The holidays are upon us, but it’s not all gift giving, tree trimming and eggnog drinking. This is also the time of year when scammers come out in force. While OpenDNS is the single best way to protect yourself and your loves ones from phishing and forgeries, education is key. To complement our great phishing quiz my colleague Erin posted about here, we’ve compiled a list of the most common, and tricky, holiday phishing scams. Brush up, take note and avoid getting duped.

Scam: Air Travel Deals

With so many travelers still scrambling to buy last-minute air tickets, it’s important to be extremely careful when clicking through to an airline’s website from a promotional email. Phishing websites like this one spoofing American Airlines are not legitimate. The URL for this one, www.aa-advantager.com, is the giveaway — even though it’s close to the real domain (www.aa.com).

Scam: Holiday Shopping

If you’re like me, you’re doing most of your holiday shopping online this year. So it’s no surprise that scammers are spoofing websites like eBay (one of the most spoofed brands in phishing scams all year long) and trying to trick shoppers into entering their login credentials. When doing shopping online, the safest way to get to your destination site is to type its URL directly into your address bar.

Scam: Money Transfers

For better or worse, lots of people skip the gift buying altogether and just give cash. That’s why we’re including money transfer-themed phishes on our list. We can’t stress enough: any time you deal in currency online, be extra careful. The safest way to get to a website is to type its URL straight into your address bar.

Scam: Connect with Loved Ones

No doubt Skype usage increases during the holidays when the revolutionary service is used to see the smiling faces of family members abroad. But we all need to take great caution when phishes this sophisticated exist. Note that while the URL (http://skype.host.org/account/signin_form.php) is very convincing, it’s not the real Skype domain.

One of our most important goals at OpenDNS is educating people on Internet dangers so they can make informed choices on how to best manage their networks. Last week we released a phishing quiz, hoping we could show people just how difficult it is to spot the difference between a phishing site and the real website.

The quiz was designed to be difficult, but our users were hoping for something more than a challenge. The comments poured in, encouraging us to create a powerful educational tool that you could use to help teach people how to avoid getting phished.

You had our attention. Many of you, who know that cyber criminals can create exact replicas of real sites by simply copying the image and hosting it at a different domain, were frustrated that the quiz didn’t include URLs. Others, hoping to use the quiz to teach friends and family about the dangers of phishing, asked us to create something that showed why seemingly legit sites were actually phishes.

So, we incorporated your feedback into a new version of the quiz. We hope you’ll find this to be a useful tool to help people learn the dangers of phishing, and how to avoid them. As always, the easiest way to avoid getting phished is to use OpenDNS. That’s because OpenDNS runs PhishTank, the world’s largest community-powered online clearinghouse for phishing, and uses it to automatically block phishing sites for all OpenDNS users.

Take the quiz now!

Update: We’ve created a new version of the phishing quiz that now includes URLs and feedback on why some seemingly legit sites are actually phishes. Take the quiz again to see how well you do.

Could you be duped by a phishing scam? Most of us familiar with the usual phishing tactics tend to think we’re skilled at recognizing scam sites. But as phishing becomes increasingly sophisticated, it’s getting harder and harder to distinguish real sites vs. scams.

If you’re using OpenDNS, you and yours are protected from phishing sites. We use data from PhishTank — which we operate — the largest clearinghouse of phishing data online. But even with OpenDNS, the single best defense against phishing is education. Knowing how to spot a phish means you’re less likely to click a phishing link in the first place.

With the holiday season upon us, what better time than now to brush up on phish-spotting skills? We crafted a quiz that asks you to identify whether 10 homepage images are those of real or phishing websites. Consensus is that showing the URLs for the sites makes the quiz too easy, so we’ve hidden them.

A quick refresher on spotting phishing before you get started:

Take the quiz now!

Editor’s note: OpenDNS users frequently tell us that they were introduced to the industry-leading security service through younger friends and family members. And usually they’re talking about high-school and college students! To learn more we reached out to Brandon Halsey, 20, of Crown Point, Indiana, who has set-up OpenDNS on machines for dozens of friends and family members and was considered the resident IT pro for his family by the time he was in middle school.

OpenDNS: How did you discover OpenDNS?
BH: When I was a freshman in high school I was messing around with a 2003 R2 Windows server to try and understand how it worked. I did some Internet research for a free recursive DNS server and came across OpenDNS. Even though you had just launched at that time, everything I read pointed to how OpenDNS was a faster and more reliable choice for DNS. I gave it a shot and immediately saw a difference from what my ISP offered. I’ve used it ever since.

OpenDNS: Whoa, back up. You discovered OpenDNS when you were a freshman in high school! Just when did you get into computers?
BH: I was in 5^th grade when we got our first machine that ran Windows XP. I’ve always been curious, so I started tinkering around to see what I could learn about computers. I usually just play around with a computer or server until it breaks and then teach myself how to fix it. By the time I was in middle school I could completely reinstall Windows and fix most common problems. I got my CompTIA A+ and Network+ certifications when I was a junior in high school and just this year I got my “Microsoft Technology Specialist: Configuring Window 7” certification.

OpenDNS: That’s impressive! I know you’ve been helping teach older generations in your family about Internet security. Do you see that as a bigger trend?
BH: Definitely. Kids today start using the Internet for learning games when they’re not even in preschool, so it would make sense that they’d grow up to be more tech-savvy than their parents and grandparents who are less experienced with what is still a fairly new technology. I’ve set up OpenDNS on dozens of computers for my friends and family members who didn’t even know they had a choice in DNS (or what it was) and they’ve all thanked me for a faster Internet and protection from Internet threats. I see the trend continuing firsthand: Since I’ve left for college my little brother Nathan has taken over my role as resident IT guy at home.

OpenDNS: Any alarming stuff out there that you’re surprised to find most parents and grandparents aren’t even aware of?
BH: I would have to say that the biggest threat to my parents’ and grandparents’ generations is phishing. Though I am constantly telling them not to click links in phishing-style emails or log in to websites without double-checking the URL, the best way I help them combat phishing is to set up OpenDNS. I can count several occasions where I’ve gotten phone calls from family members asking why a seemingly upstanding website was blocked by OpenDNS and I’d have to explain to them what phishing is and how they were protected.

OpenDNS: When you’re not saving the planet from phishing attacks one friend or family member at a time, what do you do for fun?
BH: When I’m not busy fixing computers or studying, I am usually messing around with the rack server I recently acquired. I like to use it for experiments to see what I can learn without disturbing my current network setup. Lately I’ve been messing around with things like Group Policy and Active Directory that can save network administrators loads of time and money. I’m not all computers all the time, though. I recently discovered hiking and it’s been a wonderful stress-reliever for when school gets too hectic.

Want to answer five questions for OpenDNS? Let us know by emailing success [at] OpenDNS [dot] com.

As we take a deeper look at phishing across the OpenDNS network to better protect you and yours, we’ve uncovered some interesting patterns about the way Americans interact with phishing emails.

- The majority of clicks on known phishing links happen between 6 AM and 10 AM.

- The fewest clicks on known phishing links happen between 9 PM and midnight.

According to data from ConstantContact, a large email marketing company, the volume of email sent is highest between 10 AM and 2 PM. That means the volume of phishing emails in the morning might not be attributable only to the fact that phishing emails are being sent in the morning.

So what it is about the morning hours that’s got so many of us fooled? Perhaps we’re simply more susceptible, more easily fooled in the morning. Before we’ve had our coffee and gotten our day started. Perhaps it’s because morning is when we clean out our inboxes, looking over email that’s come in the night before.

Also interesting is that more clicks on phishing links happen in California than any other US state. The top five phish-clicking states are here, in order.

California

Texas

New York

Illinois

Florida

For context, this maps almost perfectly to state population. The only deviation is Illinois, which is actually the fifth largest state. So from this data one might conclude that we’re equally fool-able. Among the top five, no one state has a disproportionate number of phishing link clicks.

OpenDNS has been active in the fight against phishing for several years. We operate the largest clearinghouse of phishing data on the Internet, PhishTank.com, and provide the absolute best phishing protection around.

While we advise the absolute best protection against phishing is avoiding clicking links unless you’re 100% certain they’re safe, unfortunately many of us are fooled. And for good reason. The methods through which we’re phished have become dramatically more sophisticated in recent years. Early phishes appeared to come only from banks and financial organizations, but today phishes spoof gaming companies like Zynga, e-commerce sites like Amazon, government organizations like the IRS. And increasingly more and more phishes are what are commonly described as “spear phishes,” where some known information about you, the recipient, is used in the scam.

When you receive phony emails aiming to trick you from nearly every website and online service you use, using OpenDNS is more important now than ever.

Earlier this month, email marketing provider Epsilon announced that their database was hacked. Millions of email addresses were exposed thanks to this breach, and in the following days and weeks many of the companies that used Epsilon’s services — everyone from national banks to big hotel chains to online retailers — sent out emails to their customers alerting them about the vulnerability.

What’s especially worrisome about Epsilon’s announcement is that it wasn’t only email addresses that were accessed. In some cases, names were also connected to these email addresses. With a name and an email address, there’s a high potential to be spear phished.

What’s spear phishing? It’s a phish that’s especially targeted to you. Instead of a mass email sent to everyone on a scammers list, a spear phish is targeted to you directly. It might address you by name, for example, or even look like it’s sent from a friend or family member. Phishes of this type can be especially tricky to identify, but by taking some extra precaution you can outsmart these Internet scammers.

Here’s what to look for:

Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don’t click on the link. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.

Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt. You can always check out their claim safely by heading to your bank’s website and calling them or emailing them directly.

Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

Of course the absolute best thing you can do to protect yourself from phishing websites is to use OpenDNS. We block more than a half million phishing attempts each month for the people who use our services. Since not everyone is super tech savvy, make sure to set up OpenDNS for friends and family members who might not know how to do it themselves.

If you do come across a phishing email, submit the phony website to PhishTank. Sharing information with the PhishTank community helps quickly distribute phishing data across a number of services, and makes the Internet safer for all of us who use OpenDNS.

After we published our 2010 year-end report, a number of people asked us why PayPal was targeted so frequently by online scammers — it stands out as one of the most phished brands in our report by a wide margin. In reviewing how we presented our data, it’s clear that we should have provided a few more datasets and some better explanations of where our data comes from for clarity.

One of the reasons PayPal is so prevalent as a target in PhishTank is because PayPal uses the PhishTank API to automatically submit any phish they find to PhishTank. This is a good thing — it puts data into PhishTank quickly so the community can verify the sites and PhishTank data feed subscribers can protect their users. While this highlights the frequency that PayPal is a target, it also skews the data to make it appear that PayPal, Inc. is the most phished site, simply because they are the most vigilant in submitting data to PhishTank. Obviously, this was not our intent. We’ve updated the report (PDF, Scribd) to show the most targeted brands in 2010 with the PayPal API data removed from the dataset, as nearly all other submissions come from the tens of thousands of PhishTank individual contributors.

As PhishTank continues to grow, we want to encourage other brands to follow PayPal’s lead in using the various PhishTank APIs to submit data alongside the submissions from individual users. In order to do that, we need to create an environment where brands don’t feel their participation in PhishTank is a double-edged sword. We sincerely appreciate PayPal’s participation in PhishTank, and in their fight against phishing. They should be commended for their progress in fighting phishing and keeping their users safe.

If the PayPal API-based submissions to PhishTank are removed from the dataset of phished brands, the list of most-targeted brands in 2010 shifts dramatically:

 1. Facebook                    8.64%
 2. HSBC Group                  6.73%
 3. World of Warcraft           5.35%
 4. Internal Revenue Service    4.87%
 5. Sulake Corporation          3.21%
 6. Bradesco                    3.15%
 7. PayPal                      3.03%
 8. Orkut                       2.90%
 9. Steam                       1.95%
10. Tibia                       1.72%
n=72,404

You can read the full report here (PDF) or on Scribd.

To learn more about submitting data to PhishTank via the PhishTank API, visit the PhishTank FAQ page.

When we look back at 2010, one of the things we’ll remember is how ubiquitous social became online. Facebook exploded, Twitter grew up, people “checked in”, and almost every website seemed to develop some sort of social component.

Not surprisingly, people using OpenDNS — parents, IT administrators, sysadmins, district technology heads — noticed the same thing. Data collected on how people used Web content filtering in 2010 shows this fact: Facebook is the #1 most blacklisted site. And interestingly enough, it’s also the #2 most whitelisted site. Other sites that were frequently blocked include MySpace and YouTube.

Not surprisingly, Facebook was also a frequent target of online scammers. When we analyzed submissions to Phishtank in 2010, we saw that Facebook was the second most frequent website targeted by phishing websites. The #1 target for 2010 — and throughout every month of the year — was PayPal. PayPal accounts for an incredible 45 percent of all online phishes.

These statistics and more can be found in a report we’re publishing today, all about the Web content filtering and phishing data we saw in 2010. I encourage you to download it and read through it. There’s some fascinating information included in the report, including which sites are the most frequent target of online scammers, how businesses are filtering content, and what categories people most frequently block on their networks.

You can download the full PDF report here: http://www.opendns.com/pdf/opendns-report-2010.pdf