Search
Related Links

 

 

Informative Articles

A Fresh Start for Family Finances in 2005
While 40% to 50% of us make New Year’s resolutions on January 1—a ritual that has existed since ancient times—approximately 60% to 80% of us have already broken them by the end of February, according to researchers. It’s still not too late,...

Asset Searching for Recovery Actions - The Decision Maker’s Most Critical Tool – Part 1
As certified fraud examiners (CFE), we all know the nuts and bolts of our respective areas of specialty, and hopefully, we are all growing professionally at an astounding pace. Crime does, unfortunately, pay – just not for the criminal. After...

Business Continuity Testing starts with the risks
All business continuity analysis should be risk based, and risk prioritised to deal with the important business risks first. This means that any risks to your business need to be identified, examined and dealt with. There are 4 options for...

How to Check the Status of Your Tax Refund Online
So, you were pleasantly surprised to learn that you are getting a refund on your taxes. Congratulations! The IRS expects to issue approximately $54 billion dollars in refunds for the 2003 tax year. The question for most taxpayers expecting a...

Secure offsite backup services and software, online file backup and storage, remote online backup
Although you may not list it in on your IRS form, information is your business' primary asset. From your customer database to your financial records to your proprietary product information, information is the key element to maintaining both...

 
How Safe is Your Success? Part 5 of 8

"How Safe is Your Success" is a series of eight articles that address different aspects of a universal problem which is of particular importance to those who do business on-line. Most Internet users are at least aware there are dangers "out there", but few appreciate the real extent of those dangers, the possible (even likely) consequences, or the best, most practical and least expensive means of countering them. This series is intended to at least provide some useful awareness of the situation.

-------------------------

Part 5 - Phishy Tales

The word "phishing" has become something of a buzz word, yet many casual Internet users still do not know what phishing really is or how to identify it. In this part of our series I'm going to use a simple but actual email to demonstrate the most common form of phishing. But first, a bit of background.

Computer and technology dictionary Webopedia.com defines phishing as "The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft." On the origin of the word, Webopedia says "Phishing, also referred to as brand spoofing or carding, is a variation on 'fishing', the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting".

OK, but how do you distinguish between a phishing eMail and a real message from, say, your bank or credit card provider? A phishing message may look very legitimate, with all the right logos and so on. Even most of the links may be the real thing. Although there are often tell-tales such as poor spelling or bad grammar, many examples of this scam do appear to be perfect in every respect. The only way to see what is really going on is to look "under the covers".

What the scammer is trying to do is get you to click on a link that will take you to a website which is different to the one you think it is going to take you to. At this dummy page the scammer will try to get you to enter sensitive information such as credit card or on-line banking details.

With plain text emails, what you see is what you get. If a link says "www.CitiBank.com" then that is exactly where it will take you. But all is not so transparent with the links in a HTML email. With HTML the only way to tell where a link will really take you is to look at the HTML code that underlies the message. And "No", you cannot tell by hovering your mouse cursor over the link and looking at the status bar. The status bar message can be faked very easily.

All eMail client programs of which I am aware provide some means for you to look at the HTML code. In Outlook, for instance, you can right-click on the body of the message and select "View Source" from the pop-up menu. I've selected the scam eMail I'm going to use because it is a very simple example without too much HTML code to complicate the picture. The original eMail as it appeared in Microsoft Outlook can be seen here:
http://HackersNightmare.com/FreeContent/Other/phishing1.jpg

In a moment I'll show you the HTML code associated with that eMail. Don't worry if you don't understand HTML code at all – I'll explain the few important parts. But first, just a bit of general information to help you make sense of what you see.

In HTML code, anything that is between is called a "tag". A tag is the actual code that tells the web browser how to display the message text. In this simple example there are only a few tags in use, and only one of them is very important to us. The tags in use in the example email are:

. See Lines 1 and 2.

<.BR> A line break. Several together is a series of line breaks. E.g. line 3. NOTE: The dot before BR is not part of a real HTML Tag. It is inserted so some editors will not interpret the text as a real Tag.

and The text that appears between them will be in bold type. See line 4.


address that follows the "href =" term is where you will be taken if you click this link. After the target web address, the tag must be "closed" with a right-angle bracket >. This tag must also be terminated with a
tag. See lines 16-18. Anything that appears between the and the is simply a comment, regardless of the fact that it may look like a web address. This information is critical to the following analysis.

Here's the actual HTML code that makes up the eMail message. I have added the line numbers for ease of reference – they are not part of HTML.

1.
2. "http://www.suntrust.com/images/Common/release3/logo_home.gif">

3. <.BR><.BR>

4. Dear SunTrust Client,<.BR><.BR>

5.

6. We recently reviewed your account, and suspect that your

7. Suntrust account may have been accessed by an unauthorized

8. third party.Protecting the security of your account and of the

9. SunTrust network is our primary concern.<.BR>

10.

11. Therefore, as a preventative measure, we have temporarily

12. limited access to sensitive Suntrust account features.<.BR>

13.

14. Click the link below in order to regain access to your account:<.BR><.BR>

15.

16.

17. https://internetbanking.suntrust.com

18.


19. <.BR><.BR>

20. We received a massive identity thefts targeting SunTrust so

21. we suggest you to Confirm Your Banking Account within 24

22. hours.<.BR>

23.

24. DO NOT FORGET TO COMPLETE BOTH FORMS, to

25. avoid Credit Card Fraud.<.BR>

26.

27. We apologize for any inconvenience this may cause, and

28. apriciate your assistance in helping us maintain the integrity of

29. the entire SunTrust system.<.BR><.BR>

30. Sincerely,<.BR><.BR>

31. The SunTrust Security Department Team.<.BR>

Incidentally, note the misspelling of "appreciate" on line 28. There are other errors also, such as a missing space in "party.Protecting" on line 8, and lines 20-21 are poor English. Real financial institutions rarely make such obvious errors.

Now, it is lines 16 to 18 that are critical to our investigation of this scam. Line 17 is apparently a link that suggests we will be taken to "internetbanking.suntrust.com". There is no reason to be suspicious of the address itself because it is after all on the SunTrust website. But…

Line 17 is not inside a tag, as denoted by an opening < and a closing >. The tag that indicates the real target of the link is on the previous line, line 16. The text "https://internetbanking.suntrust.com" on line 17 is just that – nothing but text. It could just as easily read "Find Nemo here" and it would have the same effect. The real target of the link is, as line 16 indicates, "http://www.toyworld.org/SunTrust" because it is in the "
The moral of this story: Do not trust APPARENT links in HTML email. Either check the underlying code as described above, or cut and paste the apparent link directly into your browsers address line. If you click on it, you could end up at a scammers webpage that looks legitimate, but will be anything but.

In short "Click here" could take you to anywhere – you probably appreciate that. But "www.CitiBank.com" could also take you to anywhere. Like "Click here", it is just text, despite the fact it looks like a web address.

If this newsletter has been passed on to you by a friend, please subscribe yourself so you can be sure of receiving the next part in this series, when we'll take a look at disaster recovery – specifically, recovering data that has been lost from your hard drive.

About the Author

Bill Hely is an Australian technologist, consultant and author whose professional focus has been on advising and supporting small business operators in IT and Office Productivity - and rescuing them when they didn't heed his advice the first time around. He is the author of several books on technology for the business person, including the Bible of Internet and PC security "The Hacker's Nightmare" - http://HackersNightmare.com

 

Data Recovery Software and Undelete from R-TT
Disk management software including utilities for data recovery, drive imaging, disk wiping and access control.
www.r-tt.com
 
Data Recovery | Email Data Recovery by Ontrack
Data recovery services, data recovery software, file repair software, and diagnostic software from Ontrack. Software for email recovery, file recovery and ...
www.ontrack.com
 
Data Recovery by DriveSavers | Hard Drive Data Recovery
Worldwide data recovery service for all operating systems and storage media. Authorized by all drive manufacturers.
www.drivesavers.com
 
Hard Drive Data Recovery Software Tools, Disk Recovery Utilities ...
Offers data recovery software,data recovery services for hard drive recovery and data safety software services for your computer. Buy award winning data ...
www.stellarinfo.com
 
Data Recovery by FADV – Hard Drive, RAID, Tape, Database and more ...
Offers data recovery services for all hard drive models. RAID, MS SQL, Exchange, Tapes, Camera and USB media, CD and DVD. Service available 24/7.
www.datarecovery.net
 
Data Recovery Software - File System Utilities
Data recovery software for all Windows file systems. Recover deleted files, corrupted hard drives, and partitions.
www.runtime.org
 
Professional Data Recovery Software from Bitmart. File Recovery ...
Data Recovery Software Restorer2000. Undelete & File Recovery utility for FAT and NTFS file systems. Data Recovery from damaged disks and partitions.
www.bitmart.net
 
Data Recovery Services - ActionFront - Critical Server Data Recovery
ISO certified data recovery services with labs in Atlanta, Santa Clara, Dallas, Chicago, Toronto (also Buffalo and Tokyo Japan)
www.actionfront.com
 
Hard Drive Data Recovery Software: Recover Deleted Files- Recover ...
Data recovery software for recovering files that have been deleted or lost due to the hard drive format, virus infection, unexpected system shutdown or ...
www.recovermyfiles.com
 
Data Recovery Group - Hard Drive Data Recovery Services
Data Recovery is Our Only Business! Data Recovery Group's a complete data recovery service that specializes in recovering data from hard disk drives.
www.datarecoverygroup.com
 
Data Recovery by CBL: Hard Drive Recovery Services
Worldwide Data Recovery Services at CBL. Specializing in data recovery, hard drive recovery, hard disk drive recovery and RAID data recovery.
www.cbltech.com
 
Data Recovery Software, File Repair Utilities, Hard Disk Recovery ...
Hard drive data recovery software to perform data recovery & recover deleted files from Novell, Linux, Unix, Mac, Windows & data recovery services for hard ...
www.nucleustechnologies.com
 
AT&DR: Data Recovery and Liabillity
Associated Technologies offers complete data recovery solutions with services for any type of data storage device, including the following: hard drives, ...
www.datarecovery.com
 
Ontrack UK - Data recovery services & recovery software - hard ...
Ontrack offers data recovery services & software for: hard drive recovery, file recovery, server recovery, email recovery, tape recovery, RAID recovery.
www.ontrack.co.uk
 
Beginners Guides: Hard Drive Data Recovery - PCSTATS.com
Beginners Guides: Hard Drive Data Recovery - PCSTATS.com.
www.pcstats.com
 
File Recovery and Data Recovery Software. Hard Drive recovery utility
Data recovery software for FAT, NTFS, Ext2FS file systems. File recovery after FDISK, MBR destruction, FAT damaged, virus infection. Dynamic disk support.
www.data-recovery-software.net
 
Data recovery - Wikipedia, the free encyclopedia
Data recovery is the process of salvaging data from damaged, failed, ... Although there is some confusion as to the term, data recovery can also be the ...
en.wikipedia.org
 
Active@ UNDELETE Data Recovery. Recover Deleted Files. Windows XP ...
Active@ UNDELETE - Data Recovery Software for all Windows File Systems. Recover deleted files from lost, damaged, formatted or reformatted partitions.
www.active-undelete.com
 
New Zealand Data Recovery & Computer Forensics Experts
New Zealand data recovery specialists & computer forensics investigation experts. Recovering lost data for businesses or legal evidence is all we do.
www.datarecovery.co.nz
 
Canada Data Recovery Services: Hard Disk Drive Recovery, Raid Data ...
Provides data recovery solutions for companies experiencing data loss from failed hard drives, raid arrays, and server systems.
www.datarecovery.ca
 
 

 

Content Menu
  • 10 easy steps to speed up your computer without upgrading

  • 10 proven tips to survive a computer crash

  • 7 critical steps to protect your data

  • add value by documenting your business

  • an introduction to tape backup

  • an outsourcers passage to india how to do it part i

  • are you prepared for a hard drive crash

  • asset searching for recovery actions the decision makers critical tool part 2

  • asset searching for recovery actions the decision makers most critical tool part 1

  • a beginner guide to web hosting

  • a customer complaint management system

  • a fresh start for family finances in 2005

  • background of password cracking

  • backing up your stuff part 2 a solution

  • before you take the plunge essential information on data recovery

  • booting problem in pc

  • business continuity and disaster recovery a business not a technology issue

  • business continuity and disaster recovery business impact analysis

  • business continuity and disaster recovery reducing your risk profile

  • business continuity and disaster recovery risk analysis and control

  • business continuity and disaster recovery selecting a business continuity strategy

  • business continuity and disaster recovery the business continuity and disaster recovery plan

  • business continuity testing starts with the risks

  • business needs vs network performance critical challenges facing network managers

  • can raid systems fail

  • career paths for a comptia a certified technician

  • career paths for comptia a certified technician

  • choosing a data recovery company

  • choosing data recovery company

  • common problems why hard disks crash

  • comparing data recovery software

  • compensating for disruptions in the oil and gas industry

  • computer data recovery options

  • computer disposal throwing away your computer money and idenity

  • computer viruses the basics

  • coping with a serious data loss from your computer hard drive

  • corporate information security is our information more secure since september 11th

  • datarecoverynet com enters medical industry

  • data backups are the biggest security threats

  • data backups are the biggest security threats surprised

  • data backups one key to business survival

  • data recovery

  • data recovery 1 on 1

  • data recovery and data loss a costly proposition

  • data recovery and data safety tips

  • data recovery beginners tips

  • data recovery for less

  • data recovery from laptops

  • data recovery made easy

  • data recovery software at your rescue

  • data recovery software comparison

  • data recovery the best method is prevention

  • data recovery the easy way

  • data recovery what not to do

  • data recovery what you need

  • data recovery you can get it back

  • data security are your assets secure

  • dealing with your pending pc disaster a guide for small business

  • did you ever want to completely erase everything on your computer

  • dirty little computer viruses and how to protect yourself

  • disaster planning ­v how important is it to you

  • disaster preparedness in a post 9 11 world

  • disaster recovery more than meets the eye

  • disc and data recovery

  • document management features for 2003

  • does it worth to backup emails from clients like outlook express

  • do it yourself data recovery freezer method

  • do i really need to backup

  • drive solutions inc expands data recovery service

  • easy file recovery basic backup guidelines

  • easy guide to raid recovery

  • eliminating the risk of delivering network ready applications

  • email recovery good software can fix your lost mail trouble

  • esecurity

  • exchange disaster recovery with sanrad v switch planning guide

  • e commerce a no nonsense perspective for new business

  • flash usb drive backup easily conveniently and securely

  • focusstor launches a new data backup recovery software

  • getting more bang for the storage buck

  • get down with ocp evaluating dba job applicants in an ocp world

  • got virus

  • got virus your data is not lost forever

  • great plains accounting support overview for it specialist

  • great plains dos support notes for consultant

  • great site ranking in google the secrets out

  • hackers given access to irs computers

  • hard disk data recovery expert choosing yours

  • hard dive failure what is a head crash

  • hard drive crash avoid making a bad situation worse

  • hard drive crash the essential data recovery report

  • health and medical advice on the internet use it wisely to overcome illness and find more happiness in your life

  • highlights of irs list of 2005 tax scam

  • highlights of irs list of 2005 tax scams

  • how multiple server hosting impacts your websites uptime

  • how multiple server hosting impacts your website s uptime

  • how multiple server hosting impacts your web sites uptime

  • how safe is your success part 5 of 8

  • how safe is your success part 6 of 8

  • how secure are online data backups

  • how to avoid everyday sales mistakes

  • how to backup a pc

  • how to backup windows xp home edition

  • how to backup your computer files

  • how to backup your hard drive

  • how to check the status of your tax refund online

  • how to fight cyberterrorism

  • how to prevent computer security risk and how to keep your small business safe

  • how why gps offers affordable fleet tracking

  • how you can avoid my data recovery nightmare

  • hr managers use computer forensics to investigate employee allegations

  • hurricanes wilma katrina and rita force businesses to rethink computer

  • identity theft and credit reports

  • identity theft recovery the road back

  • identity theft safeguarding cant hurt

  • identity theft the road back

  • improving sql performance

  • index

  • information security for smes

  • insure your information backup software

  • internet network security policies need a radical rethink

  • intranet

  • iscsi vs fc for meeting mission critical requirements

  • its all in the planning disaster recovery

  • it department skills to support microsoft great plains and microsoft crm

  • it in house support microsoft great plains and crm

  • keep a diary of your computer

  • learn how to safely backup your hard drive

  • lightning season how to avoid data loss

  • linux or windows which is it

  • loans for bad debtors discarding debt disorganization to recover financial growth

  • local vs remote data backup the pros and cons

  • mcse 70 290 certification primer

  • microsoft great plains customization recovery upgrade for large corporation

  • microsoft great plains customization upgrade recovery visual studio vb 6 0

  • microsoft r exchange server utilities eseutil isinteg

  • microsoft sql 2000 disaster recovery with sanrad v switch planning guide

  • mr

  • need a copy of your tax return information

  • new generation of financial information systems makes crunching numbers faster and easier

  • new iomega tera series desktop hard drive with 1tb capacity

  • nucleus kernel for fat and ntfs

  • nucleus kernel for fat data recovery software

  • nucleus kernel for fat ntfs data recovery software

  • nucleus kernel for ntfs data recovery softwares

  • online investing and trading discussions at www streetplayer com

  • openly sharing your rfp objectives and information with vendors

  • options for computer data recovery

  • outsourcing it asset retirement

  • outsourcing multiplying it services

  • paragon drive copy 8 0

  • planning for 2002 business recovery use public relations firepower

  • protecting your identity on the internet

  • protect yourself before your hard drive crashes

  • quick system restore with asr backups

  • raid disk recovery

  • ready for a business recovery

  • recognizing a pc with malware

  • recover deleted data easily

  • reduce tco the java database way

  • reinstall windows xp on your computer

  • rotator

  • scalability testing 7 steps towards success

  • scalability testing 7 tips for improvement

  • secure offsite backup services and software online file backup and storage remote online backup

  • secure your data windows data backup computer software

  • small business computer security the basics

  • small business network security 101

  • software that takes care of other software

  • sql administrator skills required to support microsoft great plains

  • syi save your identity

  • teosoft cleanspace 9 software

  • the best data recovery choice for you

  • the day my laptop was stolen almost killed my business

  • the devastation of data loss and what you can do about it

  • the essential data recovery report

  • the google patent reveals the secret to great site ranking

  • the importance of engaging a qualified data recovery expert

  • the importance of proper security for your pc

  • the mystery of the unknown

  • the seven deadly habits of a dba and how to cure them

  • the seven golden rules of data backups

  • the worst case scenario how to protect your data

  • think you have a dead hard drive

  • top 10 ways to protect yourself from computer viruses

  • top 10 ways to protect yourself from online identity theft

  • top 5 backup tools you can pick up for pennies

  • top 7 reasons you should back up your data online

  • top computer problems leading to data recovery

  • trouble shooting hard drive problems part 2

  • using sanrad v switch as the vss hardware provider for windows backups

  • using system restore to save yourself from formatting your hard drive

  • webfarms ii balancing the load

  • welcome to the world of knoppix

  • what could macedonia learn from a tiger the asian tigers and the phenomenon of uninterrupted economic growth

  • what is data recovery

  • what is data recovery a brief introduction

  • why usability is important to you

  • will you recover

  • working from home for yourself or someone else

  • your hard disk failed dont panic

  • your hard disk failed don t panic

  • your hard drive is going to explode why a ups is essential

  • your privacy exposed computer forensics international uncovers secrets about recycled hard drives

  • you can recover deleted data

  • you lost your data dont panic

  • you need to backup