Phishing is a tried and true method of mischief online. It has been going on for almost two decades.
The basic principal behind phishing (pronounced Fishing) is to present a person with a seemingly legitimate web portal and then trick them into giving up personal information (such as username and password).
A classic phishing tactic is to send an email to a person containing an authentic looking email from a reputable organization. Many people are unaware of how easy it is to manipulate email transactions. When sending an email, the email client application (or API) puts the sending address in the message. So, this data can be set to whatever the phisher wants. So, the email could look like it came from a legitimate email address like [email protected] Here is an example to demonstrate how simple creating this is using C#:
MailMessage message = new MailMessage();
message.From = new MailAddress("[email protected] microsoft.com");
message.Subject = "Thank You for your purchase!";
message.Body = "Thank You for purchasing $20,000 of products!";
SmtpClient smtp = new SmtpClient("smtp.MailServer.net");
Notice how the from email address was put there by me! It can look really legitimate! I can also build a mail server and write a program to send this out to as many email addresses as I want.
The most common forms of phishing are emails that contain a “purchase receipt” of some kind. This is likely the kind of email a person will take a look at, especially if the invoice or receipt is for several hundred dollars or more!
This may look exactly like a legit website, but one tipoff is that the URL will not look real. So instead of https://www.microsoft.com/login it may say http://microsoft.somesite.net/login. Even though Microsoft may be in the URL, take a look at the domain: somesite.net. That is what you are actually connecting to. Some phishers like to get cute and use IP addresses to try and fool their potential victims. Just know… a legit site will NEVER use an IP address to send to an email recipient. Websites like Amazon.com, Expedia.com and even WiBit.Net use their domain name to market their business, so they would never want to hide this. Also, HTTPS is not enabled, and most legit sites would use HTTPS. Hmm… Suspicious?
After an unsuspecting person sees this website, they may enter their username and password and click login. At this moment, the phisher has your credentials. Many times the follow up website never loads at all, or it forwards you to the REAL website. You’ve been pwned!
I was inspired to write this blog after a ton of people I know got this email:
This email went out today to, probably, thousands of people. It says that they made a $699.99 purchase on iTunes. The product name is very strange and non-descriptive. Right below it is a Cancel Order link. This link will take you to a website and try to get you to give up your iTunes credentials.
Be careful WiBitters! Don’t let these jackasses scam you!