?

Log in

No account? Create an account
entries friends calendar profile SpaceParanoids.net Previous Previous Next Next
I'm a Hero! - Jarrett Heather
Jarrett Heather's Journal
jarrett
jarrett
I'm a Hero!
I just helped save Julie from getting caught up in a "phishing" scam.

Criminals send out emails that look official like they're from ebay or your bank, requesting you update some information or something like that. You click the link in the email, but it sends you to the criminals' website and they get all your private info. It's nothing new, but it's becoming more common.

Some versions of Internet Explorer can be exploited by address bar spoofing when you click on a link in an email. This means the address you see in the address bar isn't really the site you're on. Pretty scary, huh?

There's two ways to avoid this problem. First, make sure you have all the security updates for IE, and pay close attention to the address bar when you're giving up sensitive information.

Second, if you're not 100% confident about a link in an email, do not click it. Instead, bring up a browser and type the link into the address bar by hand.

Always be suspicious of addresses that have @ signs in them. Everything preceeding the @ in a URL can be ignored. So if I told you to visit http://secure.ebay.com|userauthentication-accountdetails.asp||292.2345999.0000@66.150.15.150/~jarrett/ it might look all official, but that's actually a link to my LiveJournal.

Be careful!

Trust no one.

Current Mood: paranoid
Current Music: Queen of the Stoneage - No One Knows

13 comments or Leave a comment
Comments
webdiva From: webdiva Date: March 10th, 2004 01:30 pm (UTC) (Link)
i always look in the status bar to see what address they are REALLY linking to :)
jarrett From: jarrett Date: March 10th, 2004 01:34 pm (UTC) (Link)
Just FYI, the status bar can be very easily spoofed as well.
webdiva From: webdiva Date: March 10th, 2004 01:36 pm (UTC) (Link)
yep true true... just one way to tell, i always double check any address first though before giving out any info :)
jarrett From: jarrett Date: March 10th, 2004 01:42 pm (UTC) (Link)
Like I said, though, even the address bar can be spoofed now. So be sure you type in the URL yourself if you're not 100% certain.
webdiva From: webdiva Date: March 10th, 2004 01:45 pm (UTC) (Link)
now see that was news to me... course in the email julie sent the senders were stupid enough to just leave the ip address... but i agree i mean if anyone like ebay, etrade or paypal sent me anything asking to change my account i would go directly to their site login and expect to see some sort of notice there.
jarrett From: jarrett Date: March 10th, 2004 01:52 pm (UTC) (Link)
My example didn't really apply to Julie's email. They were attempting to use the more sophisticated address bar spoofing.

Also, these phishing emails are usually posted on Snopes pretty quickly.
webdiva From: webdiva Date: March 10th, 2004 01:55 pm (UTC) (Link)
cool thanks for the info ;)
yellzer From: yellzer Date: March 10th, 2004 01:32 pm (UTC) (Link)
Super Jarrett...king of all things knowledgable...to the rescue!

Good job smartypants
From: just_joolie Date: March 10th, 2004 02:20 pm (UTC) (Link)
thank you for adding more paranoia into my life. just kidding.

thanks for the knowlege Jarrett.
jarrett From: jarrett Date: March 10th, 2004 02:24 pm (UTC) (Link)
You're welcome!

The Internet is evil. I should know. I work there.
macklinr From: macklinr Date: March 10th, 2004 03:17 pm (UTC) (Link)
I often tell people who start talking about the internet that it is a personal enemy of mine.
From: dark_wolfe Date: March 10th, 2004 03:24 pm (UTC) (Link)
I dunno--it's entertaining, at least :-)

I'm one of those guys that can't just say "don't push that button", but rather flood all the relevant support people with complaints about the fact the button is there. And, I usually (depending on whether or not I'm really that bored, or whether it's a serious issue or not), continue to call and email every few hours until I get at least SOME sort of response (even if it's "we're working on it").

After talking on the phone to a rep at SBC regarding the email Julie forwarded to me (the IP address was one of theirs, and the site was still "up and running"), I was a little annoyed and decided to email someone else. I just forwarded him the response I got :-)

"THIS IS NOT AN AUTOMATED RESPONSE Thank you for your submission to the FBI Internet
Tip Line. (yada yada yada) Our Cyber Division is aware of this Ebay scam, and is addressing the matter."

OK, sometimes I'm easily amused :-)
monsaandbaby From: monsaandbaby Date: March 11th, 2004 10:33 am (UTC) (Link)
thanks for the tip
13 comments or Leave a comment