Another Phishing Email..
Another scam email! I know this is been extending for too long, a lot of my blog post have now been about security over the internet. I wanted to make this a detailed expose on how these scams work and what are the possible effects that u may end up with. And more generally this email could have caught more people in its trap as this one comes using the name of well known search engine, Google. It was relating to some content about Google’s ad service called, Adwords or Ad sense. Read on to find out more.
Adsense allows registered Google users to place ad’s as a part of their blogs, websites. It allows users to earn free money by placing these ad’s. It has a simple and easy interface, setting up an Adsense account is not too tough. For every ad clicked on Ur website, U are paid some percentage of money, A few cents may be. As a matter of fact, Blogspot sometimes places a few ad’s on Ur blog. It pays you for every link ur reader clicks on the blog. You are allowed to redeem money once u reach a certain value.
OK, enough about Adsense. The email that i received wanted me to download a latest 128- bit SSL certificate from the website to make transactions more secure. Here is the screen shot. The mail looked completely genuine, It could not be a spam message or Phishing because it landed in my Inbox. I had my doubts though, The email was forwarded to a group that I’m subscribed to. I had registered with Adsense a long time back to know its features. Therefore it should have only arrived to my email id. How does Google know the id of the group. I trashed it anyway. Things turned interesting when i saw the same email in my spam folder. My doubts about it being a scam turned real. I wanted this Post to be a little more detailed, it gave me opportunity to explain what each step in the scam could do. I moved forward clicking the link to see what would happen. I was aware how serious it could be, therefore every step i took was a careful one. I wanted to make sure the site does not gain any valuable information from my computer. So what was this one designed for, Identity theft?? Stealing Id and passwords?? or something even more serious like ripping off financial information.
Take a look at the forged website
Here is a look at the real Adwords/ Adsense website
Shocked! They Both look and feel the same. At this point I’m prone to losing information relating to my computer. May be my IP address, may be some cookies are being accessed, something about the connection etc may be getting shared. As a precautionary measure, i closed all connections and applications for the site to gain minimal access about the computer.
I wanted to investigate further; This time, I had to login. Even clicking some links showed error messages wanting me to login first. I used a fake identity(Id: aaabbbccc, Password: 123456), an id that did not exist. I was sure that there was going to be no verification before i would be logged in. As expected, i was logged in. Now i know that my Id and password are stolen!
If they only wanted only my login info things would have ended here. A simple ‘Thank you’ page, or a ‘cannot login at this time’ page would have shown up. Most phishing sites end it here. However, this one wanted to carry things a bit more forward. In this case i was directed to another page. A link to upgrade my browser with the new SSL certificate. It wanted me to download the update for my browser. This time i was not going to click any links. I know i was at risk,The download file would definitely contain a virus. A Trojan may be. I closed the application immediately.
A Trojan is a kind of virus that resides on Ur computer designed to send out information, this one was may have been designed to wait for me to login to my bank account so that it could send such information to the spammer. These Trojans also can be integrated with bots (another kind of a virus, viruses are basically unwanted applications that reside in your computer) to control the activity of the computer. May be even upload data from my computer on to the server in hidden mode.
Even if i would have continued to click the link and download the file, I’m sure that my Anti virus would have caught it. I made sure that no traces of it were left on my computer(with a full scan). Thankfully i have my anti virus up-to-date. Do u have ur’s? if not Update it. An anti virus will help block such Trojans enabling the computer with more power to browse the internet.
So how do u identify a forgery??
Look at the images above, compare the original one to that of the forged one. Find 6 differences 😀 The real one carries ‘HTTPS’ prefix, while the other has nothing of that sort except for a big URL. — All Google based connections are secure and carry the HTTPS prefix — Look for the keyword before the ‘.com’, In this case the forged site carries ‘ggoocom’, That is pretty much the give away, U r being taken to some other site other than where it should be.
Interestingly, Mozilla Firefox beta 3, Google Chrome was able to point the site as a phishing site, While Internet explorer(Ver 7.0) gave clear access to the website. May be my certificates are not up-to-date. That’s possibly another reason to move to other web browsers. Chrome, Firefox however allowed me to access the page, when i clicked the ‘ignore message’. Firefox carried a red bar on the top throughout my connection with the website, with ‘Reported forged website’ message.
I hope u understand the severity, the extent of damage such things can do. Got any other ideas to detect forgery, Please comment.
Don’t like the blog post: Unsubscribe.
Also Read on the blog: Online Fraud