Phishing: Watch the URL’s

Had this in my email this morning:

Bank of Ireland
Well, it looks official enough, and I don’t even see any major grammatical errors or the kind of Nigerian English that usually function as a dead giveaway for a scam.

So, if you click the embedded “Click here” link (SOMETHING YOU SHOULD NEVER DO), where does it take you?

To http://365.bankofireland.com-zeyqfqjj.taole.com.br/boi-ireland/index.php,

a phishing website that has already been deleted.

Anyone can create a domain name and have it registered. I could register this name right now:

microsoft-walmart-bankofamerica-ramalamadingdong-whackamole-boom.com

The fact that a corporate name appears in an URL is no guarantee whatsoever that you’re on that company’s website. Have a look at the real Bank of Ireland 365 URL:

https://www.365online.com/online365/spring/authentication?execution=e1s1

That “https” in red up there indicates that you are on a secure site, meaning that communication between the website and you is encrypted and can’t be intercepted/read by bad guys. You should always look for that “https” on any website where you will be entering sensitive information: banking, internet shopping, login pages, etc.

Have a look at some different URLs, some real and some fake:

paypal.com: Real
paypalsecure.com: Fake (The name contains PayPal, but is not valid)
paypal@accounts.com: Fake (Watch out for @-signs and dashes in a name)
paypal@150.44.134.189: Fake (The root domain is an unknown IP address)
http://www.paypal.com/signin/: Real (Even though the address is longer, “paypal.com” is the last thing before the first “/” in the address.

microsoft.com: Real
microsoft.verification.com: Fake (The root domain is “verification,” not Microsoft.)
purchase-microsoft.com: Fake (The hyphen instead of a period)
signin.microsoft.com@10.19.32.4/: Fake (The root domain is an unknown IP address)
micorsoft.com: Fake and dangerous (The name of the company is misspelled)¹
microsoft.com/en-us/default.aspx: Real (Even though the address is longer, “microsoft.com” is the last thing before the first “/” in the address.)

  • The company name (i.e. paypayl, microsoft, etc.) should be the last thing, or the last thing before the first “/” in the address.
  • Beware of hyphens or other symbols in names, or 4-part numbers like “192.168.0.0” which are IP addresses.
  • Be wary of country suffixes like “br,” “za,” “cr,” etc.
  • An address does not have to contain “www.” to be valid.

For those wondering, what’s an “URL” anyway?  It stands for “Uniform Resource Locator“, a pointer to a specific internet address.

12812.strip
Dilbert

Here’s a typical clueless manager trying to “add value” in an area he knows nothing about, and giving his savvy tech worker a month’s vacation at the same time.

Be careful out there.

The Old Wolf has spoken.


¹This particular misspelling is especially malicious. It redirects to a number of bogus or dangerous websites, ,including this one: http://104.143.5.145/perror2.php:

scam

If you land here, your computer issues a frightening-sounding beep and presents you with the above screen. You will be unable to dismiss the tab or even close your browser until you have clicked a hidden box that says “Prevent this page from creating additional dialogs.”

If you call the number, a female-sounding computer-generated voice informs you that if you are experiencing problems with viruses or a slow PC, to  please press “1”. I did so, and got no answer. The assumption is that if anyone answered, they would walk you through steps necessary to download malware to your own machine, or ask for credit card details for some bogus cleaning software.

Edit: Just as I thought. This morning I called the number and got a very polite foreign gentleman who walked me through the steps needed for him to control my computer and download Mogg knows what. A full post on the encounter will follow.

Advertisements

One response to “Phishing: Watch the URL’s

  1. Pingback: Don’t Help the Scammers | Playing in the World Game

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s