Phishing

[limbo]

Emails that try to get you to give up your bank details, credit card details, atm details etc, in general called phishing, if one opens such a link, is there any danger in the 'phisher' accessing info on your computer, just by clicking on the link provided in the email send to you?

[Weird]

Technically.. Yes. Depending what browser you use, what features (compromising security) you have on/off, etc.

 

Realistically, the chances they are that the people phishing are that good.. no, but are you willing to risk it at all?

 

I've crafted such types of links myself to see if they were possible. One such type of attack is a CSRF attack or XSRF attack. It tricks your browser into sending data with legitimate cookies from your computer to a legitimate site with whatever data they choose; allowing them to access websites YOU have access to with YOUR access.

 

But again, the chances of getting hit by such an attack through an e-mail is very low. Now the chances of getting hit through that type of an attack through a forum.. the odds go up significantly.. yet I wonder how many people on this board are careful about the links they click

[limbo]

Cheers Wird,

 

Thanks for the info. Clicked on such a link and it was a real cunning one, I thought I knew tham all!

 

Emailo from my bank with all the right logo's etc etc in the right place. Had me going for a moment and I clicked the link but no more.

[shygye]

There is another type of scam, where people have put up websites with very similar names.

 

papajohns.com

papajons.com

 

Be careful of your spelling!

[limbo]

Yep,

 

There's pages that warn you for these scams, as listed on the Bank of Ayudhaya home page.

 

He had an adress that had a Bank of Ayudhaya URL, it seemed, but putting the curses over it showed a very different URL.

 

It looked like he real stuff. I'm gutted that I almost went for it.

[carlton68]

IE7 and Firefox offer some protection against Phishing. This can't be 100 percent protection so better be careful.

Better never click on any link in emails that should take you to your banks website (or paypal or whatever).

If you do on-line banking or use paypal then create a bookmark to the site and only ever use these bookmarks. That might be not as convenient as clicking on a link provided in an email, but sure is safer.

[gene1944]

One of my banks, recently asked me to add a personal question/quotation that appears on their home page whenever I open their site.

 

If that comment does not appear when I access their website, it is not their official site.

 

Not very sophisticated but it is at least a start.

[Weird]

Becareful, just highlighting your cursor over a link doesn't necessarily show the correct link. It is very easy to change the description of a link through html.

 

For example:

 

Your linked text

 

Taken from:

 

http://www.web-source.net/html_status_description.htm

 

That would create a link to http://www.domain.com and whenever you highlight it, it would show "'Your text description" at the bottom left.

[limbo]

That's exactly what this guy did, other than that, he used the original pages lifted from the Bank of Ayudhaya website.

 

Very cunning.