Jarrod Trainque

Phishing technique: fake confirmation emails

Recently, I’ve seen an increase in a new type of phishing technique where the victim is sent a fraudulent confirmation of a transaction that never took place. Like other phishing attempts, this approach leverages social engineering tactics to get the user to submit sensitive information to the scammer.

This is concerning, since many people on the net are not just computer savvy enough to be able to protect themselves. Here’s some background and easy ways for everyone to avoid being scammed.

It works like this:

• The target is sent an email that looks like a confirmation from eBay or Paypal. Usually the email gives the target a reason to believe fraud has already taken place (for example, the “shipping address” might be stated as an unconfirmed 3rd party).
• The target attempts to rectify the situation by clicking the “dispute transaction link”
• The target is is taken to a page that looks like eBay or Paypal, and may have a similar URL, but is actually a forgery. Since the user is already in a panicked state, they often don’t suspect that fraud hasn’t yet taken place yet, and don’t notice the correct
• The victim submits their login information on the forged site, and unwittingly give their login information to a 3rd party. This is where fraud takes place.

One way to protect yourself is to make sure that the URL matches the website you are visiting. For example:

Real:

• http://ebay.com/path/to/something
• https://ebay.com/path/to/something (note the “S” in https)
• https://search.ebay.com/path/to/something (subdomains, like “search”, are okay)

Fake:

• https://ebay-disputes.com/ (tricky, but wrong)
• http://dispute.us/www.ebay.com/ (domain is “dispute.us”)
• https://ebay.comdispute.us/ (domain is “comdispute.us”, subdomain is “ebay”)

Note that just clicking a link in an email can be harmful. Some links look like this: http://website.com/emails/45098713405861347560328945730298456374502345 with that last number uniquely identifying YOU by your email address. So by merely clicking the link, you are telling a spammer that you are a human being (and not a dead email address). You’ll get more spam as a result.

Some browsers, such as Firefox, will alert you to a suspected web forgery, providing an added level of protection.

The best method is to NEVER click on a link in an email. Instead, manually go to the website (by typing in the URL), log in, and check your account by navigating to the account section.

Remember, play it safe — never do internets alone!!!!

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a comment, or trackback from your own site.

0 Comments

No comments yet.

RSS feed for comments on this post.

Leave a comment

Name (required)

Mail (will not be published) (required)

Website

Jarrod's First Name (required)

Further Reading

• CSS usage in emails
• Weird spam emails
• Cell Phone Spam
• Got a Gmail account today
• Turning Outlook 2000 into a Tag Cloud (sortof)
• wiping
• Faking website URLS
• Andy Kaufman returns (maybe)