TCS - Don't get caught by phishing schemes!

Don't get caught by phishing schemes!

by Linda Gonse
Editor, Orange County IBM PC Users' Group, California
From the December, 2005 issue of the I/O Port Newsletter

In one week, I received three emails appearing to be from well-known companies. But, knowing that phishing scams concentrate on disguising themselves as ISPs, retail, or financial companies, I resisted clicking on any of the links which could lead to a bogus website and possible infection by a keylogger program. Instead, I suspiciously read the text in one authentic-looking email from "PayPal," and studied the full header on the message (see header below). Email header from spoofed "PayPal" message

Date: Mon, 24 Oct 2005 16:17:07 -0500
Message-Id: <200510242117.j9OLH7v15310@jamaicans.tv.propagation.net>
To: editor@orcopug.org
Subject: Paypal Security Measures
From: 
Reply-To: 
MIME-Version: 1.0
Content-Type: text/html

Looking at the header is easy to do in Outlook Express. Just right click on the unopened email file. Then, left click on Properties. Left click on the Details tab, and click on the button Message Source. (At other times, this also allows me to peek inside an email without officially opening it and letting a virus or worm loose on my system.) Next, I went to PayPal's site and took a look at their answers about phishing scams. By then, I was sure that the emails I'd received were fake and intended to "phish" out my personal information. All the targeted companies provided email addresses to report fake emails to follow up on them, so I forwarded those I'd received and deleted them from my email program. The top 10 companies targeted as phishing bait are: Citibank, eBay, US Bank, PayPal, Fleet Bank, Lloyds TSB, Barclays, Earthlink/AOL, Halifax, and Westpac. According to The Washington Post, "EarthLink gets around 300 phone calls and spends just under $5,000 per incident. Still, the nation's fourth-largest ISP encounters about 15 new phishing scams a month featuring email that purports to come from its own service. "Phishers now focus almost exclusively on banks and online shopping sites. During the past 10 months, nearly 60 percent of their attacks targeted Citibank or US Bank, according to the Anti-Phishing Working Group, http://www.antiphishing.org/. Earth-Link and America Online are the targets for about 3 percent of the scams." How can I tell the difference between a real PayPal email and a fake one?

The term spoofing and phishing have been used to describe the act of collecting personal information using a fake email in order to commit identity theft, credit card, and Internet fraud. If you click on a link included in an email you're not sure is from PayPal, make sure the address at the top of the browser window you're brought to reads exactly www.paypal.com. [ Editor's note: I would never click on a link I got in an email and then enter my password. If PayPal wants to contact me it will just tell me to go to their site. If I am a PayPal user (and I am), I should know that URL, or have it bookmarked.]
PayPal emails will address you by first name, last name, or business name, and NOT by Dear PayPal User or Dear PayPal Member.
If you are ever uncertain about the validity of the email or the email links, open a new web browser window and type in www.paypal.com.
If you think you have received a fraudulent email, forward the entire email to spoof@paypal.com and then delete it from your email account. If you receive a suspicious email from a familiar company, follow PayPal's guidelines to help you separate fake emails from real ones. (Just substitute the name and web address of another company for PayPal's.) This email is not from PayPal. Clues are: no personal salutation, European-style date, misspelling ("bellow"), and instructions urging you to log into your account. What about this Wells Fargo email - is it real or is it a fake?
Answer
Notice the top of the message. It has no personal information (such as your name or account number). Wells Fargo is one word and it is not capitalized. Now, take a look at the email's header (condensed due to space limitations). It gives other indications that this email is meant to phish out your personal information. Note the originating domain and the notation "it may be forged" that was added to the header by our web host's server. The Wells Fargo email is fake. Received: from web1.brainwavebb.com (216-8-70-66.brainwavebb.com [216.8.70.66] (may be forged)) by main2.ezpublishing.com Sun, 23 Oct 2005 10:40:33 -0700 Received: from nobody by web1.brainwavebb.com with local (Exim 4.52) id 1ETjqA-0006yy-11 for editor@ orcopug.org; Sun, 23 Oct 2005 12:41:02 -0500 To: editor@ orcopug.org Subject: Wellsfargo Online Banking From: Reply-To: X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - web1.brainwavebb.com Sender Address Domain - web1.brainwavebb.com
There is no restriction against any non-profit group using this article as long as it is kept in context with proper credit given the author. The Editorial Committee of the Association of Personal Computer User Groups (APCUG), an international organization of which this group is a member, brings this article to you.

For more information on the Tulsa Computer Society click here

Tulsa Computer Society 12/01/2005
Don Singleton, President

Don't get caught by phishing schemes!

by Linda Gonse Editor, Orange County IBM PC Users' Group, California From the December, 2005 issue of the I/O Port Newsletter

Answer

by Linda Gonse
Editor, Orange County IBM PC Users' Group, California
From the December, 2005 issue of the I/O Port Newsletter