113 captures

26 Mar 2009 - 21 Apr 2025

Sep	DEC	Jan
	17
2015	2016	2018

success

fail

About this capture

COLLECTED BY

Organization: Alexa Crawls

Starting in 1996, Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to the Wayback Machine after an embargo period.

Collection: Alexa Crawls

Starting in 1996, Alexa Internet has been donating their crawl data to the Internet Archive. Flowing in every day, these data are added to the Wayback Machine after an embargo period.

TIMESTAMPS

Get smart on Phishing! Learn to read links!

A pishing email for Paypal. The Apple Mail program shows the real link target in a pop-up bubble when you hover your mouse over the link.

If you came here, you probably received an email like the one to the right. They are fake messages intended to lure you to fake websites that are made to look like e.g. a bank website, but in reality set up by data thieves. If you fill in forms on those sites, you will give all your information to criminals and invite indetity theft, credit card fraud, cleaned out bank accounts etc. This is called "phishing".

Phishing can be attempted for anything that requires a login or holds data of some value: banks, eBay, Paypal, Facebook, credit card companies, even your frequent flyer program or popular discussion forums. The emails can look very real and tempting to click. Say, if you have a Facebook account, you are used to the notification emails everytime one of your friends did something on your profile. Imagine a message: "Your friend XYZ commented on a picture of you. Click here to see comment." Wouldn't you want to see what your friend wrote? So you click and as expected you get to the Facebook login page. Or did you?

Ideally you should NEVER click on such emails. Instead go the the site on your own by typing e.g. facebook.com directly into the browser, log in from there and check your account. It's like saying: "Don't call me, I call you!"

Below, learn how to identify links to fake sites, so you will not be fooled!

1. What is the actual link?
   What you read as link may not be the real destination. We've all seen links like Click here! Obviously, "Click here" is not a web address, but it does link somewhere (in this case, back to this page). You can see the real link target at the bottom of your browser when you hover your mouse over the link. The description ("Click here") and the link target (www.bustspammers.com/phishing_links.html) are two different things and I could make the description anything I want. I could even make it look like another link.

   Look at the Paypal example. It looks like it's a link to
   https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
   but that's really just the description; it's as meaningless as "Click here" for determining where the link points to. In reality, the link goes to
   http://66.160.154.156/catalog/paypal/
   If you do click, that link with the weird number will be what you see in your browser's address bar. And it's not a Paypal site. But how do you know that? After all, it does say "paypal" there at the end?

A pishing page for Chase. Notice the address (URL) in the browser address bar.

2. What site does the link really point to?
   

   

   Look for the first slash after (not including) http:// then go BACKWARDS from there to the SECOND dot. The main address of a website, also called "domain", consists of two parts separated by a dot (e.g. chase.com) which is why we skip that one dot. If there are no two dots before the first slash, then simply go to the beginning of the URL. You want that to be the expected site name (domain), if it's anything else, it's most likely a phish. Let's take Chase bank as an example:
   http://support.chase.com/something/index.jsp
   The first slash after http:// is emphasized. In front of it is chase.com. This would be legitimate. Whether it says support, www or something else before the next dot is irrelevant. The following links would all be fake:

   • http://www.fivestarmanager.com/chaseonline.chase.com/survey.html?ssl=1
     This is the example from the picture above and you are at fivestarmanager.com. This "survey" does not come from Chase!
   • http://www.chase.com@209.131.36.158/something/index.jsp
     Even though there is a chase.com before the first slash, it is not immediately before it. You would be at 209.131.36.158, which is another way to say Yahoo.com, not Chase.
   • www.chase.com.online.to/something/else/index.jsp?p=dw&fr;=yfp-t
     This goes to online.to, which has nothing to do with Chase either.
   • http://onlinebanking-chase.com/checking/ssl/update.php
     Remember, the domain consists of two parts separated by a dot — ONLY a dot and nothing else! A dash, hyphen, underscore or anything else doesn't count. The second domain part (going backwards from the slash) is onlinebanking-chase, not chase — not the same! The site you'd be at, onlinebanking-chase.com, is not run by Chase. Same for:
     http://wwwchase.com/
http://www-chase.com/
http://www.chasecom.com/
http://chase.com.cc/
http://www.chase.com-sweepstakes-2011a.info/
     They would all be scams.

There are many other signs that give away phishing attempts, like no secure (SSL) connections, no personal details (your name or last digits of account number) that a legitimate sender would know included in the email to you, violation of common sense and the "Too good to be true" rule (No bank will EVER just hand out $100 to every response to a short survey as claimed in the picture above), fake certificates, etc. You can learn more about those and phishing in general with a simple search: http://www.google.com/custom?q=phishing

Stay safe!

Want to learn how to get a handle on spam too? Go to the BustSpammers homepage!