MacMost Now 54: All About Phishing

Gary Rosenzweig takes a look at phishing: conning someone out of their personal information using deceptive email. Learn how to recognize and protect yourself against phishing.

Video Transcript
Hi, this is Gary Rosenzweig.
You know it's a dangerous internet out there, right?
Well, let's take a look at exactly why it's so dangerous, as we examine phishing on this episode of MacMost now.
So what is phishing? Well first of all phishing, spelled with a 'p' 'h', is a con technique. Basically someone is trying to con you out of information. So you get an e-mail from something that looks like a company or a person that you may know or do business with. It looks fairly normal, but it's just a trick. Just the same as if somebody will call you on the phone and say claim they were from your bank and ask you for personal information. It's just an e-mail that's doing the same thing. So this e-mail can look exactly like an e-mail from your bank, say, or an internet website that you do business with. And it may claim that you need to log on to the website to give the information. Now the trick comes when you actually click on a link inside this e-mail. You think you are going to the website that you trust, but in fact you're being redirected somewhere else. Let's go and take a look at exactly how this works.
Okay, so here's an e-mail that seems to have come from CitiBank. CitiBank of course is a well-known credit card company and bank with lots of different services and you may in fact do business with them. Matter of fact the con artist here is counting on that because they expect that if they send this out to a million people that a good number of them will actually think that maybe it's a real e-mail from CitiBank. If you look at it closely, though, it sort of falls apart. It actually says that it's from CitiBusiness Customer Service and it's a very plain e-mail and it says something about ah, there's a scheduled maintenance program and eh, filling out this online form is very important and there's a link that you can click on.
Let's go and take a look closely at this link. If we roll over it, we can see that there's a little window that pops up and tells us what the link actually is. And instead of it being to CitiBank, it actually says citibusiness.citibank.com and then there's something after it. Let's go take a close look by simply doing command-option-u, and we can view the source for this. And if we look through the source, we can find out where that actual link is. Sometimes it's hard to find, but doing a search for "href" will find it really quickly and here it is. So we can see here that it looks like it's citibusiness.citibank.com, but in fact, it isn't. It is citibank, er, citibusiness.citibank.com.fg and a whole bunch of word characters .hk.
So, you don't have to pay any attention to this stuff that comes before the final bit, the final bit here, the country code and the thing right before it is the actual domain name. So that's where you're really going; it's just this very odd strange website. All this stuff before does nothing.
Here's another e-mail. This one seems to be from Bank of America, another company a lot of people do business with. They even take some of the graphics from Bank of America and stick them there. And you can see here they've done something even more clever, they've actually put a link that looks like it's just a url, right inside of the e-mail, so you look at it and say, well, this does say bankofamerica.com, that looks good. But if you roll over it you can see that in fact, it's not going there. This is a link just like a link that might say 'click here' except that it looks like a url and actually goes to something else .us, and we can look at the source for that too, and we could find out where that is, and there it is, there's the bad url, so we know that this is in fact an attempt at phishing.
Here's another one. This one comes from eBay, or it seems to come from eBay, it uses some graphics to make it even look like an e-mail that you may have gotten before from eBay. But if we go and we take a look at the source, we can see that indeed, it doesn't. But, what they've done here is they've done some interesting things, like the graphic is actually being served from ebay.com, they're stealing it, but if you actually go look at the link you can see that it is definitely not something that you want to click on, it's a strange url at another country.
A lot of times, these e-mails try to scare you. Here's one that looks kind of official from PayPal and it says that your PayPal account has been suspended, gives you a case ID and all sorts of things, looks very official, even copies a lot of the things that you would find at the bottom of a regular e-mail. They basically take a regular PayPal e-mail and they modify it for their own uses. And it says "Please click here to restore your account access." But if we go and we take a look inside, we see that indeed it goes to a url at another country, it's very easy to spot.
So, how do you protect yourself against this? Well, it's actually very easy. First thing is never trust anything that comes in an e-mail right of the bat. Make sure it's real, especially if it's got a link in it, especially if it's from that includes your sensitive information, like a bank, or an account on a website, like eBay, PayPal, Amazon, anything like that, be suspicious right away. The next things you want to do is, you never want to click on a link in an e-mail. Just never do it. For instance, if you get a link to your bank, in an a-mail, instead of clicking on that link, go to your web browser and type the domain name for your bank or use a bookmark that you should have. Something you trust, so you're not actually linking the e-mail to what you're doing on your website. If it is a real offer, or a real piece of information from your bank, you'll be able to log into your bank account without the e-mail normally, and find that information in there. And when in doubt, you can always call. If it's from your bank, or it's from an online website you have an account with, you can always call them and say "Hey, I got this e-mail and I'm not sure whether it's real or not," and they'll tell you. But remember, if somebody call you, don't give out any information on the phone. If somebody calls you, say from your bank, first thing you want to do is go and say "Let me give you a call back," and call the number that you have on the back of your card or your account statement.
So there's some quick tips about how to keep yourself safe online. Till the next time, this is Gary Rosenzweig at MacMost Now.

Comments: 2 Responses to “MacMost Now 54: All About Phishing”

    Ian
    3/10/08 @ 8:16 am

    That’s great Gary. I was explaining the real destination of links in phishing emails to my parents the other day, but you’ve done a really great job and I’ll show them your video.

    Vicki B.
    11/30/11 @ 2:45 pm

    They did that to me. They said my PayPal account was suspended. So I called them in person, b/c I didn’t understand the email, and they said they didn’t do it.

Comments Closed.