Phishing Support

I could go fishing here

Who here has heard the term phishing before? In a nutshell, an unscrupulous person tries to trick you into divulging personal information to gain access to accounts you hold. Quite often this is to try and break into your eBay, PayPal, of even Bank Accounts.

One of the key things to look for in a suspected phishing attack, is that the sender of the message matches the correct url. If you receive an email from gfox@somebadplace.com, and it tells you to login to your muddylaces account, but the url provided goes to somebadplace.com, you should not do it. Pretty simple you would think, but some people have found bugs in popular web browsers, and this can mask the true url. These fakes sites are often very official looking replicas of the original site. They could mimic the bank’s website, tricking you into thinking you are logging in there when really the fake site has just collected your account number and pin. Scary thought.

How do you avoid falling into this trap? You can do a few things. If you are instructed to login to your account at website y, open your webbrowser, and manually type the url for y (ie, do NOT click the link in the email). If you really want to click the link, ensure that the destination to arrive at really is the correct place. Using bookmarks is a good practice too. What’s the difference between flipper.com and fl1pper.com? Subtle, but easy to miss.

With this in mind I will relate a strange story. Last week one of my credit card’s sent me a mailing telling me that they had just released their first ever website for managing your account. It is the normal stuff like seeing what charges are outstanding, seeing your current bill, etc. I signed up, gave my email address, and used the site a couple times. Let’s call this company smartcard, and assume their website is smartcard.com

checking out the fishing hole

Yesterday I got an email saying my latest statement is ready. I opened the email, and the contents made me curious. The sending email address was smartcard@smartcard.ghi0.com. Hmm, that is not the domain I created the account on. In the email it quotes the last 4 digits of my credit card. All links to the companies website end up going through ghi0.com, and most of them seem to have some kind of tracking token (most likely to see which link I clicked). It’s weird, everything in me says it is a phishing message, but it arrived right when my paper bill was mailed to me. I haven’t clicked any of the links either. Perhaps the ghi0.com is just a redirecting service. Perhaps this email really is what it says, and everything is on the up and up.

As as test I entered smartcard.ghi0.com and ghi0.com into the browser url. Empty web pages are returned. This is another red flag for me

Let’s examine the 2 scenarios.
1) This is a phishing attempt. I am doing the right thing by not clicking the links. I should just delete the email, and maybe wait to see if it happens again next month.

2) It is legit, and from smartcard. If this is the case, then I really don’t want to be using their website. This is bad web practice. It screams bad idea to me. It screams phishing attempt. If I were to receive a phishing message, how do I then distinguish between it and this email? What other bad practices are they using? I want to write to customer support and tell them just how bad this is. I can’t trust them anymore.

Please note: I have changed names and url’s to protect myself (more or less). No need to inform people who I bank with.