Email Spoofing and How to protect your online identity

Recently one of my friend got a mail from his bank, asking him to update his account information. He clicked on the link to fill out the information, and just a few days later, his bank account was emptied. Does this story sound familiar to you? This is called Spoofing / Phishing. In this post, i will explain you the process as to how this works and how you can ensure that you don’t end up revealing your online identity to phishers.

Spoofing Websites enact as Original Websites

[Image Source: Flickr]

Email spoofing definition as obtained from the Wikipedia goes like this

E-mail spoofing is a term used to describe fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. It is often associated with website spoofing which mimics an actual, well-known website but are run by another party either with fraudulent intentions or as a means of criticism of the organization’s activities. The result is that, although the e-mail appears to come from the email indicated in the “From” field (found in the email headers) it actually comes from another e-mail address, probably the same one indicated in the “Reply To” field; if the initial e-mail is replied to, the delivery will be sent to the “Reply To” e-mail, that is, to the spammer’s email.

Earlier, i had written a post from an educational perspective teaching the readers how to spoof a Yahoo Mail user. Today lets discuss another form of Spoofing and how it works. The example scenario is the same which my friend faced ( wish he had read my blogpost on phishing earlier 😦 )

The figure below, has a snapshot (click on the image to enlarge) of the mail sent to me by the phisher pretending to be from a leading Indian Bank, AXIS Bank. The email also contains a link which should be clicked to carry out the needful.

How Email Spoofing can phish your bank details.

This URL might look to be safe from the look of it, as it has all the key features we have always been taught to check: Check for the domain ( in this case, the domain of the bank; axisbank.co.in), check for https. However, what we usually tend to forget that what we are seeing on the screen is not the actual URL but the text to be shown to the user. The actual URL will be revealed only once you click this link or hover your mouse on it.

Once the user clicks on the link, he is taken to the site which is an exact replica of his bank’s site; thereby not giving a single slice of doubt to the user.

You must see that the Fake Website looks like an exact replica of the Original Axis Bank Website

Whenever you click on a URL from a email or any other page and land onto a site pretending to be your bank site, the first thing to do should be to check the URL of the landing page again. Look for the domain again; Does it look like your bank’s domain? (www.axisbank.com) Does it have an important security ingredient https on the logon page ? If not, beware, chances are that you are getting spoofed.

Below are the steps from my earlier post on Phishing, which describes the steps to follow to stay away from Phishing Scams.

  • Always go through the URL of the website. A closer look at the URL can certainly give you clues about the fraudulent websites.
  • Never reply to emails asking for your bank account number, internet user details etc. Remember NO BANK asks you for such information. If they do, change your bank )
  • The old saying “When in doubt, talk”, holds true here as well. If you are in a doubt about the email/website, just take the phone and call up the call center of the service to get an explanation on your doubt.
  • Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
  • Don’t open email attachments sent to you by strangers. Email attachments can have programs which can affect your computers once opened.
  • Always follow steps to a healthy PC. You can read my previous post 4 steps to a Healthy PC to learn more on this.
  • Always keep your Anti Virus Softwares, Spywares and Firewalls updated. You can use Update Checker which happens to be a free service for this. Also read my previous post Use Update Checker to Keep your Softwares UPDATED.

You can also, check this link for more information.

Related Posts:

Spoofing a Yahoo User.

Anti Spyware Applications: Here goes the ranking.

Top 3 FREE Antivirus Applications

[How-To]Bypassing Passwords in Windows

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here.

Cheers

Vaibhav

Advertisements

7 Responses

  1. […] Finance News – All about your finances wrote an interesting post today onHere’s a quick excerpt Recently one of my friend got a mail from his bank, asking him to update his account information. He clicked on the link to fill out the information, and just a few days later, his bank account was emptied. Does this story sound familiar to you? This is called Spoofing / Phishing. In this post, i will explain you the process as to how this works and how you can ensure that you don’t end up revealing your online identity to phishers. [Image Source: Flickr] Email spoofing definition as obtai […]

  2. Amazing lengths the spoofers go to get you fooled. The site design, the mails, correct english (unlike the nigerian gold mails)
    phishing has come of age.

    You can talk a bit more on how the browsers are evolving to help users tackle this. And OS.

    Another Q – when you give out details and are “phished” – the criminal will use it to electronically transfer the money, right? But that can be traced to wherever it would land!!! So how do they get away?

    nice post. I hope people read it and are not duped.

    -Des
    http://techwatch.reviewk.com/

  3. […] Email Spoofing and How to protect your online identity […]

  4. […] a few days later, his bank account was emptied. Does this story sound familiar to you? This is chttp://technofriends.in/2008/04/30/email-spoofing-and-how-to-protect-your-online-identity/Outage ChaseSite from bank one providing information and applications for loans and financial […]

  5. […] Connect Securely to Gmail Posted on May 10, 2008 by Vaibhav Pandey You already know that Phishers employ various methods to phish your critical data and there are certain ways to protect your data, and one of the ways to […]

  6. […] a few days later, his bank account was emptied. Does this story sound familiar to you? This is chttp://technofriends.in/2008/04/30/email-spoofing-and-how-to-protect-your-online-identity/Online email accounts held hostage for blackmail George Ou …Dec 12, 2006 … George Ou&39s […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: