Phishing sites from miss-spelling?

From what I’ve heard, the most common form of phishing is by sending fake e-mails asking for personal information.

I wonder if there exist a kind of phishing that is caused by users by mistake entering a very similar address to the real site, but which is fake. Then when the user enters the username and password, the site is made so to sign this in into the real site, getting the user into the real bank account, e-mail box or whatever. Thus, the user would have hard to notice that it was a phishing site. Does this kind of phishing exist? Occasionally I read about this kind of thing, but it never gets detailed. Most phishing information seems to be concerned with spurious e-mails asking for information. But I sometimes worry about false sites. Do I need to? I would be kinda stupid to worry about something that doesn’t exist!

G’day,

You’re right in worrying about this kind of thing.

Spoofed sites (ones that resemble real sites) work by making your think you really are at XYZ.COM. When you enter your login credentials into the fake login screen on the fake site, they are recorded on the fake site and simultaneously passed to the legitimate site and you are redirected to the real site. To the end user, it appears that you have logged into the real site, because you have ended up at the real site. What they don’t know is that they had a little side trip on the way and the bad guys now have your credentials to the real site. Bye bye bank balance!

A great tool to use to help avoiding these fake sites is Verification Engine (http://www.verificationengine.com).

Another variant of these phishing emails is where the content of the phishing email looks like a HTML email but is actually an image (typically a JPG) designed to appear to be a HTML email (sort of like a photo of an email). This image can be linked to a spurious site or can have malware embedded in it itself.

Another simple way you can get trapped is to misspell a web address (“goggle” instead of “google”)

DO NOT TEST THIS THEORY BY TYPING WWW.G O G G L E.COM into your browser. GOGGLE is rife with drive by infections - do a search on YouTube for “goggle” and watch what happens as soon as you open the site. I accept no responsibility if you do.

To prevent this, you can manually add entries in your local HOSTS file (in Windows XP, the HOSTS. file is located in c:\windows\system32\drivers\etc\hosts.), misdirecting the addresses. For example, you could add the following,

www . goggle . com 127.0.0.1

This would redirect all attempts to go to www.g o g g l e.com to the local loopback and thereby fail.

Hope this helps,
Ewen :slight_smile:

EDIT BY RAGWING: I fixed the link so that no one clicks it by mistake

Thank you for the reply.

Though judging from the Youtube videos, the g o g g l e . c o m wasn’t really a phishing site. I.e it didn’t show up as real Google.com does, not similar in apparance or so.

I can understand that such fake sites exist for banks, but do they also exist for e-mails, like Hotmail and GMail If so, then can they recognize where I am like Hotmail and GMail can? For example, if I enter http://mail.google.com or http://www.hotmail.com I get to the Swedish language varieties of those sites, wheraes if I entered the same addresses in let’s say Australia I would get those sites in English? Would a phishing site be able to do that? Would it bother to?

I do have VE, but sometimes after I’ve signed in I get a feeling that “did I really check if this site was green?”, “was this site really green?” etc. I’m a bit paranoid.

Correct, the goggle site wasn’t intended to be an example of a phishing site. Rather, it was intended to be an example of how easily we can get stung. Imagine how many miliion times a day the word “google” gets typed, and now think about how few minutes have passed since you last mistyped something. Something as simple as a typo or transposed characters can lead us to the darker side of the web, albeit unintentionally.

I can understand that such fake sites exist for banks, but do they also exist for e-mails, like Hotmail and GMail If so, then can they recognize where I am like Hotmail and GMail can? For example, if I enter http://mail.google.com or http://www.hotmail.com I get to the Swedish language varieties of those sites, wheraes if I entered the same addresses in let's say Australia I would get those sites in English? Would a phishing site be able to do that? Would it bother to?

I’m not aware of any attempts to spoof the major webmail providers, but that doesn’t mean it hasn’t/won’t happen. The auto-redirect based on system language/locale would actually work in the favour of non-English speakers, as most spoofed sites tend to be English language ones. I don’t doubt that it happens in other languages.

I do have VE, but sometimes after I've signed in I get a feeling that "did I really check if this site was green?", "was this site really green?" etc. I'm a bit paranoid.

Just because you’re paranoid, it doesn’t mean they’re not out to get you. :wink:

Cheers,
Ewen :slight_smile:

Netcraft Toolbar was recently voted the best for anti-phishing.

With running Netcraft, Crawler WebSecurityGuard and Firefox with No Script and CPF3 with Defense + I’m quite protected from this sort of thing. When I use IE7 my arsenal also includes Haute Secure.

Eric

Gosh I’m a boring no lifer, reading some of my messages back… Still with netcraft toolbar and WOT.