?

Log in

No account? Create an account

Previous Entry | Next Entry

(Note: This is Part 1 of what will probably be an ongoing and irregularly-updated tutorial on how not to fall for fraud, phishes, and scams on the Internet.)

Let's start by talking about one of the most common kinds of email fraud: a "phish" email.

A typical phish email--you've probably received at least one, I know I get about twelve a day--is an email that comes from an official-looking email address. It says it's from your bank, or from eBay, or from Amazon, or from Google, or from some other company you do business with. It tells you there's a problem. It says that in order to fix the problem, you have to click on a link in the email and then type in your bank account number, or your eBay password, or your credit card number, or something like that.

You probably think you're too smart to be suckered by one of these, and who knows? You might be right. But they're deceptive and written with a good understanding of human psychology, they tend to look pretty damn convincing (often, they resemble an official email perfectly, right down to the logos and formatting), and they prey on surprise and fear. Nobody wants to be locked out of his bank account, or banned from eBay.

They might even tell you that there is no problem at all--everything's fine, there's no need to take any action. The $3,714 has been charged to your credit card for the giant flat-screen TV that you ordered to be shipped to a house in Wisconsin; nothing's wrong, the transaction went smoothly.

But, you know, just in case you didn't order a $3,714 flat-screen TV for your friend in Wisconsin, there's a helpful little box:



"Hell, yeah I'm gonna dispute that transaction! I'm beig robbed! Someone just stole my credit card and used it to buy a flat-screen TV! I'm have to stop this RIGHT NOW!!" Your heart is pumping, your adrenaline is going, you're so upset you can hardly think straight...

See? That's what I mean when I say these guys are really good at psychology. You're one click away from voluntarily handing your eBay account to Russian organized crime.




Let's backtrack a little bit and talk about something boring: Links.

Now, you know what a link is, and you use them all the time. It's okay; bear with me for a minute.

I can turn any word I want to into a link, and make the link go anywhere I want to. It's easy to do, and we all take Web links for granted. For example, I can do this:



The word Elephant, if you click on it, will take you to Google. All pretty simple, right? Stay with me; I'm really not trying to insult your intelligence, I'm just illustrating a point. This is going somewhere, I promise.

I can make the word Elephant be anything I want it to. I could change it to a different very large gray animal, for instance:



Like before, if you click on the word Rhinoceros, you'll go to Google.

Of course, a link called "Rhinoceros" isn't very useful. Most folks use more descriptive words in their links, like "Google," for example. So I could do this



So you click on the word Google and you go to Google. Nothing special here.

But let's think for a minute about the implications. I can make the word say anything I want to. Anything. Anything. Anything at all. Have you got it yet?

No?

Well, suppose I want to lie to you? Check this out:



Where do you think you will go if you click on the link that says "http://www.yahoo.com"? I'll give you a hint: You won't go to Yahoo. Try it and see!

Yep, that's right, just because you see a link in your email that says something like http://www.yahoo.com or http://www.ebay.com or something like that, it doesn't necessarily mean that clicking on the link will take you there. The words can be anything that a Russian gangster can imagine. Links can lie.

So here's Lesson 1: Never, ever, EVER assume that if you click on the words www.yahoo.com you will go to Yahoo. The words can be anything that anyone wants them to be.



There is some good news. Most email programs will show you where a link actually goes if you sit your mouse pointer over the link and just leave it there without clicking on it:



And, fortunately, you can always tell what Web site you're on. Unfortunately, if you have been tricked and you think that you're going to Yahoo, you may not bother to check.

Every Web browser has an address bar. And the address bar shows you where you are. The address bar is at the top of the browser window, like so.



Most people get a sense of where they are by looking in the middle of the page. If they see familiar logos and familiar words, they assume they are where they want to be.

But a Web page is easy peasy to fake. All those professional-looking logos can be copied in a computer in a couple fo seconds with a few clicks of a mouse.

And remember how I said these guys know human psychology? They really, really know human psychology. And they use psychological tricks to confuse you with the URL.

You know how your bank and eBay and all of those places always tell you to make sure your browser address bar shows the right address when you go to their page? It's worthless advice. You know why?

You're lazy.




Yes, that's right. I don't even know you and I know you're lazy. I'm lazy. Everyone is lazy. Human brains are designed and optimized to make rapid evaluations and rapid decisions with a minimum of effort. You're lazy, and the hackers know it.

When you look at a Web site address--if you look at a Web site address--your eye begins reading it, and then you stop reading if you see something that looks familiar.

It's how your brain works, and the hackers are very well aware of that.

So here's what your brain does when you see a Web address:



You read the URL until you see something that you recognize. Then you stop. Your brain says "Yes, I recognize this; all the gobbledygook at the end doesn't matter. I know where I am; I'm at adwords.google.com."

WRONG!

You've just been suckered.

When you read a URL, the only part that matters is the part right before the FIRST slash after the http:// part. Here is the RIGHT way to read a URL:

Step 1: Look for the very first slash after the http:// part:



Step 2: Read the part right before that slash.



Got it? This Web site is not adwords.google.com. This Web site is sys56.ru. The ".ru" part means "russia". You are at looking at a confusing URL designed to trick you into not noticing that you're at www.sys56.ru.

See how it works? Let's try again, with a fake Web site pretending to be Wachovia Bank.

Step 1: Look for the very first slash after the http:// part:



Step 2: Read the part right before that slash.



Where is this URL? This URL is at winnerresult.com. Not Wachovia; winnerresult.com.

Sometimes, there is no slash at all after the http:// part. If there is no slash at all anywhere in the address, then you look at the end of the address:



A real eBay signin address is

http://signin.ebay.com/ws/ebayisapi.dll

See the red slashes? In the fake, they are dots, not slashes. How do you know the real one is real? Follow the two simple steps: step 1, look for the first slash after the http:// part, and step 2, read what's right in front of it.

http://signin.ebay.com/ws/ebayisapi.dll

Look for the first slash in a Web address. Check out what's right in front of the slash. Those two steps will save you from getting suckered.

In part 2, I'll cover some telltale signs that a Web site is trying to download a virus onto your computer.


Comments

( 15 comments — Leave a comment )
kijeren
Nov. 7th, 2008 08:06 pm (UTC)
Thank you for this.

This is what I keep trying to tell my less-computer-literate family, and failing miserably. Now I have someplace to point them. :-)
merovingian
Nov. 7th, 2008 10:37 pm (UTC)
You guys know each other?
kijeren
Nov. 7th, 2008 11:06 pm (UTC)
Nope.

I found him... um... here on the webbernets someplace. :-)
6_bleen_7
Nov. 7th, 2008 08:57 pm (UTC)
Very useful info about the first-slash bit! Thanks!
sweh
Nov. 7th, 2008 09:13 pm (UTC)
I want to dispute that transaction, but the link doesn't work!!!

*grin*
tiggerypum
Nov. 7th, 2008 10:01 pm (UTC)
very well written! I assume this will be on some webpage also?
james_the_evil1
Nov. 7th, 2008 10:31 pm (UTC)
Might be worth noting that some browsers (Firefox, certainly) have plugins that split up the URL and space it out to make it easier to read & spot pnoies.
rain_herself
Nov. 7th, 2008 10:34 pm (UTC)
You should switch to gmail. I haven't seen spam in years.

Not that this piece isn't very useful to the majority of the world.
joreth
Nov. 8th, 2008 01:13 am (UTC)
I still see spam in my gmail. It has to do with being the owner of several domain names - I get more spam than the average user (and tacit gets way more than me) and some of these guys are very tricksie indeed
rain_herself
Nov. 8th, 2008 01:15 pm (UTC)
It still eats a considerable chunk, particularly if you're diligent about spam-marking for a while. Much more so than an aol address.
foxsong
Nov. 8th, 2008 12:27 am (UTC)
Thanks. This is a valuable public service you're offering here. Have you considered (indeed, you may already have done so; I just haven't checked) putting this up on your website for reference?

My Master's a computer/web guru and has drilled lots of this stuff into me already, but I am reading carefully in case there's something I'm not up to speed on.
(Anonymous)
Nov. 8th, 2008 08:07 am (UTC)
Thank you, great article!
Any email along the lines of "we forgot this sensitive information that you gave us already, so we need it again; or bad things will happen!" triggers red-alert suspicion even before I check the links. But that false transaction stuff is really clever! I've never encountered this one before, so I might fall for that, if it wasn't for you! Thanks!

Btw, in the next issue you might want to mention how easily email addresses can be faked. Many people get convinced by the email address, so they don't even question the contents ("No, this email really is from ebay, see, here in the 'From' field?")

- Ola
omegamatrix
Nov. 8th, 2008 08:15 am (UTC)
Brilliant. I'm more tech-savvy than the average Joe, but I learned something I didn't know. Thanks.
malterre
Nov. 8th, 2008 01:23 pm (UTC)
And it doesn't hurt to use a mac w/virus and trojan protection :)
sweetpeppermint
Nov. 8th, 2008 10:21 pm (UTC)
Thank you Franklin.
( 15 comments — Leave a comment )