Dave, I’m getting more and more confused. I keep getting warnings and alerts from Paypal, eBay, my bank, and various other banks and financial institutions that I don’t even have accounts with, all telling me to log in and verify my account information. I’ve read about something called “phishing” and am wondering if that’s what these messages actually are?
You’re right to be suspicious! These are indeed what us industry folk call phishing (rhymes with fishing): fake email messages purporting to be from legitimate sites, they redirect you to clones of the real site and their sole purpose is to get you to click on the link and log in to their mock sites.
These are bogus messages sent by online criminals.
Or does it link there? HTML messages can easily point to one site while appearing to point to another. So I cracked open the message and read through the source, to find my suspicions confirmed. Rather than actually link to the Paypal site, this message points to the Web address http://126.96.36.199/verify/index.htm.
Then, from the Mac OS X command line, I tried to telnet to that host, to see what would happen and here’s what I got:
$ telnet 188.8.131.52 Trying 184.108.40.206... Connected to insdel.snu.ac.kr. Escape character is '^]'. Connection closed by foreign host. $
As you can see, rather than being the secure Paypal server in California, it’s actually a site in Korea! Further investigation reveals that it’s actually the Interdisciplinary Structural Design Laboratory at Seoul National University, news that I’m sure would be quite a surprise to the system administrators there!
Almost all of these phishing sites work the same way, taking you to Web sites referenced by number, with no domain name mentioned at all.
Since these criminals are “fishing” for account information (imagine the consequences of blindly entering your actual account and password information to their system!) these sort of scams that masquerade as real email from legitimate companies is now known as “phishing”.
Some of these phishing messages are quite ingenious: I’ve received a wave of messages that appear to be a communication from a buyer on eBay who is just notifying me that they’ve paid me for an item they won on auction. The purpose of the message is for me to click the “reply” button, log in to “ebay” (it’s not eBay, of course, it’s the scam Web site collecting account information) and then doubtless get an error message to keep me from being too suspicious.
Here’s how you can avoid being caught by these phishing messages: never click on a link in an email message. If you were to get a legit message from Paypal, eBay, Wells Fargo, Citibank, TCF, whomever, simply go to your Web browser and type in the address of the company Web site. Then log in as normal and check to see if there are any messages or other indications that there really is a problem. I’ll bet that there isn’t anything wrong at all.
After all, given how many of these annoying phishing messages are sent now, do you really think that these companies are going to send real messages and confuse their customers?