Tuesday, July 10, 2012

Anatomy of a Phishing/Spam Email

Fact of modern life: I am sure none of us are unfamiliar with the junk mail that we receive via regular post on a daily basis, including (but not limited to):
  • 'Special Credit Card offers' (often from Discover, which, surprisingly, some people still seem to use)
  • Cheques ('Checks' in the US) from Credit Card companies (even if you would never, ever use them, mostly because of ridiculously high fees associated)
  • Offers to enrol in or switch one's Car Insurance (whether you drive or not)
  • Offers to swap one's TV provider from Cable to Fiber Optic to some kind of Satellite Dish-based system and vice versa (often along with enticing bundles)
  • Random catalogs from random stores (including ones you have barely sniffed at, perhaps, but never purchased from)
  • Desperate requests - often bearing pretty name-labels for free - from various otherwise charitable organizations (including ones you didn't know existed)
... and so forth. I sometimes worry (I know! Right?) about the tremendous amount of paper and postage that is wasted by these organizations, wondering whether the money, time and effort frittered away in such fruitless enterprise couldn't have been spent more constructively elsewhere by them.

Fact of the modern digital life: as long as one has an email account, one shall receive - even without asking - the electronic equivalent of junk mail, namely, oodles and oodles of useless, unsolicited email messages with spurious content from unknown or apparently-known (see below) senders, a.k.a. Spam. Like the junk mail through post, spam emails fall under various categories, including (again, not limited to):
  • Offers to provide financial loans
  • Offers to sell lists or databases of emails and postal addresses from various companies and concerns (so that you could, if you wanted, spam them)
  • Offers to include you in various Singles lists in your neighborhood
  • Offers for unlimited access to assorted pornographic websites for a limited fee
  • Offers to sell you (usually from some foreign pharmacy) medications either to enlarge various bodily organs or to enhance your sexual prowess by manifold
  • Notifications that your email address has surprisingly and suddenly won a great deal of money usually in a foreign currency
  • Notifications that some relative of yours (that you never knew existed) have expired leaving an untold sum of money for you, and all you have to do is provide your bank account details so that it could be transferred
  • And of course, the classic: notification from one or more Nigerian prince(s) similarly asking for your bank details so that you could be bestowed with a huge financial gift.
These final three types of Spam messages are also known by another name, Phishing. Wikipedia (that omniscient fountain of all knowledge) defines Phishing thusly:
Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators - a practice known as email spoofing - are commonly used to lure the unsuspecting public... it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. In addition, general spam as well as Phishing emails may contain links to malicious websites visiting which (by clicking the said link) invariably downloads malware (virus/worms, spyware, botnets, rootkits and so forth) onto the user's computer. A fascinating study (PDF) explains the tremendous local and global cost associated with spam.

Thankfully, most online email service providers (such as Google, Yahoo, and Microsoft) have become extremely efficient at catching these irritants and stopping them before they reach your inbox. By using sophisticated algorithms which even have the capacity to learn your preferences over time, these email systems are now able to block almost 99% of these malicious messages, sequestering them to a 'Spam' or 'Junk' folder in your account. Occasionally (in fact, I'd say, rarely) you may get a false positive, a genuine message (usually with offers from online stores you buy from) may be relegated to this folder. So, it's a good idea to give, every once in a while, the contents of your Spam folder a quick once-over. Even rarer is the occasion when one of these message escapes the Spam folder, landing in your inbox. There are various online resources (such as Wikipedia on Spam) that can help educate the user on how to recognize Spam.

Perhaps as a result of all these awareness-enhancing efforts, the Spam messaging industry seems to have suffered an intellectual crisis. Earlier, the Spam/Phishing messages used to be entertaining, and being able to recognize them posed some challenge and led to satisfaction if successful. But no longer. Quantity may have increased, but quality has gone down the drain. Spam/Phishing emails these days seem to provide no challenge whatsoever.

Take, for example, this Phishing email I had in my inbox.
Phishing email


Seriously? Chase Online "Fraud Prevention Team" writing me from an AOL account called 'aiadad'? Earlier the botnets used to randomly select addressees (to be put in the To: field) by substituting letters in all possible combinations in usernames. For example, they could take S-U-I-R-A-U-Q-A and keep substituting the end letter with the rest 25 of the alphabet and sending emails, sometimes striking gold if the sent email didn't bounce back - indicating a valid user account. And now... 'Smrfs'?

A dead giveaway is an official letter starting with the most generic form of address. 'Dear Cardholder', 'dear Customer' and so forth. Also, always look for odd spelling mistakes. And the cardinal rule of safety is to NEVER click on any of these weblinks (circled in red). What you should do instead is hover your mouse cursor over the links. If you use a modern browser like Chrome, Firefox or Safari, hovering the cursor brings up - generally, to the left corner of the status bar - the hidden URL (weblink) the text-links are pointing to. However, some web-based email systems, such as Google or Yahoo, would show you the content of the message, but automatically disable these weblinks.

Why on earth do the spammers even bother any more?

No comments:

Post a Comment