Two words which might be new to you but which you may have run across recently, so here's what they're about.

Phishing
Phishing is a new type of scam in which you are presented with a message in an email with a link to click, or you may get a popup window. Some of these may simply be spam but scammers know that so they disguise the phishing as a real-looking link or popup. These links may come from something familiar or famous like a bank, the FBI, etc. I even got one from the CIA once. Oh yeah. :rolleyes:

The usual bank scenario is something about the urgent need for you to update your online account. That's kind of hard to do if you've never even heard of the bank before. Even if you do get such a message from a bank where you actually have an account the email you received is NOT from your bank. Real banks don't require you to update anything and even if they did it would be from their webpage not from an email. The email may use the bank logo and look real but that just means the scammer can copy a .jpg or .gif file and paste it into the email.

If you click the link you're going to end up in an evil place you don't want to be. That's because the scammer is going to ask you for all kinds of personal information, maybe your credit card info,address, phone number, social security or other identifying number, and so on. The scammer/criminal (or phisher) then has enough information to possibly access your bank account or maybe enough information to get a real credit card in your name. It happens. Hence the best thing to do with such an email is to delete it. It's not real and the bank isn't going to close your account.

Pharming
Pharming is an even more evil beast. This is when a scammer/criminal actually hijacks the domain name. This can be done a couple of ways. The first is to create a domain name that looks similar to the one of a real bank, company, or governmental entity. You can go there but it's a danger zone and you really don't want to do that. If in doubt, go to http://www.google.com/ and type in the of the bank, etc that you have. If it's a real bank, etc their domain and their real webpage should be about the first thing you find. If you compare the domain name you find with the one you are given by the scammer and they aren't the same, don't go to the one the scammer sent you! Don't open that webpage. Needless to say, if you do, you're going to give away a lot of personal information and that is not good.

Another method of pharming is to actually click something that installs some form of spyware on your computer. Even if you are trying to go to your real bank website the spyware may redirect you to the fake or spoofed website. And if you type in your real information...you can guess what happens, and it's bad.

It is illegal.
Yes, governments have discovered that this is happening and many have made either phishing or pharming a crime with criminal penalties attached, like fines and prison time. In the US that can be a fine of up to $250,000 and/or up to 5 years in prison. (Probably current law but don't quote me on that). Others governments have done likewise. The problem, as always, is enforcement. The phisher/pharmer has to be in that country, it has to be proved that the phisher/pharmer instigated the attacks etc. In the US, a law has also been passed to criminalize identity theft.

What should I do?
The first thing is really simple: delete that email. Don't even open it especially if you don't know that bank. if you do open it accidently, don't click any links in there.

You can also post the email at AFI in the Phishing section here (http://antifraudintl.org/forumdisplay.php?f=27). That's why we put it there.

Another thing is to contact an admin and let us know the fake domain you have received. We can work on those the try and get them killed. This can prevent someone else from becoming a victim of a phishing/pharming attack. It also makes the scammers angry because it costs them money and time to make those fake websites. That's OK by me.

Full details are at http://a11news.com/95/winzipices-cn/ of a newly recognised attempt to download a "phishing" trojan by infecting databases on web-site servers with an SQL vulnerability.

The WinZipIces phishing exploit launched by Chinese hackers using an automated script that searches for an unpatched SQL vulnerability on web servers downloads two files onto visitors' computers, JS_DLOADER.AEHM and TROJ_REALPLAY.BR.

The article says that users should check that they have up-to-date firewall and anti-virus protection on their machines.

A few friendly suggestions for avoiding unfriendly phishers.

Avoiding phishing scams is tough. Phishers know every trick in the book, and they're dreaming up new ones as we speak. So here are some things to keep in mind while you're online:

Don't believe every warning you read — especially pop-up warnings that appear while you're surfing the Web. Unscrupulous companies use pop-up ads to display false warnings about your computer. Ignore them.

Do NOT click any button in these pop-ups, such as a "Close" or "No" button, or the "Close" box that may appear in the upper-right corner of the pop-up. Doing this might install a virus or other malicious software on your computer. To safely close a pop-up ad, press Ctrl-W (if you're using a Windows computer) or Command-W (on a Mac computer). You may receive an email that claims to be from a computer expert, warning you of a virus. These are usually hoaxes. Do not follow the steps described in any email unless you're sure the threat is real.

Don't be fooled by people pretending to be any reputable firm and offering cash prizes. They would never send you information about a contest you never entered. If you've received a message like "Final Notification: Yahoo! Mail Winner!" or "Your Email Address Has Won $XX million," it's a scam. Don't reply to the email, don't click any links in it, and never divulge any personal information. Instead, click the "Spam" button.

Here is a link that we should all take a look at. It is about some new hackers and phisher-men who are doing some nasty things to computers, who happen to respond to some lad's phishing attempts. Watch your language, and watch your back, is all I gotta say...Read it! Ted.




http://www.networkworld.com/news/2008/082608-call-out-a-phisher-get.html?nlhtsec=ts_082808&nladname=082808security

Email Fraud. How Not to Get Hooked by a ‘Phishing’ Scam.


Internet scammers casting about for people’s financial information have a new way to lure unsuspecting victims: They go “phishing.”

Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information.

According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.

The FTC, the nation’s consumer protection agency, suggests these tips to help you avoid getting hooked by a phishing scam:

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies don’t ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company’s correct Web address. In any case, don’t cut and paste the link in the message.


Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s Web site, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.


Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.


Use anti-virus software and keep it up to date. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files. Anti-virus software scans incoming communications for troublesome files. Look for anti-virus software that recognizes current viruses as well as older ones; that can effectively reverse the damage; and that updates automatically.

A firewall helps make you invisible on the Internet and blocks all communications from unauthorized sources. It’s especially important to run a firewall if you have a broadband connection. Finally, your operating system (like Windows or Linux) may offer free software “patches” to close holes in the system that hackers or phishers could exploit.


Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.


Report suspicious activity to the FTC. If you get spam that is phishing for information, forward it to spam@uce.gov. If you believe you’ve been scammed, file your complaint at www.ftc.gov, and then visit the FTC’s Identity Theft Web site at www.consumer.gov/idtheft to learn how to minimize your risk of damage from ID theft. Visit www.ftc.gov/spam to learn other ways to avoid email scams and deal with deceptive spam.

The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Email "Spamming" and Email "Spoofing"

Email Spamming refers to sending email to thousands of email addresses, similar to a chain letter. Spamming is often done deliberately to use network resources. Email spamming may be combined with email spoofing, so that it is very difficult to determine the actual originating email address of the sender. Some email systems, including our Microsoft Exchange, have the ability to block incoming mail from a specific address. However, because these individuals change their email address frequently, it is difficult to prevent some spam from reaching your email inbox.

Email Spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Individuals, who are sending "junk" email or "SPAM", typically want the email to appear to be from an email address that may not exist. This way the email cannot be traced back to the originator.

Malicious Spoofing

There are many possible reasons why people send out emails spoofing the return address: sometimes it is simply to cause confusion, but more often it is to discredit the person whose email address has been spoofed: using their name to send a vile or insulting message.

Dealing with a Spoofed Email

There is really no way to prevent e-mail spoofing. If you get a message that is outrageously insulting, asks for something highly confidential, or just plain doesn't make any sense, then you may want to find out if it is really from the person it says it's from. You can look at the Internet Headers information to see where the email actually originated.

Remember that although your email address may have been spoofed this does not mean that the spoofer has gained access to your mailbox.

Displaying Internet Headers Information

An email collects information from each of the computers it passes through on the way to the recipient, and this is stored in the email's Internet Headers.

1. With the Outlook Inbox displayed, right-click on the message and click on the Options command to display the Message Options dialog box.

Internet Headers are best read from the bottom up, as they are added to as the email passes through the system.

2. Scroll to the bottom of the information in the Internet Headers box, then scroll slowly upwards to read the information about the email’s origin. The most important information follows the “Return-path:” and the “Reply-to:” fields. If these are different, the email is not who it says it’s from.

Virus spoofing

Email-distributed viruses that use spoofing, such the Klez or Sobig virus, take a random name from somewhere on the infected person’s hard disk and mail themselves out as if they were from that randomly chosen address. Recipients of these viruses are therefore misled as to the address from which they were sent, and may end up complaining to, or alerting the wrong person. As a result, users of uninfected computers may be wrongly informed that they have, and have been distributing a virus.

If you receive an alert that you’re sending infected emails, first run a virus scan using a program such as Norton Anti-Virus from Symatec . If you are uninfected, then you may want to reply to the infection alert with this information:

“Your virus may have appeared to have been sent by me, but I have scanned my system and I am not infected. A number of email-distributed viruses fake, or spoof, the ‘From' address using a random address taken from the Outlook contacts list or from Web files stored on the hard drive.”

But keep in mind that a virus alert message is quite often auto generated and sent via an anti-virus server and so replying to the original email may not elicit a response.

Alternatively, if you receive an email-distributed virus, look at the Internet Headers information to see where the email actually originated from, before firing off a complaint or virus alert to the person you assume sent it.