4 tips to detect phishing attempts

Late last week I received an email from Google AdWords at an email address that looked like .(JavaScript must be enabled to view this email address). Except the email wasn’t from Google AdWords and the originating email address wasn’t really .(JavaScript must be enabled to view this email address).

It was a phishing attempt. Phishing?

In computing, phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant messaging,[1] and often directs users to enter details at a website, although phone contact has also been used.

Most phishing attempts are pretty easy to spot. Misspellings, fake email addresses and domain names in Russia or some other country extension usually give them away if you know what to look for. But this scam was above average in its execution.

Here’s what the email looked like.

And here’s the landing page the link in the email brought up.

Here’s the actual login page for Google AdWords.

I was following along half absentmindedly up to this point. Then I took a closer look at the URL.

adwrods.google.select.wapisbank.cn/select/Login/index.html

The actual domain name is wapisbank.cn, in China. I smelled a rat.

At the same time I was impressed. This was phishing done far better than I had seen before, and for Google AdWords, not common targets like banks, Paypal or eBay.

So how can you spot an attempt at phishing that shows up in your inbox?

1. Are you expecting an email from the sending organization? If you don’t deal with a bank, they won’t send you email. If you don’t have a Paypal account, they also won’t send you email.
2. Don’t trust email. The sender email address can be masked or ‘spoofed’ very easily. Email is inherently an unsecure communication. Email messages travel over the open Internet just as they are. A detection program called a ‘sniffer’ can watch the traffic going past and respond to specific words or cues (like passwords or credit card numbers). Don’t email sensitive information. Don’t expect large organizations to email sensitive information.
3. Watch URLs. The URLs are the address of the web page you’re visiting. Phishing attempts almost always use URLs that mimic the URLs of the organization they’re impersonating, but they can never be that organzation. Here’s a short example of the distinctions between URLs, domain names and registered domains.
   • URL: http://www.example.net/index.html
   • Domain name: http://www.example.net
   • Registered domain name: example.net
4. Contact the organization sending you the email directly, not through a link in the email. Go straight to their website. Call them. Ask through a channel you’ve used before if you need to do anything to manage your account. Also, be ready to send the phishing email to the organization being impersonated.

Now that you’ve been warned, here’s the phishing webpage in case you need to see it in action.