Phishing, also known as "brand spoofing", is an elaborate form of data theft, targeting possible clients of ISP companies, banks, online banking services, government agencies etc.

When submitting your email address on the Internet, filling in online forms, accessing newsgroups or websites, your data can be stolen by Internet crawling spiders and then used without your permission to commit fraud or other crimes.
 

The Phishing Concept

Phishers develop counterfeit webpages, which imitate the corporate image of well-known, trusted service providers. Then, using collected or random generated email addresses, they "throw the bait".
A message with a credible subject is sent by email or instant messenger, asking for confidential data, inviting you to access a website ( 'Click Here' link; URL link; Image link; Text link) or even to fill in a form in the email itself. It looks like a plausible request and it even comes with a dire consequence, to get your immediate reaction.

Examples of email subject:
"Update Your PayPal Account"
"Your eBay User Account has been suspended!"

The required information is usually:
$ Credit card number;
$ ATM PIN and TAN number;
$ Bank account information;
$ Social Security Number;
$ Passwords;
$ Email accounts;
$ Other personal information.

Once entered, the user's information is no longer confidential and it is immediately used by the fraudsters in their own interest. It is usually very difficult to get the money back, as the phishing sites are generally online for a few days or even just hours.
 

Phishing Techniques

The main method is using a trustworthy-looking email, which tries to lead you to a fake web page. Some phishing emails contain an application or order form directly in the message body. You should know that officials will never send you an email containing a form or asking for personal information.

On the fake website you might notice that the URL is not the correct one. Still, there are ways to fake the URL:

  • Social engineering:
    The URL is very similar to the real one and you might just notice this on the first view. For example the real URL http://www.volksbank.com can be faked with http://www.voIksbank.com . If you think they are the same – not true! The lower case ‘l’ letter is replaced with the upper case ‘i’ letter.
  • Browser vulnerabilities:
    The fake website may contain a script to exploit your browsers. In this case, the real URL is displayed, but the content of the web page is the one from the fake server. One example is to display a fake picture on top of the browsers real address bar. You can not ‘click’ in the bar’s input field to mark the URL. Other exploits allow a fake input field displayed on top, so it will be even possible to click into the field and mark the URL.
  • Pop up’s:
    The link in the email points to the real website, but another browser window is displayed in front. Practically you can browse the real website without risk, but don’t get tricked by the second window. Those pop up's usually do not have an address bar to help identify a fake website.
  • No address bar:
    Some fake sites do not display the address bar at all and unless you specifically look for it, you might not notice this.

There are other techniques, apart from playing with the address bar, which can be used in addition or stand-alone, to get access to confidential information.

  • Other browser vulnerabilities:
    Some other vulnerability in your browser can be used to download and execute any malicious software. Such malicious software may be a Trojan that records all keystrokes and monitors all Internet traffic, especially when you are going to enter and submit data in an online form.
  • Pharming:
    Also known as “domain spoofing”, it is used to redirect the users to a fake website. Although you type the correct URL in your browser, you are redirected to a fake website. The correct URL remains in your browser, without change. In order to accomplish the redirection process, the name resolution has to be modified. This can be done either by changing the TCP/IP protocol settings or by an entry in the hosts file.
  • Man in the middle:
    Probably the most sophisticated method, as nothing has to be changed on the local computer. The phisher is located in between and redirects your connection to a fake server.

Phishing Camouflage

The phishing website might use other tricks such as:

  • Forged tooltip,
  • Right-click inaccessible.

Phishers avoid being detected by antispam/ antiphishing programs using:

  • Random letters or famous quotes in the subject or in the body of the email;
  • Invisible text in HTML emails;
  • HTML or Java content instead of plain text;
  • Pictures only (no other text in the email body).

Consequences

As the phishers can use so many techniques and can even combine them, it is rather difficult to tell if an email request comes from officials or not.

What are the consequences of disclosing confidential information?
$ The phishers can run up charges on your account.
$ They can open new accounts, sign utility or loan contracts in your name.
$ They can use a false ID and commit crimes using your personal information.

Do not bite the bait!

  • Do not fill in email forms concerning confidential information. Any trustful service provider uses secure websites and digital certificates.
  • Do not click on links provided by email, especially if you were not expecting that email. Contact the sender to verify if it was his/her intention to send this email (use the contact number the company gave you, not the one in the email).
  • Do not reply. Delete the message and check with the real company (use the contact number the company gave you, not the one in the email).
  • Do not click to follow the link provided in such a message. Type the address in the browser yourself.

Safety Rules

Repairing the damage caused by phishing may be frustrating and time-consuming. Apart from the loss of productivity and use of network resources, data theft requires considerable efforts on your part: you will have to rescue your identity, property and rights and to clear your name.

It is much easier to follow some basic safety rules:

  • Update your operating system with the latest patches as soon as they appear.
  • Alternate Internet Explorer with other browsers.
  • Use antivirus and firewall solutions and keep them permanently up-to-date.
  • Always type the URL yourself instead of following a link.
  • Make sure you are using a secure website (HTTPS) and check the digital certificates.
  • Regularly check your accounts and statements and immediately report any abuse.
  • Report suspicious emails to security companies and authorities from your area.

You can send suspicious messages to Avira’s report addresses:
virus@avira.com

Virus Science