Friday, May 6, 2005

No Phishing Zone

Got a phishing email yesterday.  It was different from most phishing emails I'd received in that everthing in it was spelled correctly.  But still, I could tell it was Phishing.

It claimed to be from PayPal.  (And the "From" didn't contain an email address -- it just said it was from PayPal Support.)  Told me that there was some unauthorized activity on my PayPal account (how would they know?) and I should just click on this link and verify my account information.

Here's the beauty part:  The link I was supposed to click on was spelled out, and the URL was a perfectly good secured link to PayPal.  On the other hand, when I ran my cursor over the link, it showed me where it was ACTUALLY linking -- and that wasn't PayPal at all -- that was someone's private website which would (I have no doubt) spoof the PayPal site and collect all my financial information.  Sneaky.

Now, there were plenty of reasons I was suspicious of this email.

Not the least of which being that I don't have a PayPal account on the screen name to which this email was sent.

Also, I could not make it disclose the email address from which it was ACTUALLY sent -- something a real PayPal email would never do.

The fact that the link didn't actually GO to PayPal was just icing on the cake.

Got me to thinking.  I know that AOL takes a very aggressive attitude against spammers and phishers.  And that it does LOTS of things to educate its users against spammers and phishers.  And also does things like automatically disabling links in incoming mail in order to prevent users from falling for this.

But I started thinking that the REASON phishers get away with stuff like this is that they're ABLE to hide both their real originating email address AND the true destination of any email links in the message.

I imagine a phisher would be totally powerless if AOL automatically noted the TRUE originating email address next to the name the sender wants to use -- and/or automatically inserted the TRUE destination of any link right next to the link.  I mean, would anyone click on a link to "Paypal Member Info" if, right next to it, in parentheses, there was a URL for "Joe's Website"?

Do we have this technology?  Any reason we're not using it?

4 comments:

annalisa135 said...

Thank you VERY much for this heads up.  Definitely will be remembered!

andreakingme said...

Haven't a clue about whether or not this kind of technology exists, but you know what? Even if it did, I bet the ... hackers/phishers/waste-of-skin-and-bone cretins would find a way around it.

There! How's that for optimism?

olddog299 said...

Simple questions -- complicated answers that I'm going to simplify to No and No.

The anonymous mailing address is inherant to how addressing works and would require a total overhaul of the numeric to alphanumeric system in place now.

The whole purpose of the HTML (HyperText Markup Language) Standard, to standarize addressing procedures for WWW, FTP, eMail and other forms of Addresses is to allow the nitty-gritty of the numeric and alphanumeric addresses to be hidden for the average user in favor of the generic address - i.e. instead of a URL (Universal Resource Locator) of "http://127.12.170.264" or "ftp://members.aol.com/olddog299/images/sampleimg.jpg"
you can have in your text "Click to see picture" -- take that away and YOU would need to be able to remember all of the addresses of all sites you visit in their entirety, instead of remembering "ebay.com" as the general link to get you to eBay. Does that make any sense?

Finally, as Andrea pointed out, change the system and the evil ones will find a workaround while complicating the use of the Net for the rest of us. Sad to say, evil will always be with us -- it's our job as good people to fight against us. It's just the dualistic nature of existence...

nzforme said...

Thanks for the answers, wil -- I've got a follow-up question on the second one.  When I'm looking at the email and I see a link the says, for instance, www.ebay.com, and I run my cursor over the link, I get a little pop-up (or a notation at the bottom of my screen, depending) which tells me where the link ACTUALLY goes -- that is, whether it really goes to ebay.com or if it, in actuality, goes to journals.aol.com/olddog299 (or whatever).  I think all I'm asking is why can't THAT information be automatically inserted in the email next to the link?  I mean, the computer obviously KNOWS where that link is pointing -- it's able to put the info in the pop-up.  All I'm asking is for that information to be automatically inserted into the email.  I think it might help save the less pro-active among us.