Phishing, as you may know, is a kind of fraudulent e-mail that tries to steal your authentication data supplanting the identity of your bank or other provider you trust. The attacker sends you an e-mail telling you that, for security reasons or whatever, you must click in a link and enter your credentials.

I'm suspicious every time I get an e-mail with words like "Important security notice" or similar in the subject. A trustworthy provider (your bank or on-line retailer) is never going to ask you for your security credentials, so be suspicious of those emails that tell you to do so.

A couple of days ago I received one of this phishing attempts, and then decided that I'd like to analyze it briefly in order to show you the basics of its behavior. You will learn how to identify it easily.

I received an e-mail supposedly from Amazon.com, an on-line retailer that I use a lot. Here you can see the full text of the e-mail (click to enlarge):

As you can see it's a classical phishing message. It tells you about a supposed security problem, and asks you to fix it by the means of login to your account and notify. The smart thing about this message is that it says that someone attempted to login to my Amazon account several times from a foreign IP. I buy a lot in Amazon.co.uk (although not in Amazon.com) and my IP is foreign to them because I don't live in the UK, so it makes sense.

However one always needs to be smarter and take a second and more profound look.

If you move the cursor above the link in the e-mail, you'll notice in the status area of your browser (see the red rectangle in the picture) that the real URL it is pointing to is very different from the original. A clear clue for phishing. This is difficult to spot in a non-webmail client such as Outlook. If you click un this link you will find a clone of the original Amazon.com site, so you probably won't notice the difference. Danger!

The other important thing to notice is that, although the sender reads "Amazon.com", if you see the real address (moving the cursor above its name) it's, in fact, zfuzvq@lycos.co.uk, as you can see in this picture:

If I'd had clicked in the link and entered my credentials I'll end up giving them to someone (probably) in the far east who will get access to all my information in Amazon, and probably would have charged some books into my account. Imagine what she could do if the phishing were related to my bank account! :-(

Conclusion: be extremely careful with e-mail about security issues. Before clicking on a link always check the real URL it is pointing at. And check the real sender of the e-mail too to be sure that it's from the same domain as your provider.