Protecting Yourself From A Phishing Site

Share This:

The other day my mother called me.

She was kind of concerned about an E-Mail she received from Facebook. The E-Mail looked legit. The odd part which concerned her was that it was an E-Mail from Facebook sent to her E-Mail account that isn’t attached to Facebook. This was the only thing that caught her attention.

The E-Mail said the following.

Hi Mom
John Doe wrote on your wall.
John Doe wrote: F*** you a** hole

As you can see the E-Mail looked very similar to a Facebook notification E-Mail that you would get if you had that notification turned on. And someone posted a comment on your wall. So I’m pretty sure judging by mothers line of questioning that she wouldn’t have thought anything about this E-Mail if it was sent to the correct E-Mail address. Luckily it wasn’t.




After asking her who the E-Mail was from she would tell me it was from Facebook. However looking at the E-Mail you could see that it clearly wasn’t from Facebook. The address that it came from was [email protected] Not facebook.com

This is a perfect example of how phishing can happen. Now in this E-Mail their was link. And if you clicked on it you would get directed to site that looks a lot like Facebook. What do you think would happen if you went to log in to this site. Well it all depends how the phishing site was setup. However almost all of the time the site will collect your E-Mail and password for the phisher to use against you. However what will happen after you enter this information can vary.

Sometimes it will forward you over to the official Facebook website. Other times it may tell you wrong password. Other times it might just throw out an error message. But it really wouldn’t matter at this point because fact is by this time the phisher has gotten your login information.

So how easy is it create a phishing site. Honestly it really is to easy. I was preparing to make a You Tube video on just this subject not to long ago. However I never went threw with it. The reason for this was simple.

I purchased two domain names. One domain was login-facebook.com the other was logon-paypa1.com Notice that neither of these domains a really Facebook or Pay Pal. I also made a point in spelling Pay Pal with the number 1 instead of the letter L. I did this to show how people can use characters that to deceive people.




I never got an E-Mail from Facebook about the domain name I purchased. So I could do the video with that domain name. However I got pretty threatening E-Mail from Pay Pal. The address from the E-Mail was [email protected] Trust me it was legit. I even checked the IP address of the sender to see if it matched the location of Pay Pal and eBay. The contents of the E-Mail said

On 4/4/2012 12:28 PM, [email protected] wrote:
It has recently come to our attention that you have registered the domain name login-paypa1.com , which contains the famous PayPal name and trademark, but are not currently operating a web site under that domain name. We are concerned that you may intend to use this domain name to violate PayPal’s trademark rights, and warn you not to do so.

As you must know, PayPal, an eBay company, is the world’s leading provider of online payment services. PayPal has used the name and trademark “PayPal” since 1999 and it is now one of the most famous brands in the world. PayPal enjoys broad trademark rights, which are protected in many countries around the world.

Use of your domain name may infringe and/or dilute the famous PayPal trademark. Infringement occurs when a third party’s use of a company’s trademark (or a similar variation) is likely to confuse consumers as to the affiliation, sponsorship or endorsement of the third party’s services. Trademark dilution occurs when a third party’s use of a variation of a company’s trademark is likely to lessen the distinctiveness of the company’s famous trademark.

U.S. federal and state laws, including the Anticybersquatting Consumer Protection Act provides for serious penalties (up to $100,000) against persons who, without authorization, use, sell, or offer for sale a domain name that infringes or dilutes another’s trademark. Infringers who have been notified that their use is infringing, but do not cease, may also be considered “willful” and could be subject to additional money damages and liability for attorney’s fees. Having received this email, you are on such notice.




While PayPal respects your right of expression and your desire to conduct business on the World Wide Web, PayPal must enforce its own rights in order to protect its valuable and famous name. We appreciate that you may have registered login-paypa1.com without full knowledge of the law in this area. However, any use of the domain name (or attempt to transfer the domain name to a third party) in the online commerce field would likely infringe the PAYPAL trademark and would cause PayPal to pursue all available remedies against you. Under the circumstances, we must insist that you immediately stop using the domain name, not sell, transfer, or offer to sell the domain name to any other person, and simply let the domain name registration expire. In the meantime, the domain name should remain inactive and should not point to any content.

Just to be clear, PayPal does not desire to interfere with any legitimate business you may be conducting. We are simply asking that you offer those legitimate services under a name, mark and domain name that is not likely to confuse consumers to believe that your company on one hand and PayPal on the other hand are related and/or affiliated.

Please reply to this email and confirm that you will comply as requested. If we do not hear from you, we will have to take whatever action necessary to protect PayPal’s rights.

Thank you for your anticipated cooperation.

Sincerely,

Edith
eBay Legal Department

This is most likely that to many people have already attempted to purchase domain names like the one I purchased for sole purpose of creating a phishing site. It also shows me since I didn’t get an E-Mail from Facebook. That such threats aren’t as common yet for Facebook.

So now that I have the domain names. I now need to create site that looks exactly like Facebook. That really isn’t to big of a problem. Theirs a few ways to do this. All of which are free and extremely easy to do.

One way is to simply Right Click on the web page, and choose the option that says Save Page As. This will copy all the contents of the page onto your computer. When you navigate to the page on your computer and open it up in your web browser you will see page that looks exactly like the real thing. Except this one is on your computer.




From their the only thing you would need is to modify the part of the page that has the Login boxes. Just add your own PHP code. Then upload the page to a server of your choice. Then start luring people to it.

Now their are a lot of people out their that say things like. Well I don’t have any important data on my Facebook account. So it really doesn’t matter if it gets attacked.

First of all I will state that I have quite few Facebook friends that already give out way to much information on their Facebook profile. I can navigate to their profile and I can see that they have listed their birth date, and the location that they where born. Not only this they will post thousand of pictures of themselves as well listing their sex and family members.

This shows they are to trusting and nieve. Just knowing the birth date and the location that the person was born can give more then enough information needed to obtain a their social security number. So how can people find out your social security number by knowing these little peaces of information that you have listed on Facebook.

It’s simple. You just have to know how a social security number works. A phisher who knows this information can easily obtain your social security number by simply doing basic math and process of elimination.

First the social security number is nothing more then a serial number that identifies who you are. This number is usually broken up into 3 parts. Which look like XXX-XX-XXXX. The first three numbers are known as the area. As in the area you where born, or more recently with certain changes the area of which you received your Social Security number.

The second two digits known as the Group. These numbers determine if number has been assigned. So what does this mean well every month, the Social Security Association publishes a list of the highest group assigned for each AREA. The order of assignment is odd numbers under 10, even numbers over 9, even numbers under 9 (except for 00, which is not used), and odd numbers over 10. So, for example, if the highest GROUP assigned for AREA 999 is 72 then you will never have a social security number that looks like 999-04-XXXX will not exist. Because groups under 9 haven’t been assigned yet.




This leaves the third part of social security number. This part is called the serial which is simply randomly generated. These four digits can be quickly figured out by simply guessing. Their for a lot of times finding out someones login information on Facebook isn’t even needed. However if obtained can cause even worse damages, not just to you but to everyone who is your friend on Facebook.

Once a social security number has been figured out. Then counterfeiting a social security card as well as five other points of identifation are extremely simple to do, and can be done with a color printer, and some paper clips. Then you can walk into a place that issues State Identifications and get real state ID. You can also get credit cards and more.

People call me paranoid. In this day and age you need to be. Protect yourself on Facebook.