Avoid Phishing on Hotmail

Phisherman? What is a "phisherman"? A phisherman is a person who goes phishing! And phishing is all about someone (either an individual or a group of people) creating fake websites that look like the real thing. The idea of phishing, is to trick people into giving up their personal login or financial data. To do this, a phisherman trys to lurer an individual into thinking that they just received a message from a legitimate website. The phisherman then tries to get that person to enter their financial or login data by requesting them to complete a form, or re-enter their login id and password, and more.

If the phisherman succeeds in acquiring that persons' financial information, the phisherman can then impersonate that person (financially speaking) to obtain goods and services in that persons name. The individual that has been tricked into giving out their financial data will become responsible for any and all purchases that the phisherman makes.

Unfortunately, phishing is something that is very common on the Internet. But it is also very easy to detect and avoid. You just have to know what to look for. Here is an example of phishing that I received via my hotmail account.

WARNING!!!
PHISHING EMAILS MAY CONTAIN VIRUSES, TROJAN HORSES AND OTHER DESTRUCTIVE COMPONENTS. DO NOT OPEN ANY EMAIL YOU SUSPECT OF BEING SOME TYPE OF PHISHING! TO ENSURE MY COMPUTERS SAFETY, I MADE SURE THAT MY FIREWALL, ANTI-SPAM, ANTI-VIRUS AND ANTI-SPYWARE WERE ALL UP TO DATE WITH THE LATEST VERSION OF SOFTWARE AND THE LATEST SIGNATURE FILES. FOR THIS TEST, MY PROTECTION SOFTWARE CAPTURED A KEYLOGGER, AND AN INTERNET TRACKER SPYWARE, ALONG WITH SOME ITEMS MY ANTI-SPAM FILTERS BLOCKED.

I use Hotmail.com for communications I do on the Internet.  One day, I received this email titled, "Lockout Your Email".

When I first saw this message, I was wondering what Hotmail.com was up too!  I have not done anything that would warrent Hotmail.com to lock my account, so I was curious to find out why Hotmail was going to lock my account.  Here is the body of the actual message I received ...

This email wants me to confirm that I am the correct owner of this email address.  To prove it, the email asks me to click on the link provided within this email, and login to my Hotmail account.  This is to prove that I am the correct owner.

But the first thing I notice about this email message (beside some miss-spelled words) is that it has a link in it pointing to the domain of live.com!  Live.com does resolve to my Hotmail.com account, but since I am already logged into my Hotmail account, I should not have to log into it again to correct an ownership problem.  After all, I am already logged into my Hotmail.com account which is the proof the email message wanted me to do.

To show you that this is a phishing email, please note the following things that I will point out:

1. I move the cursor over the link and RIGHT MOUSE click it.
2. I select the menu option: Copy Link Location
3. I open up a new text file.
4. I paste the copy link location into the new document.

Let me show you the actual link that the browser would go to if I would have click the link.

Here, ... I'll copy and paste the link into this article. Looking at the text in the link, we both see something familiar and something unknown.

http://login.live.hotmail.msn.livesecurity.microsoft.strate-g-tick.net/default.aspx

Notice how the link does NOT look like the link that is displayed in the article. The link in the article shows: http://login.live.com/login.srf as the place you will go to login for hotmail.

http://login.live.hotmail.msn.livesecurity.microsoft.strate-g-tick.net/default.aspx

The actual link points to something altogther different; even though it has the words hotmail and msn and microsoft in it.  That is what the phisherman hopes you will see.  But what about the rest of the link.  Lets look a little bit closer.

It is the rest of this link that is very important.

http://login.live.hotmail.msn.livesecurity.microsoft.strate-g-tick.net/default.aspx

The portion of the URL "strate-g-tick.net" is the part that will take you to the phisherman's fake website.  Why!?  The domain name of this URL is "strate-g-tick.net"; not "hotmail.com". When you look at the URL, the part that tells you the domain you are working with is last two words followed by the "/" symbol.  In the case of hotmail, it should end with "hotmail.com"!

To understand this better, you need to understand the difference between a domain name, and a subdomain name.  Take a quick look at the URL in the address link of this browser. You should see the link you are currently using to access this article.  The domain this article is loaded from is "hubpages.com".  Anything in front of "hubpages.com" but after the symbols "//" is referred to as a subdomain.

The subdomain is a subset of the real domain.  For example, in the URL: http://www.example.com; the domain name is example.com, and the subdomain is the "www" part.

One thing that you and I can do to prevent ourselves from falling into a phisherman's net is to be able to identify the domain that you want to access.

Some domains end with the following types:

• .com
• .org
• .net
• .gov
• .edu
• .name
• .tv
• .info
• .co.uk

For example

Here is a list of domain names.

• hotmail.com
• hubpages.com
• google.com
• xprize.org

Now, here is a list of domain names with subdomains.

• www.hotmail.com
• inbox.hotmail.com
• www.google.com
• business.google.com
• visiting.my.friends.mypartnersandme.net
• correct.data.at.hotmail.com.protectinfo.net
• update.data.now.hotmail.com.protectinfo.co.uk

Some phisherman try to confuse the issue by including the full domain name as a subdomain within the phisherman's domain name. Do not be tricked by this. If you are accessing hotmail.com, then the text "hotmail.com" should be the last part of the domain name.

In the above example "correct.data.at.hotmail.com.protectinfo.net", although hotmail.com is shown in the URL, it is not the real hotmail.com website. It is just a subdomain created inside of the domain name of protectinfo.net, that could be made to look just like hotmail.com in every way. To the "un-instructed in the ways of a phisherman" they could easily believe that they are logging into the real hotmail.com. But in reality, they are giving an identity thief their login name and password to their real hotmail.com account, and any other information that the identity thief may request.

Oh! One last thing. If you see an email message like this in your inbox, it is best not to click on it. The email may also contain a virus. And a computer virus is one head-ache no-one needs.

When it comes to phishing, here are some best practices you should follow:

1. Do NOT open the email. Just delete the email message and be done with it.
2. If your email program marks the message as junk, then it probably is Junk!
3. If you do open the email, remember to run your virus scanner (on your whole system) when you are done.
4. Red Flags to watch for:
   • The email ask you to either update or verify your login data.
   • You are asked to click a URL link contained within the email message, verify the link is going where you expect it to go. Use the above procedure to determine what the URL Location is by copying the URL Location into a blank document for further analysis.
   • The email comes from a source that you do not recognize.
5. Just delete the email! I put this here again to make sure you did not miss this important point.

By knowing what to look for and applying the steps listed above, you and I can spot a phisherman at a glance. And, by identifying the net that a phisherman uses, you and I can avoid being caught on the hook, of a phisherman's net.

NOTE *** Do NOT visit the website of a phisherman, it will look just like the actual website that they are impersonating. So, any data you enter (like a user name and password) will be captured and stored for the phisherman's later use. In other words, you will have given your login identity to an identity thief!

If you are creating a computer security policy, you could include this as either a policy or instructional procedure point.