OFFICIAL SECURITY BLOG
August 6, 2012 | BY Adam Kujawa
A new phishing scam is going around and trying to grab user log-on credentials for popular banks like HSBC, Lloyds TSB & Chase. The phishing emails advertise one of the following reasons in order to trick the user into clicking the provided link:
Thanks to our research team, we have identified new servers running phishing websites which pretend to be the banks listed above. These servers were quickly noted as malicious and are being actively blocked by our Website Blocker Software available to Full Versions of Malwarebytes Anti-Malware. In order to show you what kind of unique yet somewhat familiar domain names are used by the scammers, here is a short list of some of them:
While these names might not fool most users who are familiar with the domain names of their banks online service, it might fool people who haven’t really paid attention or think that the names sound legitimate enough to be real. Thanks to FraudWatchInternational.com, we can provide you with some screenshots of what these e-mails look like, how legitimate the phishing sites appear and how to easily spot them.
As you can see from the above image, the phishing email appears legitimate by its use of:
I mentioned in the blog series ‘Phishing 101’ that phishing e-mails used to be easy to spot, with spelling errors, poor formatting. etc. You can see now that it is clearly not the case as it would be very difficult to tell that the above e-mail was not legitimate.
Security Tip: The best method of determining the illegitimacy of a phishing e-mail would be to mouse-over the links and determine where they are going to take you if you click them. If the URL is something legitimate like “chase.com/accounts.php” then go ahead, if it’s something like “bank-chase-ny.com/site.php” then it might not be legitimate and it might be a good idea to just navigate to “Chase.com” on your own through your web browser. Also, never believe what the e-mail text says the URL is, only check what your browser or e-mail client says it is by looking in the lower left or right hand corner of the window for the true link to be displayed.
The website which you are directed to is just like the e-mail, it looks like an identical version of the actual Chase website, complete with quick links on the right, color scheme and format. The thing that gives away this scam easily, beyond the fact that the URL is completely false, would be the lack of a secure connection to site.
Security Tip: Always remember to check for the lock icon, the color green or the use of ‘HTTPS’ in the beginning of the URL when browsing any website which requires you to enter personal information. This can not only be a sign of attempted phishing but also any information you input could be sent via clear-text over your network and can be intercepted.
Phishing is always going to be around, in one way or another, for the rest of our lives. The best way to combat it is not to buy a fancy e-mail scanner or live your life in a bubble, never opening e-mails but to just make common computer security practices as natural for you as looking both ways when crossing the street. If you are always suspicious of e-mails or the links provided by the e-mails and you take caution by making sure you don’t click on anything you shouldn’t click on or submit any information to an unsecured site, you are already 90% less likely to become a victim of phishing attacks. To find out about these methods of protection and learn more about phishing, check out my blog post series ‘Phishing 101’
To cover the other 10% it is a good idea to use something like the Malwarebytes Anti-Malware Website Blocker which can prevent you from accidentally going to a known phishing site if you accidentally click the wrong link. Our Research team work 24/7 to keep our detections and definitions up-to-date and protect our customers. Good luck and stay safe!