Dissecting a Phishing Scheme

Phishing is a scheme used by identity thieves to steal private information such as login credentials, credit card numbers, and social security numbers.  They impersonate legitimate websites such as banks and online commerce sites, and they use that facade to trick ordinary people like you and I into divulging the private information.

Phishing EmailJust today I received an email in my Yahoo account claiming to be Customer Service for PayPal, requesting that I update my PayPal account asap for security reasons.  The email seemed legitimate at first.  Check out the screen snapshot of the email (to the right) and be the judge yourself.  Upon further inspection, I noticed some subtle warning signs.  The email came from the acconuts.net domain and the reply-to email is set to pay@yahoo.com; nothing that suggest the email came from PayPal.

Phishing WarningFurthermore, the entire email is actually constructed as an image that’s hyperlinked to the Phishing site.  It’s almost impossible to click on the email body without getting redirected to the Phishing site.  Luckily, most modern Web browsers (I’m running Safari 4.0 and FireFox 3.6 on Mac OS X) have built-in security that detects and warns against visiting a Phishing site.  Notice the Phishing website’s domain name doesn’t match the domain name for PayPal (paypal.com), yet another warning sign.

In the spirit of  investigative journalism, I ignored the browser warnings and proceeded to visit the Phishing site.  The screen  snapshot (to the right) shows a website impersonating PayPal’s home page.  Upon further inspection, the site appears to be constructed using screen snapshots of PayPal’s website.  Very deceptive.  Unfortunately, if you try to login (please do not try it) with your credentials, you have just compromised your PayPal account.

So I logged in with a bogus Username and Password, and the Phishing site happily accepted it.  The site proceeded to request more information from me, claiming it will be used for identity verification purpose only.  The screen snapshot (to the left) shows a web form that attempts to collect the most sensitive and private information for verification purpose:  date of birth, mother’s maiden name, home address, bank name, credit card number,  ATM pin, and Social Security Number.  Are you kidding me?  Of course, I didn’t provide the requested information.  Here ends my investigative work.

Unfortunately, Phishing schemes and scams are becoming too prevalent.  By the time I published this blog (12 hours after receiving the email), I noticed the Phishing site had been removed.  Hopefully, the site was removed by the good guys before too much damage was done.  Regardless, I wrote this blog as a way of educating myself as well as my friends and family members who read my blogs.  Phishing come in various forms, and the identity thieves are constantly reinventing themselves.  To protect yourself, please become educated and be vigilant on the Web.

If you find this Blog useful, please forward it to others who may benefit from learning more about one of the most common threats on the Web.  Please feel free to share your experience in the Comments field below.

To learn more about Phishing schemes and ways you can protect yourself, checkout the following resources: