Internet Scams - Phishing Internet Scams - Phishing
I have seen a lot of phishing email scams over the last couple of years. Phishing is, of course, email pretending to be from some financial institution, asking you to update your account information for some, invariably bogus, reason. And then, the site that you are directed to takes your userid and password, and cleans out your account. Some of the better ones make their sites look just like that of the financial institution, complete with graphics and links to real parts of that site.
Invariably though you can recognize them by the fact that, no matter how well hidden, the link doesn't go where it is supposed to. Indeed, almost always, the domain of the link is a raw IP address, instead of the expected eBay.com, PayPal.com, etc.
So, I just got one that claims to come from eBay, that had an interesting twist on this. Instead of having an IP address of 195.66.170.209, it had one of 0303.0102.0125321. If you look at it closely, the 195 and the 66 have been converted to octal, and the 170.209 have been combined and also converted to octal (hence the leading zeros). Browsers naturally handle this, but not Whois. I had to use the translated address to get to the whois record for the IP address (nicely available through one of my Firefox extensions), and it comes from Montenegro, and the site itself is Montenegro Seismological Observatory. Presumably, they have been hacked.
Invariably though you can recognize them by the fact that, no matter how well hidden, the link doesn't go where it is supposed to. Indeed, almost always, the domain of the link is a raw IP address, instead of the expected eBay.com, PayPal.com, etc.
So, I just got one that claims to come from eBay, that had an interesting twist on this. Instead of having an IP address of 195.66.170.209, it had one of 0303.0102.0125321. If you look at it closely, the 195 and the 66 have been converted to octal, and the 170.209 have been combined and also converted to octal (hence the leading zeros). Browsers naturally handle this, but not Whois. I had to use the translated address to get to the whois record for the IP address (nicely available through one of my Firefox extensions), and it comes from Montenegro, and the site itself is Montenegro Seismological Observatory. Presumably, they have been hacked.
Labels: Cyber/IP Law
9:14 AM Display: Full / Chopped / Footer
0 Comments:
Post a Comment
<< Home >>