Sunday, July 01, 2007

Don't Do Me This Way

I'm online yesterday, doing what I normally do, then I notice that I have an e-mail from a trusted site that I originally investigated. Throughout my investigation, I found out that this was a hacker trying to obtain my information through a technique known as phishing. Phishing is defined as:

In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.


To help others who may get e-mails of this nature, I am going to explain how I was able to tell that this was indeed NOT from a trusted source and point out what you all need to look out for, should you receive these e-mails.


  1. The E-Mail


    My Google Talk notification popped up, saying I had an e-mail from Paypal. Since I have an account at Paypal, I figured it was work taking a look at. Looking at the e-mail, it said that it needed me to update my information or risk account suspension. They provide a link for me to go to, where I can update my account information. Notice the exclamation point in the e-mail title and the notice about impending account suspension. These are here to create a sense of urgency for you to do it NOW. However, from here, I could tell that it is from a hacker. Here's how:


    • The exclamation in the title. I've had a Paypal account for years and NEVER have they wanted me to know something SO BAD that they put an exclamation point in a title.
    • The return e-mail address. If this e-mail is supposedly coming from Paypal, then why is it being sent from a Google e-mail address?! Hmmmm....
    • The grammar. Misspellings in an e-mail are so unprofessional. Yet and still, "Paypal" has no problem sending out messages that say "attertion" (attention. notice 'r' is nowhere near 'n' on the keyboard, factoring out a simple slip in typing.). In addition to that, commas are missing where they are needed. In addition to jail time, these hackers need to attend some grammar classes.
    • The link. Since when does an authentic Paypal link start with "http://pc1.navip-unet.ocn.ne.jp"? JP is usually a Japanese extension, as "UK" is for Britain, "DE" is for Germany, etc. A GENUINE Paypal link would start with "https://www.paypal.com". Guess they were so excited to get me to update my information that they just happened to leave that part out. Oh joy!


  2. The Login


    This is where the link in the e-mail takes me. This is where I am supposed to log in to change my information. You will notice that the entire site seems to be completely legit. I scrolled over a few links on the page, and they all seemed to go to the real Paypal site. What actually happened is that the hackers stole the source code from the page (source code is kinda like the blueprint of a house, that says where everything goes and the sense of the general layout of a website). Most browsers have an integrated method to view the source code of a website in a simple text file (In Internet Explorer, you click View->Source, for example...). Most people fall for it, because it just looks so legit that they blindly comply. They are still so emotionally charged over the hasty, misspelled e-mail they got that they aren't even worrying about the possibility that it may be a scam. Again, the glaring differences between this login and the real Paypal login give them away:


    • The real Paypal site (linked above) is undergoing a change in layout. If you go to the real site, you will see a tab at the top in the middle that says "Preview the new Paypal homepage". However, that option mysteriously has vanished from the link I went to. Maybe they did it so I wouldn't have to feel guilty about having old, dated information in Paypal's database. Awwww, aren't they considerate.
    • The real Paypal site has a Security Center link at the top-right, next to Help. Of course, the fakes don't want you looking at any option for Security, so it's not gonna be there.
    • The option to choose your language is gone from the fake site. Again, I'm SUUURRRRE Paypal just telepathically knew that I spoke English and didn't want to bother me with trivial nonsense.
    • I put in an obviously fake username and password (12 for the "e-mail address" and 34 for the "password"), and I was able to log in!! Any authentic site would have booted me right there. If you're wary about something, test it with a fake address first. If it bites on that, then you KNOW it's a fake (as if all the other tell-tale signs didn't give it away!)/ Also, since when do passwords have bubbles THAT huge?\
    • That damn link is STILL not right! What's goin' on, "Paypal"?!


  3. The Personal Information


    Here's the meat and potatoes of the scam. Everything I went through up to this point was just buttering me up. Notice the fields they require you fill in. I put in a bunch of fake information (I called the number and verified that nobody by that name answers there, so it's cool). Let's go over this now...


    • When you log into Paypal, under the My Account header, the Personal Information tab doesn't even exist! The REAL Paypal site says Overview, Add Funds, Withdraw, History, RESOLUTION CENTER, and Profile. HUGE red flag!
    • Why the hell would they want my ATM pin? See, this is where hackers screw up. In the classic movie Casino, Robert DeNiro said this about a cheater in his casino: "If he hadn't been so greedy, he would have been harder to spot". Greed will give people away most of the time, and this case is no exception. When EVER in an online purchase have you EVER been asked for an ATM pin? Never. Paypal is a "middleman" financial service. So, if Paypal needs information that you never need to make a purchase yourself, what would Paypal need this information for? They wouldn't. Can you say "scam"?
    • Again, there those freakin' pupil-sized password bubbles are.
    • Social Security Number?! WHO IN THEIR RIGHT MIND NEEDS TO GIVE THEIR SOCIAL SECURITY NUMBER TO GET BOOKS FROM AMAZON?! Again, the greed. These hackers wanna be able to screw you over in every way possible, and they aren't even being shy about it now.
    • The place you would REALLY change your information over would be on the Profile tab, and here is how it's broken up:

      You see how each part of it is broken up? Hackers don't want you doing that, because the more screens you navigate through, the more your red flags go up. They want to be able to nab you at one screen and get everything in one fell swoop.


You're still "safe" at this point, because you haven't hit that "Next" button to send it. Of course, I would advise not even getting to this point, because it was a scam from the e-mail for the reasons I pointed out. Once next IS pressed, though, your information is sent to the hackers and you are sent here:



So wait...you mean to tell me that the login I put in that let me in earlier is all of a sudden invalid?! Notice everything about the login page has changed. All the signs I told you to look for in an authentic Paypal site are suddenly here (except the language). Hackers will often do this. After they get your information, they will throw you to the wayside. They have your information now and could care less where you go from here. The fact that buttons, unlike links, never tell you exactly WHERE you're going is usually how these screen navigations can go on without being detected. However, if you follow these tips, you should be able to avoid being a victim. Paypal is not the only victim of this attack. Sites like Ebay, Blackplanet, Myspace, and Facebook have also been targets. Just keep your wits about yourself. Also, if you suspect a site, call them. If you don't trust a weblink, they'd offer to work it out over the phone. I hope this helps to save somebody from being an identity theft victim.

-B
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)