1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can you spot a Phish?

Discussion in 'Computer Security' started by Phoenix, Apr 12, 2005.

  1. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Mailfrontier are running a little survey to see if people can tell the difference between a phising attempt and a real legit email
    would you click??


    UK Edition

    US Edition

    let is know your scores
    also let us know if you lost points for declaring a legit email as a phising email, id be interested in who got them right, and whos just a little too paranoid to pay attention ;)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  2. kat731
    Honorary Member

    kat731 Megabyte Poster

    826
    9
    74
    Hi Ryan,

    ok, got 6/10.... Got the x country bank wrong, i said phishing, was legit.. Ok, always check if there is an ip address in status bar??
    Kat
     
    Certifications: BA (Hons), A+
    WIP: 70-685 77-884
  3. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    6 is a worrying statistic Kat, infact one on the wrong side is pretty bad (i consider classing one as phishing and its legit as a non failure, just over paranoia, if you said one was legit and it wasnt your buggered though! :)

    there are lots of steps involved
    I will go over a few safety precautions once we have a few more results in so as not to make it too easy hehe
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  4. rowley73

    rowley73 Bit Poster

    27
    2
    10
    80% for me. Not good as it only takes 1 to slip through. Common sense is often the best policy and remembering that banks etc wont ask you to send details via email. So if its genuine just wait for the letter to come through the door.
     
  5. Gaz 45

    Gaz 45 Kilobyte Poster

    404
    4
    39
    8/10, not bad...
    Got the last two questions wrong.
     
    Certifications: MCP (70-229, 70-228), MBioch
    WIP: MCDBA (70-290)
  6. Tyler D

    Tyler D Gigabyte Poster

    1,224
    8
    85
    7/10 for me
     
    Certifications: A+,70-270
    WIP: 70-290
  7. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    151
    228
    9/10 for me. The Cross Country Bank one I got incorrect.
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  8. mojorisin

    mojorisin Kilobyte Poster

    395
    14
    41
    You got 9 out of 10 correct, or 90 %
     
    WIP: 70-685 http://www.speedtest.net/result/3377759783.png
  9. drum_dude

    drum_dude Gigabyte Poster

    1,547
    46
    113
    You got 10 out of 10 correct, or 100 %

    10 out of 10 for me!!! Just looking at the links made it obvious...no https an IP addresses would make it dodgy for most of them!!
     
    Certifications: MCSA , N+, A+ ,ITIL V2, MCTS
    WIP: MCITP 2008 Ent Admin, Server Admin, Exchange 2010, Lync 2010, CCNA & VCP5
  10. Pablo1888

    Pablo1888 Byte Poster

    119
    0
    19
    I got 80%
     
    Certifications: MOUS Master, MCP 70-210, A+
    WIP: CCNA
  11. Phil
    Honorary Member

    Phil Gigabyte Poster

    1,680
    7
    87
    7/10 for me. Not bad considering all we had to go on were a picture and no other clues. The only reason I got that much was my distrust of any such email. On the whole they are very convincing.
     
    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade
  12. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    7/10 phil, tut tut!! :)
    you did pay attention to the URL in the status bar i hope, that was the key give away fact in most of them ;)


    Very good folks, nice effort there

    as Drum dude has pointed out
    the key is generally the URL, dont trust an IP, dont trust anything that you expect to be taking you to a secure site if it isn't, but dont inherintly trust a site just BECAUSE its an https site, anyone can buy a certificate these days :)


    also these methods are becoming obselete too as phisers become more sophisticated, IE allows IDN characters but doesnt display them correctly

    meaning an domain registered with an IDN charset will showup in the status bar as the site its trying to spoof

    check out http://www.shmoo.com/idn/ for examples

    all new versions of firefox have this support disabled by default, but you can disable it manually via the about:config page
    i believe its the network.enableIDN flag (set it to FALSE)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  13. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Click on an unsecure link??? Are you crazy??? :ohmy

    :tongue
     
    Certifications: A+ and Network+
  14. Gaz 45

    Gaz 45 Kilobyte Poster

    404
    4
    39
    Hmm. My enable.idn is set to true, but those sites aren't spoofing, the xn-- (punycode) etc url comes up in address bar & on the link rather than the (unicode) spoofed sites.

    But Mozilla website agrees, says this flag should be disabled.

    I'm using FF 1.02, having upgraded through 1.00 - 1.01 - 1.02
     
    Certifications: MCP (70-229, 70-228), MBioch
    WIP: MCDBA (70-290)
  15. Gaz 45

    Gaz 45 Kilobyte Poster

    404
    4
    39
    Sorry, worked it out now.
    As a workaround (quite a good one), there's a new option in about:config

    network.IDN_show_punycode flag should be true
    This will make all unicode rendered as punycode Link

    There's a better explanation around comment 30 (near bottom of page) & a test.
     
    Certifications: MCP (70-229, 70-228), MBioch
    WIP: MCDBA (70-290)
  16. Phil
    Honorary Member

    Phil Gigabyte Poster

    1,680
    7
    87
    LOL of course, it was the only real clue we had.

    I saw some recently that were trapped in our Spam filters that the whole message was a graphic with an imagemap over the URL they wanted you to click so that the link looked genuine only the imagemap sent you off to the phishers website.
     
    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade
  17. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    hover over this link to see if your affected (if my copy past job works properly)

    http://www.verisign.com

    ok guess my copy/paste job hasnt worked properly, as its still showing up with the punycode even in things like IE

    unless MS patched this, which i doubt :)

    Actually my mistake
    IE was the ONLY browser to not be effected by this problem, as it doesnt have a punycode handler (unless via plug in)

    so IE users should see the spoofed address in the status bar
    all other gecko/khtml browers are affected though (unless patches have been supplied)

    sorry for the confusion folks :D
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  18. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Interesting stuff. I got 80% but thought the two I got wrong were fake also :rolleyes: I am really paranoid about receiving such emails. They can be hard to spot. Never follow a link in an email which seems to want private information. Just enter the url manually in the browser, if you have to.

    Thanks for the info re punycode, I wondered how it was achieved!

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  19. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    i got 9/10. i identified the ebay power seller email as phishing, but it was legit. when looking at the criteria they used as legit i can see their point, but i personally thought that if you were a power seller that ebay wouldnt say you had to register for it before the end of the month! also, the address wasnt a secure (https) connection!

    Fergal
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  20. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    3,282
    73
    152
    :eek: I got 3/10

    1. Chase
    Phishing Fraud ... INCORRECT
    (The correct answer was Legitimate)

    2. PayPal
    Phishing Fraud ... CORRECT

    3. Bank of America
    Phishing Fraud ... INCORRECT
    (The correct answer was Legitimate)

    4. Washington Mutual
    Phishing Fraud ... CORRECT

    5. MSN
    Legitimate ... INCORRECT
    (The correct answer was Phishing Fraud)

    6. Earthlink
    No Answer ... INCORRECT
    (The correct answer was Legitimate)

    7. Amazon
    Phishing Fraud ... CORRECT

    8. eBay
    Legitimate ... INCORRECT
    (The correct answer was Phishing Fraud)

    9. Capital One
    Phishing Fraud ... INCORRECT
    (The correct answer was Legitimate)

    10. Network Solutions
    Phishing Fraud ... INCORRECT
    (The correct answer was Legitimate)
    You got 3 out of 10 correct, or 30 %

    Now excuse me while I go bury my head in the sand.
    [​IMG]
     
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS

Share This Page

Loading...