Font Size

- Aa +

Sun 6 Apr 2008 04:00 AM

Font Size

- Aa +

Hands off

This month Windows Middle East turns you into a phishing expert to help you safeguard your hard-earned green from online thieves.

This month Windows Middle East turns you into a phishing expert to help you safeguard your hard-earned green from online thieves.

According to research firm Gartner, approximately 3.6 million people lost money to cleverly crafted phishing e-mails and spoof sites in 2007, in contrast to 2.3 million in 2006.

In the USA, it's estimated that a whopping 3.2 billion dollars was stolen in phishing scams in 2007. Now that's a lot of money.

Hacking at home

So what's happening here at home? In July of last year, the RSA Anti-Fraud Command Center of the RSA, the security division of EMC, reported that customers of many Saudi Arabia and Dubai-based banks, along with financial services firms, were being targeted by phishers.

According to a Gulf News report, in July 2007 Dubai-based Anees Mohammed received an e-mail, supposedly from National Bank of Abu Dhabi (NBAD), the UAE's largest bank. However, Mohammed soon realised it was a phishing e-mail. The big clue?

He didn't even have an account with the bank! Apart from NBAD, Citibank and Commercial Bank of Kuwait are also current known phishing targets.

In June, officials from regional auction website Souq.com had posted a message on the site's public forum stating, "Some of our users are getting e-mail messages asking them to click on a link provided in the e-mail to activate their Souq accounts. The link takes you to what appears to be a Souq.com login page. This is a fake page and has nothing to do with Souq.com.

Lost in translation

Recently, the editor of Windows Middle East Arabic, Samer Batter received a phishing e-mail in Arabic. Phishing in non-English languages isn't new, but the intriguing part was its translation.

According to Batter, the e-mail didn't make any sense, and was most likely the product of an online translation service such as Word Lingo or Babelfish.

Lance Spitzner, founder of the Honeynet Project - a global security research institute - reckons attacks on Arabic-speaking users will only increase.

On his blog he states, "As the bad guys begin to exhaust the English speaking populations, I'm sure they will start targeting emerging regions such as the Middle East. I'm quite sure over time they will polish and improve their attacks on the Arab community, just as we have seen here in the West."

Don't get hooked

Now considering the huge number of websites you might visit everyday, both regional and international, it's crucial that you recognise a phishing scam when you
see one.

To help you hook those cunning phishers before they hook you, read on and take notes. What you learn here could save you a fortune!

Back to basics

For those of you that are new the world of phishing, the term refers to a method of data theft, usually involving spoof websites and e-mail messages, the aim of which is to make you believe you're giving personal or financial info to a trusted source.

When the reality is you're basically placing your details and data in the hands of a thief.

Once they gain access, they can potentially use your personal details to commit identity theft, charge your credit cards, empty your bank accounts, read your e-mail and much more.

In the last year however, hackers have formulated a new, creative way to steal personal and financial data, namely by using reputable sites.

5 ways to recognise a phishing e-mail

1. The ‘From:' address

Most phishing e-mails include a legitimate looking e-mail address to make it appear that the message is coming from your bank or an online service. However, these can very easily be forged. So, if you spot one or more of the remaining clues here then it's likely the 'From:' e-mail address is a spoof.
2. Subject title

The subject headline of a phishing e-mail almost always has a sense of urgency. The ‘Restore your Account Access' subject headline in the example above is a case in point. Common phishing headlines include ‘Very important announcement', ‘Account suspended', ‘Money received' and ‘Verify your account.' In addition to the urgency factor, be sure to look out for typos or spelling mistakes in the e-mail.

3. Who it is addressed to

Scam e-mails are usually sent out in bulk and don't include your first or last name. If you receive an e-mail that states ‘Dear Paypal customer' or ‘Greetings Souq customer', then the e-mail is a spoof.

4. The included web link

This is the most crucial clue to look out for. In our example above, the ‘Click here to restore your account access' leads you to believe you will be directed to www.paypal.com, however in reality you'll be redirected to http://www.gigantics.com/www.paypal.com/cgi-bin-us/cmd/webscr-cmd=_login/, which is a spoof website.

Now while some phishers use the text link tactic, others prefer to use ‘masked' web links. This means the link you see in the e-mail won't send you to that link but a phishing site instead. So clicking on say https://www.mebank.com would actually take to you http://192.165.18/mebank.html.

5. Urgency of message

Most phishing e-mails try to deceive you by warning you that your account will be in jeopardy if it's not updated immediately. An e-mail that urgently requests you to offer sensitive info is typically fraudulent.

In the above example, the phishers are trying to reel you in by claiming that your account has been compromised. Other spoof e-mails include statements such as, ‘If you don't respond within 24 hours, your account will be shutdown'. Don't fall for it.

3 ways to recognise a spoof website

1. The URL

If you visit a login page, online shopping site, banking or credit card website, make sure the URL in the address bar includes ‘https'. Mind you there is one extra ‘s' in bold, which signifies that the web server is completely secure.

For instance, http://login.paypal.com/config/login_verify2. As you can see from our example, the website does not include the ‘s' and is therefore unsecured and therefore a phishing website.

Moreover, if the web link you're visiting contains an IP address (e.g. http://192.135.5.6.souq.payment12.com), then it's a without a doubt fake website, as no legitimate company would ever direct you to an IP-named webpage.

2. Domain names

Whilst some phishers use different domain names altogether, others use misspelled domains to trick you into thinking they are legitimate. They either buy a domain name that resembles the actual domain or they will swap letters very cleverly, so that it isn't obvious.

Therefore, it's key that you keep a close eye on the spelling of domain names and not be tricked into clicking on www.mircosoft.com or www.bankofvvalescom.

Also look out for variations in domain names. For instance, sites such as http://support.microsoft-security.net are not legitimate. If it actually belongs to Microsoft it will read http://support.microsoft.com.
3. The lock icon

If you're at a secure website, you should see a closed padlock icon on the lower right corner of the browser window. The closed lock signifies that the website applies encryption to its personal and financial data.

If you click on it, it will open a window that gives you more details regarding the security certificate. Every company that asks you for sensitive information must have a digital certificate, preferably one from an established certificate authority such as Thawte, Digicert or VeriSign.

Note that many phishers place a fake closed padlock icon on the webpage itself to trick you into thinking the page has a valid certificate.

Take the test

Now that you know what to look for in a potential phishing e-mail or website, the next step is to test your skills. Point your browser to www.sonicwall.com/phishing and take the Phishing IQ test.

This rates how good you are at distinguishing real e-mails from ‘phishy' ones. Once you've completed the test, the site will provide a post-mortem of each e-mail and explains why that particular message was legitimate or not. Try it out and let us know your scores by e-mailing us at windows@itp.com.

Background burglars

As mentioned previously, aside from using e-mails and spoof sites to ‘phish' out sensitive information, some hackers are now phishing using reputable sites. How is this possible?

Con Mallon, Symantec's EMEA product marketing director explains, "Hackers are now using well-known and reputable sites to launch attacks. There's actually a Russian-developed toolkit that lets you hack into a website and place malware in the site's code.

Therefore, as the user loads a certain webpage, there's a tiny piece of hacker code that is read by your browser.

Once this occurs, your browser is forced to connect to a remote server and then begins downloading malware onto your PC in the background. This malware can be in the form of spyware or key-logging software, which is designed to steal your personal and financial details.

According to security firm Sophos, there are whopping 9500 new infected web pages every single day. Shocking, we know. So how exactly do you protect yourself? It's simple; make sure you install anti-virus software from a reputable firm such as McAfee, Symantec or NOD32, and update its security definitions regularly.

Surf smartTop five phishing tips every netizen should know...

1. Always verify you're at the right website before entering information

2. Visit websites by typing the URL directly into the address bar

3. Regularly visit Antiphishing.org for news and updates on phishing scams and new techniques.

4. If you feel you've been a victim of a phishing scam, you should immediately report the scam to the company that's being spoofed. If you're unsure how to contact the company, visit its website to get the correct contact info.

5. Regularly check your bank and credit card statements to check that all transactions are legitimate. If you notice anything suspicious, contact your bank immediately.

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.