Thoughts, information and reflections about technology

It’s Fishing and Phishing season again!!

I just got an official looking email from Amex in my inbox. The problem was that it was sent to one of my emails that I don’t use for our amex account (Different domain entirely). Of course, we never click on email links but will go directly to the site.

The problem is that the phishing expeditions are getting more sophisticated. The links in this email were designed to look like actual Amex links

To pay your bill online, click here.
(I’ve munged a couple of the components of the link to render it unusable, just in case..)

It appears that this is part of something called a replay attack.

I found some clues at http://jalcorn.net/weblog/archives/556-Beware-the-replay.html
which explained part of the methodology.

http://www.tedhaynes.com/haynes1/mtoz.html
replay attack An attempt to break security by retransmitting information that was originally communicated legitimately. See active attack, one-time password system, and passive attack.

One sure clue is that when you look in the email header, you see a return path of nobody@lovemall.propagation.net . Yea, I’m sure that’s how Amex would send out an email.

In short, the phishing techniques are getting a whole lot more sophisticated. You would have to analyze the hidden technical portions of an email to spot a fake, and even then you might miss the clues.

So, when you get an email allegedly from your financial institution (or anything else that is important such as your ebay or amazon account)

  • DON”T TRUST IT. Do NOT click on any of the links and log in directly from the email
  • If you feel you need to check things out, open up your browser and go directly to the site by using your favorites (assuming you linked to the real site originally) or by typing the site address into the address bar.. eg. www.americanexpress.com DO NOT copy and paste links.
  • Make sure the rest of your family is aware of phishing attempts and how to handle incoming emails.
  • Again- Be paranoid. Identity theft is a royal mess. This is a time for tinfoil hats!!

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me
Archives
Categories
Amazon Disclosure

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.