I almost fell for this one, and I wasn’t born yesterday. Thanks to ole Thunderbird for watching my back. What’s the word?
Phishing is particularly dangerous because 1) it is possible to fake a return email address and 2)it is possible to use misleading links.

I haven’t a clue how it’s done, but steps can be taken to make a maligned email appear to come from a legit sender, like pictured here.

Secondly, you can make a link go to a false address by changing the href tag .  Like this:  http://www.yahoo.com if you click on that link you’ll see it does not go where it would appear that it should.   Or just look down below in the status bar when rolling over said link.

If you look at the status bar before clicking, be sure to take a good look, too.  Domain names are always the last thing before the first single slash:
For example:  a url says:  http://www.google.com  — that’s google.  http://maps.google.com — still google, pointing to the subdomain maps.  Subdomains go to the left.  But http://www.google.com.seezen.net is not google, it’s seezen.net, with a subdomain called “com” and a sub-subdomain “google”.  So the ruse is to use a legit sounding subdomain in your evil webaddress to throw off the scent.  You wouldn’t click on http://www.iamavirus.com, but you might fall for http://www.google.com.iamavirus.com, which is basically what the one I got today does.

The final ingredient for a phish scam is to cause some false alarm, for example, a fake message from ebay saying that your account has been hacked.  However, that kind of thing has already been widely written about to the point that it would raise an automatic red flag.  This message is particularly insidious because it lacks that kind of drama and goes instead for a nagging “gotta get that done” kind of message.

This entry was posted on Thursday, June 4th, 2009 at 1:40 pm and is filed under Eyes Roll, My Computer. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.