Phishing for phishers: An idea

Phishing

I just had another phishing email today and had an idea how to fight against it. (Phishing is an email which looks like it is from one company but was actually from someone else, they are designed to steal your login details – Hence, they were “fishing” for my details)

I was curious to know how close the dummy login page looked to the real one (I should point out at this point you should never normally even click on a link on email like this, it can be really unsafe!). So that you don’t have to try this I show two images below for you to have a look at:

As you can see, they are pretty identical (the first one is the fake one).

Taking care
Don’t worry, it isn’t hard to avoid these phishing scams. Here’s a few tips to help you catch these.

Is it likely?
Firstly, it’s actually quite unlikely that your bank would suddenly need to contact you for any reason. If somethings important, they’ll almost certainly send a letter.

Avoid links
If you do recieve an email and you think it is genuine, don’t use any links embedded in the email, instean open your Internet browser and type the name in manually, or use one of your own bookmarks if you have one.

Fake URL’s
If you do use a link inside an email (or even on the internet) it’s a good idea to check what the URL is. This appears in the box, usually at the top of your browser (For instance, this website’s URL is: “http://akademy-tips.blogspot.com/” you should see this in the box).

Phisihers usually attempt to trick you by including the real one with their own. For instance, this is a fake url: “http://akademy-tips.blogspot.com.fakingit.com/” – notice the additional text at the end “fakingit.com” – this is actually the real address of the website.

Always check the right most text of the top URL part. This is the part between the “http://” (or “https://”) and the first “/”, e.g. (in bold):

  • http://www.bbc.co.uk/merlin/episodes/
  • http://en.wikipedia.org/wiki/Main_Page
  • http://akademy-tips.blogspot.com.fakingit.com/
  • http://akademy-tips.blogspot.com/

Many modern browsers actually highlight this part for you now.

An idea
Once you’ve realised what’s going on, any information can be added into these websites. In fact simply entering dummy account information will start to put of the phishers, however a much more ingenious thing to do would be for the real companies affected by these emails to set up dummy accounts, and then enter these details into the phishing websites.

Now, as soon as these dummy details are entered on the real website a company can take immediate actions to stop them, perhaps logging and banning their IP address, so that no real accounts can be used from that position. Alternatively, with the help of the police, perhaps money transfers could be tracked as they are made.

Of course, it’s highly likely that this is already taking place. Perhaps it’s only a matter of time before these people are caught.

Let me know what you think.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.