We all know of phishing attacks from crooks spoofing various popular Internet eCommerce destinations. Most notable of those attacks spoofed sites such as PayPal and eBay. I have personally received quite a large number of such bogus emails. Those behind these emails hope that customers of eCommerce sites they claim to represent will click on the link and provide personal login information to the impostors while thinking that they are interacting with the legitimate merchant from who the email supposedly originated.
Obviously, the originators of the email do not typically know who is and who isn't a customer of PayPal, for example. What they rely upon is the fact that so many of us are PayPal customers that odds are high that if the email is valid, the recipient is the user of PayPal.
Thanks to Don Demsak of Don Xml's Grok This, I have learned that Amazon Associates have become the victim of the most recent phishing attack. What makes this attack interesting is that certainly a very small portion of the typical user base is members of the Amazon Associates affiliate program. If the attack was completely random, the perpetrators would be quite unlikely to find anyone who would be able to provide any kind of login information to them.
So, Don brings up a very valid question: Whether the originators of the attack were able to somehow parse web sites, find Amazon Affiliate tag information, locate email addresses on the site and then send them an email spoof of Amazon Associates. If so, this would be a very sophisticated attack.
Take a look at the email that is currently going around:
Regardless of methods used for this phishing attack, it is fairly easy to avoid becoming a victim. The following 5 steps will be your good guide:
1. Do not provide your email address in clear text on your site. Note that my email address on the left sidebar is provided as an image that you will need to type into your browser in order to email me.
2. If you do receive an email, make sure that when you mouse-over any links in the email, the URL that corresponds to it matches the URL in the text. In the above email, mousing over the link to http://www.amazon.com/exec/obidos/sign-in.html yielded the actual destination in the http://p10.hostingprod.com domain.
3. If you were to actually click on the link, make sure that the site is the genuine desitnation site, not based on how it looks but on the URL in the address bar. Suspect any site which hides the address bar or otherwise does not exactly match the expected destination. Watch out for misspelled domain names such as http://www.amzoan.com.
4. Watch out for spelling mistakes in the email message itself. Because of the stringent US laws, many of the perpetrators are located offshore where English perhaps is not their native language. In the email above, you'll see "wich is securely incrypted with SLL." on the bottom line. More properly, this should have read "which is securely encrypted with SSL".
5. Lastly, I'm not aware of any legitimate organization requesting you to log in because your account needs to be verified.
Gene Kavner, Former World-Wide Director, Amazon Associates Affiliate Program, 2005-2006.
Join Amazon Associates Today -- it's Easy and FREE!
I received another "Amazon" phish on Friday. It was a order confirmation for the purchase of a Sony Vaio computer. I thought I had a credit card stolen and was looking for a link when I noticed there was a "PDF.exe" download file attached. My spamware had caught it so no harm. Shortly thereafter I received a close proximity from BestBuy. Thanks for the post.
Posted by: Durk Price | November 26, 2006 at 09:21 AM