60-Seconds

This column, part of DTG Magazine has been published since 1990.

Sponsored by:

* The Design Center * Design Bookshelf * DTG Magazine * Photoshop * Photoshop 911 * Photoshop Help * Photoshop Resources * Photography * Web Design * Fonts & Typography * The Design Cafe * User Groups * Info Manager

Recommended

(Hover for brief description)

Got content? Share your articles, reviews, tips and tricks with DTG readers around the world. (Ask about our writer guidelines for ideas.) Contact us. Submit Article

MEMBER

User Group Net Spam Cop Network

#181 April, 2006

In your own defense

... YOU are your own best hope

While preparing some research data for an article on Phishing, this scenario presented itself to me and I couldn't resist passing it along before the eventual article is finished.

As you should well know by now, Phishing is a serious crime being perpetrated through email. It has already cost billions of dollars in terms of both financial losses of private individuals and crime prevention security losses to industry and commerce. If that doesn't send a chill down your back, consider that the basis of the technique is being taught to budding terrorists as a sure-fire method of funding for their terrorist activities. Teddy and Chuckie bitching and moaning about the cost of defense -- how come they don't do something about it?

This particular email contained a Phishing attempt that clearly illustrates how our own ISP system is providing the very means that allow online criminals to operate. There have been others -- many others -- but this one is so clear, it merits exposure.

Date: Mon, 17 Apr 2006 [08:18 EDT]
From: PayPal 
Subject: Payment sent to sales [at] sonyvaio.com

What people saw: Click on this button
What people didn't see:
. . . http://curtc.org.ua/modules/Forums/admin/forum/profile.php

This criminal spam utilized the well-known technique of embedding an image to represent the spoofed page. This image of the "PayPal" page was hosted at ourworld.cs.com (US) by a Compuserve member. The criminal sends this image embedded in the email as an image-map. When clicked, and embedded link takes the victim to the criminal's web address -- or, redirects to another URL. This link took the victim to a PayPal spoof page in the Ukraine where account information would be gathered.

As you can see from the actual graphic, the victim would believe that their account was being charged for something they didn't buy. The first reaction is to follow the instructions, quickly go to the link and 'kill' that credit card charge.

Where does the trail lead?

Registrar: networksolutions.com
* Country: Ukraine
* Owner: Ukrainian Telecom
* Host: Ukrainian Telecom
* Nameserver: UKRTEL.NET
* Where the victim thought the email came from: service [at] paypal.com * Where the email REALLY came from: micos.ro (Constanta Romania) * Network hosting website referenced in spam: ukrtel.net (Ukraine)

The image (http://ourworld.cs.com/paradzi/sony.gif) hosted at Compuserve, is the one tangible piece of evidence left by the criminal. Although Compuserve could identify this phisher immediately -- it was nearly impossible to even find CompuServe's legal department, much less do anything about it. But we did find it and did contact them via their online reporting form.

The report was filed

Here's the 'official' reply from the form provided by CompuServe LEGAL:

  > From: AOL Postmaster
  > The following addresses had permanent fatal errors
  > legalnnn@cs.com
  > 550 MAILBOX NOT FOUND
  > 550 legalnnn@cs.com ... User unknown

So, Compuserve's "Legal" report form goes to a nonexistent address. We call this "intentional" because such addresses, stated in legal policy documents don't just go dead. This error response was generated by AOL (Compuserve's owner,) as a response to my report at their "Contact Form" -- a form Compuserve provides specifically for reporting abuse to their legal department. Why would they arm the report form with a dead address?

If you look at the actual phishing attack spam:
http://www.spamcop.net/sc?id=z917260012zdda63d9dab02c2a9995eb25f08ebd8bez
You will see that even SpamCop missed the graphic link where the graphic was hosted. Well, the criminals use this trick because they know software spam blockers cannot "understand" graphics. Therefore they don't usually include those links as part of the spam reporting process. Since the graphic was labeled "sony.gif" the spam tracking software had no reason to believe the image was of significance. The porno industry runs on this concept. We know better, because we can "see" that the graphic was a PayPal spoof page -- but most casual internet users think its authentic.

This is an undeniable endorsement of the UGN ISP Self-Regulatory Initiative, proposed in 2000. Had the ISP industry supported this initiative, Compuserve would have prevented the Phisher's use of their system in the first place.

Control your own defense

Be very careful how you read your email and what you do with many that appear to be authentic communications from trusted financial institutions. Read the security information from eBay, PayPal, Amazon, Chase, VISA, and yes, even the IRS. Know how to spot a spoof. They're all being spoofed and phished heavily. These criminals are not only technologically advanced, they're devious and completely without any shred of honor, honesty or remorse. If they were next door, they would rob you at gunpoint. Being thousands of miles away doesn't stop them -- in fact it helps them.

They want your money or your identity, or both. They'll stop at nothing to get it.

YOU are your last, best hope.

Thanks for reading...

Editor: DTG Magazine and 60-Second Windows contact me!

REFERENCES:
* eBay Security Instructions
* PayPal Security Instructions
* VISA & Charge Card Security
* CHASE & Online Banking Security Tips
* Amazon.com Security and Online Protection
* Wachovia Security Tips
* IRS: Suspicious e-Mails and Identity Theft
* FTC Phishing Alert (FTC)
* The Anti-Phishing Organization

---

We're here for you

Please take advantage of everything we have to offer. It will only help you in your daily activities. Please also take advantage of all the opportunities that exist in the online community. Ask questions, offer feedback, and contribute your ideas and opinions. We're here for you, and we're all here for each other.

* Back to 60-Second Window
* The Design & Publishing Center
* DT&G Online Magazine

Would you like to carry the 60-Second Windows column in your newsletter or web site? Ask us about our syndication program... join hundreds of others who now publish 60-Second Windows!

60-Second Windows is wholly owned by the Design & Publishing Center, part of Showker Graphic Arts & Design, Harrisonburg VA; in the Shenandoah Valley of Virginia -- Copyright: 1990 through present, All Rights Reserved.