It’s Fishing and Phishing season again!!
I just got an official looking email from Amex in my inbox. The problem was that it was sent to one of my emails that I don’t use for our amex account (Different domain entirely). Of course, we never click on email links but will go directly to the site.
The problem is that the phishing expeditions are getting more sophisticated. The links in this email were designed to look like actual Amex links
To pay your bill online, click here.
(I’ve munged a couple of the components of the link to render it unusable, just in case..)
It appears that this is part of something called a replay attack.
I found some clues at http://jalcorn.net/weblog/archives/556-Beware-the-replay.html
which explained part of the methodology.
replay attack An attempt to break security by retransmitting information that was originally communicated legitimately. See active attack, one-time password system, and passive attack.
One sure clue is that when you look in the email header, you see a return path of firstname.lastname@example.org . Yea, I’m sure that’s how Amex would send out an email.
In short, the phishing techniques are getting a whole lot more sophisticated. You would have to analyze the hidden technical portions of an email to spot a fake, and even then you might miss the clues.
So, when you get an email allegedly from your financial institution (or anything else that is important such as your ebay or amazon account)
- DON”T TRUST IT. Do NOT click on any of the links and log in directly from the email
- If you feel you need to check things out, open up your browser and go directly to the site by using your favorites (assuming you linked to the real site originally) or by typing the site address into the address bar.. eg. www.americanexpress.com DO NOT copy and paste links.
- Make sure the rest of your family is aware of phishing attempts and how to handle incoming emails.
- Again- Be paranoid. Identity theft is a royal mess. This is a time for tinfoil hats!!
- Beware of the Phishing Attack
- Temporarily changing Virtuemart order confirmation emails.
- Verizon Fios emails to AOL bouncing – Can’t these two play nice??
- USPS online postage
- Cheap Hosting and Identity Theft
- Beware of using third party email as your prime email account
- Carbonite forces password changes
- A fix for spam emails on mobile devices