|
|
Are You Overlooking Your Best Referral Source
Head2Head You have permission to publish this article electronically or in print, free of charge, as long as the bylines are included. A courtesy copy of your publication would be appreciated. The news headlines in this...
Be a Storyteller, Not Just a Speaker
Stories develop themes. The themes chosen to illustrate the possibility of stories are: Relationships, Choice, Creativity, Making a Difference, Celebration. Speakers are ordinarily people, from teachers to grandparents, from mountain...
Collaboration: 3 Keys to Keeping Your Documents from Getting Lost in the Shuffle
Collaboration: 3 Keys to Keeping Your Documents from Getting Lost in the Shuffle Often, collaborating documents in a team or in a business can feel like a complex sports play gone wrong. The ball gets passed off to the wrong person, dropped, or...
It´s not your lack of goals that causes a lack of success, It´s the relation between your values and your operations
Subtitle: Your Values determine your Motivation and Focus, and your Focus determines your progression, results, and success. by Kenth Bender © 2003 Kenth Bender It is seldom the lack of goals that causes failure, it is more often the lack of...
Startup Advice: Advice from Experts to Start your own Business
Most entrepreneurs get paranoid over the idea of starting a business. With so many federal, state, and, local laws governing any business, it becomes crucial to make an informed decision about the venture. Here are a few steps worth considering...
|
|
|
|
|
|
|
|
How Safe is Your Success? Part 5 of 8
"How Safe is Your Success" is a series of eight articles that address different aspects of a universal problem which is of particular importance to those who do business on-line. Most Internet users are at least aware there are dangers "out there", but few appreciate the real extent of those dangers, the possible (even likely) consequences, or the best, most practical and least expensive means of countering them. This series is intended to at least provide some useful awareness of the situation.
-------------------------
Part 5 - Phishy Tales
The word "phishing" has become something of a buzz word, yet many casual Internet users still do not know what phishing really is or how to identify it. In this part of our series I'm going to use a simple but actual email to demonstrate the most common form of phishing. But first, a bit of background.
Computer and technology dictionary Webopedia.com defines phishing as "The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft." On the origin of the word, Webopedia says "Phishing, also referred to as brand spoofing or carding, is a variation on 'fishing', the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting".
OK, but how do you distinguish between a phishing eMail and a real message from, say, your bank or credit card provider? A phishing message may look very legitimate, with all the right logos and so on. Even most of the links may be the real thing. Although there are often tell-tales such as poor spelling or bad grammar, many examples of this scam do appear to be perfect in every respect. The only way to see what is really going on is to look "under the covers".
What the scammer is trying to do is get you to click on a link that will take you to a website which is different to the one you think it is going to take you to. At this dummy page the scammer will try to get you to enter sensitive information such as credit card or on-line banking details.
With plain text emails, what you see is what you get. If a link says "www.CitiBank.com" then that is exactly where it will take you. But all is not so transparent with the links in a HTML email. With HTML the only way to tell where a link will really take you is to look at the HTML code that underlies the message. And "No", you cannot tell by hovering your mouse cursor over the link and looking at the status bar. The status bar message can be faked very easily.
All eMail client programs of which I am aware provide some means for you to look at the HTML code. In Outlook, for instance, you can right-click on the body of the message and select "View Source" from the pop-up menu. I've selected the scam eMail I'm going to use because it is a very simple example without too much HTML code to complicate the picture. The original eMail as it appeared in Microsoft Outlook can be seen here: http://HackersNightmare.com/FreeContent/Other/phishing1.jpg
In a moment I'll show you the HTML code associated with that eMail. Don't worry if you don't understand HTML code at all – I'll explain the few important parts. But first, just a bit of general information to help you make sense of what you see.
In HTML code, anything that is between is called a "tag". A tag is the actual code that tells the web browser how to display the message text. In this simple example there are only a few tags in use, and only one of them is very important to us. The tags in use in the example email are:
. See Lines 1 and 2.
<.BR> A line break. Several together is a series of line breaks. E.g. line 3. NOTE: The dot before BR is not part of a real HTML Tag. It is inserted so some editors will not interpret the text as a real Tag.
and The text that appears between them will be in bold type. See line 4.
address that follows the "href =" term is where you will be taken if you click this link. After the target web address, the tag must be "closed" with a right-angle bracket >. This tag must also be terminated with a tag. See lines 16-18. Anything that appears between the and the is simply a comment, regardless of the fact that it may look like a web address. This information is critical to the following analysis.
Here's the actual HTML code that makes up the eMail message. I have added the line numbers for ease of reference – they are not part of HTML.
1. 2. "http://www.suntrust.com/images/Common/release3/logo_home.gif">
3. <.BR><.BR>
4. Dear SunTrust Client,<.BR><.BR>
5.
6. We recently reviewed your account, and suspect that your
7. Suntrust account may have been accessed by an unauthorized
8. third party.Protecting the security of your account and of the
9. SunTrust network is our primary concern.<.BR>
10.
11. Therefore, as a preventative measure, we have temporarily
12. limited access to sensitive Suntrust account features.<.BR>
13.
14. Click the link below in order to regain access to your account:<.BR><.BR>
15.
16.
17. https://internetbanking.suntrust.com
18.
19. <.BR><.BR>
20. We received a massive identity thefts targeting SunTrust so
21. we suggest you to Confirm Your Banking Account within 24
22. hours.<.BR>
23.
24. DO NOT FORGET TO COMPLETE BOTH FORMS, to
25. avoid Credit Card Fraud.<.BR>
26.
27. We apologize for any inconvenience this may cause, and
28. apriciate your assistance in helping us maintain the integrity of
29. the entire SunTrust system.<.BR><.BR>
30. Sincerely,<.BR><.BR>
31. The SunTrust Security Department Team.<.BR>
Incidentally, note the misspelling of "appreciate" on line 28. There are other errors also, such as a missing space in "party.Protecting" on line 8, and lines 20-21 are poor English. Real financial institutions rarely make such obvious errors.
Now, it is lines 16 to 18 that are critical to our investigation of this scam. Line 17 is apparently a link that suggests we will be taken to "internetbanking.suntrust.com". There is no reason to be suspicious of the address itself because it is after all on the SunTrust website. But…
Line 17 is not inside a tag, as denoted by an opening < and a closing >. The tag that indicates the real target of the link is on the previous line, line 16. The text "https://internetbanking.suntrust.com" on line 17 is just that – nothing but text. It could just as easily read "Find Nemo here" and it would have the same effect. The real target of the link is, as line 16 indicates, "http://www.toyworld.org/SunTrust" because it is in the " The moral of this story: Do not trust APPARENT links in HTML email. Either check the underlying code as described above, or cut and paste the apparent link directly into your browsers address line. If you click on it, you could end up at a scammers webpage that looks legitimate, but will be anything but.
In short "Click here" could take you to anywhere – you probably appreciate that. But "www.CitiBank.com" could also take you to anywhere. Like "Click here", it is just text, despite the fact it looks like a web address.
If this newsletter has been passed on to you by a friend, please subscribe yourself so you can be sure of receiving the next part in this series, when we'll take a look at disaster recovery – specifically, recovering data that has been lost from your hard drive.
About the Author
Bill Hely is an Australian technologist, consultant and author whose professional focus has been on advising and supporting small business operators in IT and Office Productivity - and rescuing them when they didn't heed his advice the first time around. He is the author of several books on technology for the business person, including the Bible of Internet and PC security "The Hacker's Nightmare" - http://HackersNightmare.com
|
|
|
|
|
Finance - Leases-Leasing Ezine Articles |
EzineArticles.com allows ezine or email list publishers to upload or download free expert content that can be used within email newsletters or websites. |
ezinearticles.com |
  |
Finance: Leases Leasing Articles from EzineArticles.com |
http://ezinearticles.com/?cat=Finance:Leases-Leasing Free Content For Your Ezine or Website http://creativecommons.org/licenses/by-nc-nd/2.0/ Why use your ... |
ezinearticles.com |
  |
Leases Leasing - Money & Finance Articles |
Leases Leasing - Money & Finance Articles. Money & Finance | Accounting & Payroll | Bankruptcy | Business & Loans | Credit Tips | Currency-Trading ... |
www.article99.com |
  |
Finance » Leases Leasing » Absolute Article Directory |
Absolute Article Directory: Finance, Leases Leasing. |
www.absolutearticle.com |
  |
- Leases-Leasing |
By David Springer | On January 29, 2006 | In Leases-Leasing | Rated. Short on cash, but need equipment? Consider leasing what you need. ... |
www.articlebar.com |
  |
Leases Leasing |
You are here: Article Directory arrow Article Directory arrow Finance arrow Leases Leasing ... Leases Leasing. Articles ... |
www.rumorist.com |
  |
Long Term Car Rental Italy Auto Rentals Leases Leasing Rome Milan ... |
Long Term Car Rental Italy Auto Rentals Leases Leasing Rome Milan Florence One Way Paris London Frankfurt Madrid Lisbon. |
www.ideamerge.com |
  |
europe car rental leases leasing one way rentals long term renault ... |
pictured is the Renault Laguna Estate, With Renault tax-free, short-term auto leasing you get the exact, brand-new vehicle you reserve, plus unlimited miles ... |
www.ideamerge.com |
  |
Private Fleet - Finance, Insurance, novated leases, leasing, CHP ... |
New Car Broker Australia. Private Fleet sales discounts on your new car purchase, no haggle, no hassle saving $1000s off all new and used cars for private ... |
www.privatefleet.com.au |
  |
Projector Leases, Leasing Companies for LCD, DLP, LCOS projectors |
Projector leasing programs and services. Choose a company. |
www.projectorcentral.com |
  |
Category: leases-leasing |
Category... leases-leasing. Results 1 - 3 of 3. Search took 0.01 seconds. Page 1 of 1. Buy or Lease: Which Automobile Transaction is Better? ... |
www.articler.com |
  |
John Dellagnese & Associates: offices, officespace, lease, leases ... |
It takes two companies to bring you the premier Corporate Property Development group in Northeast Ohio: the talents of John Dellagnese and Associates ... |
www.dellagnese.com |
  |
John Dellagnese & Associates: offices, officespace, lease, leases ... |
Welcome to our Tenant Login Page. * Forgot your password or haven't received one yet? Email us tinah@dellagnese.com or call 330-668-4000 and we will reply ... |
www.dellagnese.com |
  |
The-Arts-Magazine.com - Leases-Leasing |
Home arrow Article Links arrow Finance arrow Leases-Leasing. Main Menu ... Mosets Tree. Leases-Leasing. Listings. There are 0 listings in this category. |
www.the-arts-magazine.com |
  |
OmegaMotors.com - Your Money - Leases - Leasing Overview |
Blue Book retail & trade-in value reports on used vehicles. Kelley features prices on used cars, trucks, street and dirt bikes, ATVs, scooters, ... |
www.omegamotors.com |
  |
Entertainment Guide - Leases-Leasing |
Sunday, 03 December 2006, Home arrow Article Resources arrow Finance arrow Leases-Leasing ... Mosets Tree. Leases-Leasing ... |
www.entertainment-resource-directory.com |
  |
- Leases-Leasing |
Mosets Tree. Leases-Leasing. Listings. There are 0 listings in this category. spacer.png, 0 kB. spacer.png, 0 kB. download joomla modules download joomla ... |
www.healthcare-resource-guide.com |
  |
FINANCEDEPARTMENT.COM- Finance, Mortgages, Leases, Leasing ... |
Finance, Mortgages, Leases, Leasing, Brokerage Houses, Mortgage Lending. |
www.financedepartment.com |
  |
vehicle leases leasing guide and facts |
vehicle leases leasing guide and facts. Under the federal Consumer Leasing Act, you, the consumer, have a right to information about the costs and terms of ... |
www.shopperfavorites.com |
  |
- Leases-Leasing |
spacer.png, 0 kB. spacer.png, 0 kB. Home arrow Article Resources arrow Finance arrow Leases-Leasing. Mosets Tree. Leases-Leasing ... |
www.cars-directory-guide.com |
  |
|