Monday, November 5, 2007

How to identify Fraudulent Emails

In June 2004, a spam attacked many an email inboxes, asking people to logon to ICICI bank website and change their account details due to the said security verification by ICICI bank. The link in the email took them to a fake site that resembled ICICI bank’s website and asked them to key in their user-id, password etc. That was an email fraud initiated by someone who wanted to get the user-id and password of ICICI bank customers to tap money out from their accounts.

Though there weren’t any reports on financial loss due to this, no one has to think twice to understand the motive behind such an email. Fraudulent emails are becoming rampant as internet banking has grown in popularity. Lets try to examine a fraudulent email from real life so that you could identify it when one such arrives in your inbox one fine day. Let’s also go through a few measures that could be adopted so as to ensure that you would not be devastated by an innocent looking email.

Shown below is the screenshot of an email one of my friends got in his inbox. It’s supposedly from Bank of America saying that the bank requests the recipient to start a client details confirmation procedure. A link to click-on to start the confirmation procedure was also shown in the email.

Bank of America email

A perfect link it was and when it was clicked, the following website got opened.

Bank of America fraud website

The site asked for the online user-id and password among several other details. It looked as authentic as it could be. For a reference, have a look at the actual BankAm website below.

Bank of America actual website

Now what all are the catches. Let’s examine the email and the opened website in detail.

The sender’s id in the email was some reference number @ bankofamerica.com. How could this be possible? Is it possible for anyone to send an email with someone else’s email id at the sender’s place? The matter of fact is it is very much possible to send an email with someone else’s email id in the sender’s place. People who are working in the IT industry would vouch for it. You can feed in any address to the email sending function and it will send emails as if the sender’s email id is the one that’s entered.

Now the URL shown in the email is, http://www.bankofamerica.com/onlinebankingid1073531410/session.cgi
One would wonder what problem does this email have? The catch here is the address to which the URL takes you need not be the URL that is displayed on the email. Let’s have a look at the URL of the site that got opened when this URL is clicked. It is, http://www.bankofamerica.com.onlinebankingid1073531410.ezgor.biz/session

You may not see any difference between the two, but if you notice closely, there are a few changes in the two URLs. There is an extra ‘ezgor.biz’ in the site that has opened. Second thing is most of the ‘/’s in the shown URL are replace by ‘.’s in the site opened. Now in the internet world, a ‘.’ signifies a sub-domain of a main domain, like mail.yahoo.com of yahoo.com where as a ‘/’ denotes a sub-folder in a sub-domain or main domain. Now what this turns out to be is that bankofamerica.com.onlinebankingid1073531410 is the sub-domain of the site named ezgor.biz, which is a fake site opened by the frauds and is not the site of Bank of America. The sub-domain name is well crafted so as to look quite real. The fraud site was made to look exactly similar to that of Bank of America website so that people won’t feel the slightest of doubts about it.

In the internet world, such activities to get hold of confidential information by masquerading as a trustful entity are termed as ‘phishing’. New age browsers carry phishing filters along with it, which verifies the entered URL with universal databases of phishing site names and warns you in case the site is found out to be a phishing site.

Going forward, here are a few steps you could follow to protect yourself from being cheated.

  • When you receive such an email, have a look at the ‘from address’, body etc. for doubtful content

  • Prefer not to click on the URL given in the mail for the displayed URL and the real URL may not always be the same. Either copy paste the URL in to the address bar of the browser or if clicked directly see to it that both the URLs are the same

  • Verify the URL of the newly opened site and look for any doubtful texts in the address. Like the ‘/’s to ‘.’s and the extra domain name in this case

  • For internet banking most of the banks provide a secure http connection denoted by an ‘https’ instead of normal ‘http’. Look out for ‘https’ while doing such transactions. ‘Https’ is always preferred for such transactions

  • When in doubt, call the customer care service of your bank to confirm whether the bank is running such a program or not

  • Enable phishing filter that comes along with the latest version of your browser


  • Ever since its inception the internet has made our life simpler to a great extent. But every good thing has its own flip side. Spam and email fraud would account for that in the internet world. With a little care, enjoy your online experience to the fullest and make the most out of it.

    6 comments:

    மனசு... said...

    last week I received such an email. I filled all the details including ATM card number and pin number. And before clicking login I realized what shit am I doing now? and then noticed the address bar. I realized something was wrong and copied all the information and sent it to ICICI.
    It was clearly the one you have mentioned. Even the people who knows whats going on internet tend to make mistakes sometimes. newbies cannot escape i guess....

    anyways good post....keep it up...

    Michelle Boudreau said...

    The risk is high with regard to bank fraudster with account hacking and internet theft .

    Payday Loan Online said...

    So the sort of scam which I know must started somewhere in Europe or USA has continued to spread across the globe?

    I don't if they are going tag West Africa as an Internet scam laden zone in this respect.

    I believe that its time that banks start educating their customers on how to identify their website

    Uslh Insurance said...

    Very true.Such a nice concept. Your information is true up to great most of the extent. Thanks for sharing.Thanks for the useful information.Such a inspirable and good post . I am able to get new knowledge while reading this . Keep sharing this type of informative posts.

    PENNY STOCK INVESTMENTS said...

    Be careful

    couponsnip said...

    Thanks for information, everyone should take care of their own privacy and security to stay safe.