Can you spot a Phish?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Mailfrontier are running a little survey to see if people can tell the difference between a phising attempt and a real legit email
would you click??


UK Edition

US Edition

let is know your scores
also let us know if you lost points for declaring a legit email as a phising email, id be interested in who got them right, and whos just a little too paranoid to pay attention ;)

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Ryan,

ok, got 6/10.... Got the x country bank wrong, i said phishing, was legit.. Ok, always check if there is an ip address in status bar??
Kat

 

6 is a worrying statistic Kat, infact one on the wrong side is pretty bad (i consider classing one as phishing and its legit as a non failure, just over paranoia, if you said one was legit and it wasnt your buggered though!

there are lots of steps involved
I will go over a few safety precautions once we have a few more results in so as not to make it too easy hehe

 

80% for me. Not good as it only takes 1 to slip through. Common sense is often the best policy and remembering that banks etc wont ask you to send details via email. So if its genuine just wait for the letter to come through the door.

 

8/10, not bad...
Got the last two questions wrong.

 

7/10 for me

 

9/10 for me. The Cross Country Bank one I got incorrect.

 

You got 9 out of 10 correct, or 90 %

 

You got 10 out of 10 correct, or 100 %

10 out of 10 for me!!! Just looking at the links made it obvious...no https an IP addresses would make it dodgy for most of them!!

 

I got 80%

 

7/10 for me. Not bad considering all we had to go on were a picture and no other clues. The only reason I got that much was my distrust of any such email. On the whole they are very convincing.

 

7/10 phil, tut tut!!
you did pay attention to the URL in the status bar i hope, that was the key give away fact in most of them ;)


Very good folks, nice effort there

as Drum dude has pointed out
the key is generally the URL, dont trust an IP, dont trust anything that you expect to be taking you to a secure site if it isn't, but dont inherintly trust a site just BECAUSE its an https site, anyone can buy a certificate these days


also these methods are becoming obselete too as phisers become more sophisticated, IE allows IDN characters but doesnt display them correctly

meaning an domain registered with an IDN charset will showup in the status bar as the site its trying to spoof

check out http://www.shmoo.com/idn/ for examples

all new versions of firefox have this support disabled by default, but you can disable it manually via the about:config page
i believe its the network.enableIDN flag (set it to FALSE)

 

Click on an unsecure link??? Are you crazy???

 

Hmm. My enable.idn is set to true, but those sites aren't spoofing, the xn-- (punycode) etc url comes up in address bar & on the link rather than the (unicode) spoofed sites.

But Mozilla website agrees, says this flag should be disabled.

I'm using FF 1.02, having upgraded through 1.00 - 1.01 - 1.02

 

Sorry, worked it out now.
As a workaround (quite a good one), there's a new option in about:config

network.IDN_show_punycode flag should be true
This will make all unicode rendered as punycode Link

There's a better explanation around comment 30 (near bottom of page) & a test.

 

LOL of course, it was the only real clue we had.

I saw some recently that were trapped in our Spam filters that the whole message was a graphic with an imagemap over the URL they wanted you to click so that the link looked genuine only the imagemap sent you off to the phishers website.

 

hover over this link to see if your affected (if my copy past job works properly)

http://www.verisign.com

ok guess my copy/paste job hasnt worked properly, as its still showing up with the punycode even in things like IE

unless MS patched this, which i doubt

Actually my mistake
IE was the ONLY browser to not be effected by this problem, as it doesnt have a punycode handler (unless via plug in)

so IE users should see the spoofed address in the status bar
all other gecko/khtml browers are affected though (unless patches have been supplied)

sorry for the confusion folks

 

Interesting stuff. I got 80% but thought the two I got wrong were fake also I am really paranoid about receiving such emails. They can be hard to spot. Never follow a link in an email which seems to want private information. Just enter the url manually in the browser, if you have to.

Thanks for the info re punycode, I wondered how it was achieved!

Pete

 

i got 9/10. i identified the ebay power seller email as phishing, but it was legit. when looking at the criteria they used as legit i can see their point, but i personally thought that if you were a power seller that ebay wouldnt say you had to register for it before the end of the month! also, the address wasnt a secure (https) connection!

Fergal

 

I got 3/10

1. Chase
Phishing Fraud ... INCORRECT
(The correct answer was Legitimate)

2. PayPal
Phishing Fraud ... CORRECT

3. Bank of America
Phishing Fraud ... INCORRECT
(The correct answer was Legitimate)

4. Washington Mutual
Phishing Fraud ... CORRECT

5. MSN
Legitimate ... INCORRECT
(The correct answer was Phishing Fraud)

6. Earthlink
No Answer ... INCORRECT
(The correct answer was Legitimate)

7. Amazon
Phishing Fraud ... CORRECT

8. eBay
Legitimate ... INCORRECT
(The correct answer was Phishing Fraud)

9. Capital One
Phishing Fraud ... INCORRECT
(The correct answer was Legitimate)

10. Network Solutions
Phishing Fraud ... INCORRECT
(The correct answer was Legitimate)
You got 3 out of 10 correct, or 30 %

Now excuse me while I go bury my head in the sand.