What about one that appears to come from Actrix saying your account has been suspended or your email is about to be deleted unless you log in and take action?

If youíve answered no to these questions, you're either extraordinarily lucky, or you just don't check your emails. If youíve answered yes to these questions (and I'd almost bet the house you have), you probably donít need to be told that youíve been spammed.

People have been receiving spam since the pre-internet days of 1964, despite the best efforts of every ISPs' spam filters, and the easiest way to deal with it has always been to either ignore or delete it. However, in this issue I thought I would return to a particular type of spam thatís becoming more prevalent: phishing. We've dealt with phishing before, and a lot of people would probably know what phishing is, but I thought Iíd go over the basics again as there sure has been a lot of it lately. Also, itís always a good idea to recap as the people sending these emails get sneakier every year.

So what exactly is phishing? Phishing attacks are most commonly fraudulent emails that claim to be from a creditable source, and are designed to fool you into divulging personal financial data such as credit card details and account user names and passwords. The emails usually ask you to log-in to a banking or similar site and amend your personal details in some way. They usually contain a link that does one of two things. Either it takes you to a website that has been created to look identical to an authentic site – except, when you enter you usual log-in details the information is captured and recorded for future nefarious use – or it takes you nowhere but downloads some malicious software onto your computer that trawls through your hard drive looking for personal information.

Iíve received a fair number of phishing emails recently, so here are a few examples. One was from Kiwibank, telling me my bank account was about to be closed. To prevent it being closed, I would have to go to their site (link provided) and enter a few details. Of course this was a scam; all the sender wanted was my account details. Another email came to a hotmail account, telling me Microsoft were tracking this particular email, and that if I wanted to keep my account I would have to reply with my account username and password. Then there was one pretending to come from Inland Revenue, telling me I was owed a tax refund. All I had to do was go to their site (again, link provided), and enter some personal details.

Now I don't actually have a Kiwibank account, but people sending phishing emails don't care. They just send millions of these things out knowing that at least some of them will turn up in the inboxes of real Kiwibank customers who might be fooled. And when you're sending out millions of emails, a success rate of less than 1 percent can still be fairly sizeable.

This is, of course, the first way to tell whether an email is authentic or an attempted phishing attack.

Another way to identify a phishing email is to remember that banks and Inland Revenue and TradeMe and Hotmail etc have it as part of their policy never to send you a link asking you to log-in. If they do require you to do anything, they may ask you to log-in, but always by typing their website into your address bar rather than providing you with a link. That way you can be sure that the site youíre visiting isnít a fake.

A further and very obvious way to identify a phishing scam is that the emails you receive will often be poorly written, full of spelling mistakes and grammatical errors. Often the senders of these emails are down-right lazy; some might copy in the companyís logo their trying to impersonate into the email, but others wonít even bother doing that.

There are a couple of reasons for the generally poor quality of the emails. The first is that a high percentage of these emails actually come from India, Brazil and Nigeria, where English is not a first language. The second is that these emails are generally intended for people who are fairly new to the internet. These people are easier to fool, and are less likely to suspect a few spelling mistakes and a dodgy logo. Or else they become so alarmed by the dire warnings they've received that they decide to "play it safe" and follow the email's instructions Ė which is the least safe thing to do!

If you do receive a phishing email, donít be worried. Feel free to delete and forget it. The sender has no personal information on you, and millions of these emails are sent around the world each day, so thereís no call for concern. Sending an email back will only let the sender know that your email address is active and "ripe for further spamming".

If youíre ever worried that an email might be a phishing scam, you can always ring the company or outfit that it says itís from. They would be happy to tell you whether they sent the email or whether itís just someone going phishing.


Copyright © 2011 Actrix Networks Limited | Contact: