Goto Blog Home PageRevell Research Systems: The Consultancy Blog
On this page....
Archive
<2017 May>
SunMonTueWedThuFriSat
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910

RSS 2.0     Atom 1.0     CDF

Summary
Search
Navigation
Categories
 
 
 
 
Blog Roll
About The Editor
Fiona Burgess is the Business Development Manager of Revell Research Systems, a Management and Technology Consulting Practice based at Exeter in the United Kingdom.
Contact Fiona Burgess
 EMail Revell Research Systems Limited Email Me
Copyright
Legal & Other Notices
Sign In
Disclaimer
The material published in this web log is for general purposes only. It does not constitute nor is it intended to represent professional advice. You should always seek specific professional advice in relation to particular issues. The information in this web log is provided "as is" with no warranties and confers no rights. The opinions expressed herein are the personal opinions of the authors.

Web Log Home | Welcome to this Web Log | Using this Web Log | New to Blogs? | About Revell Research Systems | Contact Details

Review Entries for Day Thursday, 02 July 2009

We have recently seen a slight twist in the usual phishing emails that are designed to lure the unwary to web sites with malicious content. These emails, usually informing the recipient that they need to confirm their bank details or other credentials, have become common place and most users are probably sufficiently aware not to be tricked.

However, we have seen a number of emails recently that inform the user that they have a message in their secure inbox on their bank's web site and that they need to urgently log in to read it. Needless to say, the actual link in the email goes nowhere near a reputable bank!

The twist is that several banks and social networking sites do actually use the concept of a secure inbox on their web site to ensure confidential communication with their customers (remember email is far from confidential) and frequently send a normal email to alert the user that they have items needing their attention.

Such emails would be easy to spot if the recipient didn't use the bank that is purported to have sent the email. However, we think some of the emails are sufficiently similar to the branding of existing banks to potentially trick the unsuspecting, who may be customers of the impersonated bank.

We expect this scam to also target social networking sites, such as Facebook, in the near future.

These new phishing emails are, then, very plausible if you use banks or social networking sites that have this facility and use the same branding...

Our advice is NOT to click on links in suspicious or unexpected emails.

You can easily assess the danger of many links by simply hovering the mouse over them. Most newer email programs, such as Microsoft Outlook, will show a popup tooltip displaying the real target for the link. You must examine the link details very carefully to ascertain whether they are safe.

 a screenshot of a phishing email showing a tooltip displaying the real target address for the link

A screen-shot showing a typical tooltip that is displayed when a link is hovered over in Microsoft Outlook. Note that although the link purports to take the reader to their secure inbox, the link actually targets a Russian web site (ie: a .ru domain).

The trend is to embed the name of a well-known bank into the links to trick even the wary. A typical link might look like www.my-well-known-bank.very-malicious-site.cn, etc.

If in doubt, don't!

Posted by Revell Research Systems
Thursday, 02 July 2009 12:01:01 (GMT Standard Time, UTC+00:00)  #
Comments [0] Alerts | Trackback

Comments are closed.
RSS 2.0 Feed If you enjoyed reading an article on this blog, why not subscribe to the RSS 2.0 feed to receive future articles?
   
Revell Research Systems Logo Visit the Revell Research Systems Web Site if you want to learn more about this management and technology consulting practice.