College of Veterinary Medicine

Phishing

The process of trying to acquire sensitive information such as usernames, passwords, etc. through fraudulent but genuine appearing e-mails designed to convince the recipient to reply with the requested information

Phishing is a growing problem. What can you do to reduce the likelihood of being a victim?

NO legitimate organization should EVER ask for your personal data online. If you receive an e-mail that appears to come from your bank, some bank, or some other organization saying that you need to click on a link or logon to some account for them to run a service for you, be VERY CAREFUL. If you receive such an e-mail, with a LINK attached to the message or space to input personal information (such as your userid or password), DO NOT PROVIDE THAT INFORMATION. The link will most likely either ask you to provide personal information OR by clicking on the link download a VIRUS or other malware onto your computer. If you believe the e-mail IS legitimate, before giving out your information, call your bank - use the phone number you KNOW is your bank, not one that might be in the e-mail you received.

How do spammers phish? Basically, through CLONE SITES and KEYLOGGERS. Here's information via Softpedia™ on how to stay safe against both phishing methods.

In the case of spamming, phishing in particular, the best medicine is PREVENTION: Remain vigilant. Be informed. This is a classic cat and mouse game and the rules are constantly changing. Your Veterinary Information Systems team will do all they can to keep you informed and to use the latest methods to reduce the likelihood that you will receive these emails. Unfortunately, we cannot eliminate ALL of them, however, so you really need to take personal responsibility as well.

What can you do? In addition to being vigilant and staying informed, users can harness the power of their junk mailbox tool in their mail client. The VIS Helpdesk would be happy to help you set this up on your system. You can contact them at VIShelpdesk [at] cvm [dot] osu [dot] edu or 292-4146.

Clone sites

A clone site is a fake website that looks identical to the official one; the clone site will ask you for your personal information. Avoid doing this! It's generally a phishing attempt. But if you think that your bank or other organization might have legitimate reason to ask for this information, then go to the bank site through the usual link you use in the browser, and not by following the one in the e-mail. Many organizations state that they will never ask for your personal data online, so pay attention and do not disclose your info on sham sites!

Keylogger issue

Clicking on dubious links included in e-mail messages could infect your machine with a virus that will record anything you type, thus stealing information. This is why you are advised to always have active anti-virus protection on your computer.

Phishers will pretend to be high profile companies - don't fall for their scams! Whenever you get an e-mail that asks for your personal data be very suspicious - if it has a link, don't click it. Instead, visit the site of the firm the mail seems to be from or phone them directly. If it is not a firm you normally work with, it is likely that a phisher is after your personal information. Don't give it out!

Example keylogger

From: customerupgrade customerupgrade [mailto:customerupgrade [dot] customerupgrad [at] gmail [dot] com]
Subject: WEBMAIL USERS Maintenance Notice

WEBMAIL USERS Maintenance Notice

This message was sent automatically by a program on Webmail which periodically checks the size of inboxes, where new messages are received.The program is run weekly to ensure no one's inbox grows too large. If your inbox becomes too large, you will be unable to receive new email.Just before this message was sent, you had 18 Megabytes (MB) or more of messages stored in your inbox on your WebmailTo help us re-set your SPACE on our database prior to maintain your INBOX,you must reply to this email and enter your: Current

User name:{ } and Password: { }

You will continue to receive this warning message periodically if your inbox size continues to be between 18 and 20 MB. If your inbox size grows to 20 MB, then a program on Bates Webmail will move your oldest You will continue to receive this warning message periodically if your inbox size continues to be between 18 and 20 MB. If your inbox size grows to 20 MB, then a program on BatesWebmail will move your oldest email to a folder in your home directory to ensure that you will continue to be abletoreceive incoming email. You will be notified by email that this has takenplace. If your inbox grows to 25 MB, you will be unable to receive newemail as it will be returned to the sender.After you read a message, it is best to REPLY and SAVE a copy.

Thank you for your cooperation.Webmail Help Desk
email: upgrad_account001 [at] hotmail [dot] com*

* NOTE: This is a keylogger example; clicking on this will send a message directly to the spammer.

Note

In a higher education institution, like OSU, once a person surrenders their userid and password, the phisher has access to probe deeper in the organization. They are after soft targets - users unaware of phishing practices, to get to hard targets - security systems, financial, and other enterprise systems to cause damage or gain financial or other rewards. Don't enable this behavior by being inattentive.

Anatomy of a PHISHING ATTEMPT

Additional examples

From: First Last <____________> ← some bogus name and email address that changes automatically
Date: July 13, 2009 3:24:35 PM EDT ← date may or may not be relatively recent
To: <____________> ← could be your address, or some other address

Subject: Warning Storage quota full ← some alarming subject is usually used, followed below by some alarming text, indicating impending doom if action is not taken

Your mailbox quota has been exceeded the storage limit which is 20GB
as set by your administrator. You are currently running on 20.9GM.

You may not be able to send or receive new mails until you re-validate
your mailbox.

To re-activate your account please click the link below

<____________________> ← this will be a link to a domain. It could be rather lengthy. It will likely have a series of alphanumeric characters in it as well. DO NOT CLICK ON THE LINK!!

Thanks and we are sorry for the inconviniences ← usually, but not always, words will be misspelled or poor grammer will be used

Localhost ← could be signed by in any number of ways - helpdesk, customer account manager, person's name, etc.
From: Mail Administrator [mailto:edu [dot] 11 [at] maillier [dot] com]
Sent: Friday, February 06, 2009 7:04 AM
To: @localhost
Subject: [Spam] Confirm Email Account

This mail is to inform all our webmail users that we will be maintaining and upgrading our website in a couple of days. As a Subscriber you are required to send us your Email account details to enable us know if you are still making use of your email Account.

Be informed that we will be deleting all email account that is not functioning to enable us create more space for more users. You are to send your email account details which are as follows:

*User Name:
*Password:
*Date of birth:
*webmail Login:

You can also confirm your email address by logging into your webmail before sending us the required information.

WARNING: Any one that receive's this email and fails to respond to the mail will be deactivated immediately from our database.

From: Webmail Help Services [mailto:tech-support [at] osu [dot] edu]
Sent: Thursday, February 05, 2009 9:59 AM
To: [Removed]
Subject: VERIFY YOUR WEBMAIL ACCOUNT

Dear Subscriber,

To verify your Webmail Account, please reply to this email by sending your Webmail email address, follow by #, then your PASSWORD(example:"mrsmith [at] osu [dot] edu#password"). Failure to do this will immediately render your webmail account inactive.

Thank you
Webmail Help Services

From: "Reyes, Lorena"
Date: Sat, 04 Apr 2009 08:23:11 -0500
To: "<Undisclosed recipients: ;>"
Conversation: Email Alert!
Subject: Email Alert!

We are contacting you to remind you that your mailbox access has been limited due to unusual activity detected in your mailbox.

Your access will remain limited until this issue has been resolved. To resolve this problem and have your mailbox restored, please contact your System Administrator through email with your logon details {Username and Password}.

System Administrator
E-mail: customer-care-accounts [at] live [dot] com

You will continue to receive this warning message periodically until your mailbox is restored.

This email is intended only for the use of the individual or entity to which it is addressed and contains information that is privileged and confidential.