(walks Mary, do not want me to write? Take
writing ... ;-) For those who do not know yet what the phishing , I'll have a pretty recent history.
few minutes ago I received an email. Specifically, in my spam folder Hotmail. They say they are Caja Madrid, and as this condition is that every month deposit my payroll and is co-owner of my residence, I was curious to know what I had to tell. Once chipped the Hotmail security protocols, and with due knowledge that they will try grinding him bent, I read the following:
said your online service has been temporarily suspended due to failed attempts to access your account online.
As a security measure we have decided to temporarily disable your account, this incident may be because I make attempts to access your account from another IP address because a dynamic system used by Internet providers.
To ensure its authenticity please reactivate your account from the following link which we present by selecting the type of account managed
As a security measure we have decided to temporarily disable your account, this incident may be because I make attempts to access your account from another IP address because a dynamic system used by Internet providers.
To ensure its authenticity please reactivate your account from the following link which we present by selecting the type of account managed
This adorned with the visual identity of Caja Madrid and legal paraphernalia the message makes it seem as genuine . Attention capture:
us show common sense and analyze certain facts:
1) The wording of the message is bad, the text is full of repetitions and presents some factual mistakes inappropriate a company with a strong corporate image as Caja Madrid: separation of contractions ( "on" ) with incorrect and misleading constructions ( "which presented selecting the type of account managed" ) and lack of punctuation (or a tilde and separation between commas and the words they accompany.)
2) The sender's address, note taking, does not belong to cajamadrid.es , but cajamadrld.es . Subtle yet completely rule out the true identity. CAUTION is relatively easy to spoof a domain, so even if you see cajamadrid (in my case) that's not reason enough to trust.
3) There is a link to a page , that security does not reproduce, if you hover over it (as I have done in the above screenshot), we see that the URL is not exactly Caja Madrid , but this:
4) The mail client you use (in my case, Hotmail, but today almost anyone amply meets) keeps telling me that the matter stinks : "Do not open the message "-" Well, we've opened, but not read the content! " - "OK, but not fucking nowhere!" - "Are you sure you want to open the link? Do you have plenty of money? ".
5) My provider of banking is Caja Madrid, but sometimes I have received similar messages from Santander and Banesto Cajamar. Needless to say, if you have no account with that bank or box The thymus is impossible .
If I had a blog like this, he might have deleted the message and holy Easter. But as I put a clear example of phishing and how to avoid it, I decided to keep and bait , to see what happened. moralism pure Socratic intellectual.
Well, Dear reader, THIS IS PHISHING :
page to which I sent the message. Watch more retro look is what my Firefox ...
original page from the internet office of Caja Madrid. Conas not occur to me, it works great!
A greeting rubber band behind the ears. PD
I have not resorted to resist, and I decided to continue the game. Watch what you say page when I enter a user name and password exist. Of course, income a false signature and thymus is completed with the following message . PPD
I hope the Caja Madrid client with ID and password 12,345,678 1234 forgive me, because it will run out of the pack of "Fortunata and Jacinta" with "Criminal Minds" on DVD.
The phishing is a computer crime consisting slip you mail a link to the capture page above, enter your username and password to your online bank and soon say goodbye to you give to your partner the entire collection of "Fortunata and Jacinta" on BluRay .
As you can see the procedure until you get to click on the link in the message is tacky, but how you do, you've screwed up because the resemblance is amazing. Indeed, look at the differences going to be our best ally against this scam.
page "good" shows three elements that give the green light to introduce our data security: https word in the address bar (as opposed to http of the poor), the padlock in the lower right corner and a blue button next to the address bar to verify identity of the owner of the page. All browsers clearly show if a page is secure or not. If you do not see these elements on a page that asks for sensitive personal data, do not you dare enter it.
And finally, remember that NEVER NEVER (did I say EVER?) Should NEVER be accessed through links reaching you by mail or messenger a critical pages in the real world as banks, government, etc. Have a favorite hand or marker, is the best option.
A greeting rubber band behind the ears. PD
I have not resorted to resist, and I decided to continue the game. Watch what you say page when I enter a user name and password exist. Of course, income a false signature and thymus is completed with the following message . PPD
I hope the Caja Madrid client with ID and password 12,345,678 1234 forgive me, because it will run out of the pack of "Fortunata and Jacinta" with "Criminal Minds" on DVD.
0 comments:
Post a Comment