Did you see anything interesting online last month? Between blog posts, gaming sites, Facebook updates and breaking news, there was a lot to take in. One thing you probably didn’t see — if you are on an OpenDNS-protected network — were Phishing attempts.
Since we block these scammy and fraudulent Web sites, you might not realize how prevalent they are across the Internet. In July alone, we blocked almost one million phishing attempts. That’s how many times people on OpenDNS-protected networks saw the “phishing attempt blocked” page.
Even with the work we do to make sure you’re protected from seeing phishing sites, we can’t always catch everything. If you ever see a Web site or receive an email and aren’t sure if it’s legitimate, we’ve got you covered:
Five Easy Ways to Spot A Phishing Attempt
- Poor resolution: Phishing websites are often poor in quality, since they are created with urgency and have a short lifespan. If the resolution on a logo or in text strikes you as poor, be suspicious.
- Forged URL: Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Read URLs from right to left — the real domain is at the end of the URL. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed. Look out for URLs that begin with an IP address, such as: http://12.34.56.78/firstgenericbank/account-update/ — these are likely phishes.
- Generic greeting: Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one.
- Requests personal information: The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
- Sense of urgency: Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.
As always, we’re going to continue working on finding ways to improve the Internet and make it safer and smarter for our customers. For now, happy [and safe] surfing — and if you have a friend who could use protection from online phishing attempts, let them know about OpenDNS.
Travis Cunningham
Awesome article, I would recommend to anyone who is a novice computer user.
But thankfully, no one needs to worry (that is assuming they use OpenDNS
)
posted on August 4th, 2010 at 3:40 pm
Brad
Exellent guide, hopefully it will help spot more phishing attempts
.
posted on August 4th, 2010 at 4:13 pm
Steve
> Also, websites where it is safe to enter personal
> information begin with “https” — the “s” stands
> for secure. If you don’t see “https” do not proceed.
Is it actually the case that the presence of “https” at the start of the URL indicates the website is safe to enter personal information? I thought that all “https” signifies is that traffic is encrypted point to point. Can’t the bad guys do that as easily as a bank?
posted on August 5th, 2010 at 4:47 am
Chris
Steve,
yes they could however, that would be a much more elaborate scam which would involve spoofing certificate authorities among many other things.
the thing here is that a phisher wants to collect as much information as possible in as short a time span as possible with the least amount of effort.
Its not that they are lazy, it’s just that as soon you start creating more elaborate scams, the more you have to interact with other parts of the internet infrastructure and that means longer set up times, more precision in who gets selected for the attack, all of which creates more risk in relation to the benefit.
yes if you personally managed to piss off a group of serious crackers they can make your life very very problematic. But then its a precision attack and not a broadsword operation.
And why do a high risk low yield attack on you when they can make a high risk extreme yield attack on say the creditcard system of Walmart or IKEA. If you managed to steal all teh creditcard information from the sales of 1 hour at walmart or 1 hour at IKEA youwould end up with a few milion creditcards.
Now the credit cards are only good to you as long as the theft has been undetected otherwise the credit card companies will put the numbers on a special watch list and kill them off one by one as the thief tries to use them. Happens more often than you think.
I hope that explained some of the ways the organised crime of the internets work.
Chris
posted on August 5th, 2010 at 9:51 am