Date: 2004-07-13 15:35:00
Tags: spam
phishing scams
As you may have noticed, I pay careful attention to various kinds of spam and junk email that I get, including phishing scams. There has been a huge increase in phishing scams recently, notably targeted toward Citibank, eBay, and PayPal. They are easy to recognize, usually an unsolicited message from a trusted financial organization asking you to verify a bunch of personal details for some reason or another.

Although my various email filters are pretty good at stopping these before they reach my mailbox, occasionally they slip through. I usually breeze past the usual Citibank/eBay/PayPal ones, often stopping to marvel at how the phishers have become more and more clever in hiding their true intentions.

However, I recently received such a phishing scam purportedly from my own bank. Of course this was just like the others, with "Your account has been suspended" and "...involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations." But I was surprised to find that my personal reaction to this was much stronger than for the other ones I've received. Some tiny part of my brain was saying something like "what if it IS true?"

I quickly inspected the message and the URL on which it asked me to click actually went to some server in South Korea (although it appeared legitimate on the screen). I received this phishing message several days ago, and the phishing server is still online. Sure enough, going there in a browser produces a web page that exactly replicates the look and feel of my bank's usual login page. Entering login credentials there would post them back to the phishing server, letting somebody else log in to my accounts. Of course I didn't enter any info there.

Anyway, back to my personal reaction to this message. I'm now less surprised that people do fall for these scams, because receiving something from an organization that you trust with your money elicits a very different emotional response than say, a Citibank phishing scam (if you don't actually have a Citibank account). It was alarming, yet I knew it was fake. I did log in to my real bank account to make sure that they really didn't lock me out of my account.

I checked with my bank's web site and they already have this particular email listed as an example of a fake phishing message. However, since the phishing server is still online after 5 days, I submitted a report giving details of the compromised server.
I had a similar reaction to a PayPal one because a few days prior to receiving the email I had been trying to figure out if my old PayPal account had ever been properly activated, so had emailed their help desk. It took me a few minutes to realize that the phishing email had been sent to my work address, which I no longer use for personal web stuff (and hadn't used for PayPal).

I notified our sys-admin who sent out a renewed warning to staff about such emails.
Greg Hewgill <>