Raw Bytes

Computer News

KPBX FM 91.1

Spokane Public

Radio

National Public

Radio Network

Frank Delaney

Producer

Broadcast on

Thursday Morning

7:35 AM During

Morning Edition

Support

Public Radio !

The Theater

Of the Mind

In computer news this week Thursday November 18, 2004

The protection you need on the internet today - Part 7 –

or Don’t surf in shark infested waters ...

You get an email from your bank or some company you do business with asking you to verify your billing information on line – this is the typical phishing or spoofing email  that hackers send out by the hundreds of thousands to try to steal your credit card information, and supposedly 5% of all people fall for these emails.

Last week I mentioned receiving an email from Citibank asking me to verify my billing information online – even though I am not even a Citibank customer. It looked very official and supposedly if I clicked on the link in the email it was going to take me to a secure website – as in the email the website was displayed as https:

But when I placed my mouse pointer over the website in the email it displayed a completely different website address – a numeric ip address. If you see a website address that is a number, there are many places on the internet you can go to do what is known as an ip address lookup. I always go to http://www.samspade.org - a site named after the detective in the movie classic”the Maltese Falcon”, and the author  - Dashiel Hammet - once lived in the Davenport hotel here in Spokane.

At Sam Spade I did an  IP whois search of this numeric website and found it to be registered to a Korean company. If this website was truly legitimate it would have been registered to Citibank, so it was obviously a fraud:

whois

Whois:
@whois. Magic NetworkSolutions.com CRSNIC.net ARIN.net RIPE.net APNIC.net LACNIC.net EDUcause.net PIR.org nic.MIL AUnic.net

Server Used: [ whois.krnic.net ]

210.115.192.14 = [  ] 

  

  

 (www.nic.or.kr)  Whois   

  query: 210.115.192.14 

   ENGLISH 

  KRNIC is not a ISP but a National Internet Registry similar to APNIC. 

  The followings are information of the organization that is using the IPv4 address. 

  IPv4 Address       : 210.115.192.0-210.115.223.255 

  Network Name       : KBSTRINET 

  Connect ISP Name   : ISP-1 

  Connect Date       : 20010101 

  Registration Date  : 20010101 

  [ Organization Information ] 

  Organization ID    : ORG35293 

  Org Name           : KBS 

  State              : SEOUL 

  Address            : 18 Youi-do Young-Dung-Po-Gu 

  Zip Code           : 150-010 

  [ Admin Contact Information] 

  Name               : DoMyeong Choi 

  Org Name           : Korean Boradcasting System (KBS) 

  State              : SEOUL 

  Address            : 18. Youi-do Young-Dung-Po-Gu 

  Zip Code           : 100-791 

  Phone              : 82-2-781-2753 

  Fax                : 02-392-8773 

  E-Mail             : dmchoi@kbs.co.kr

  

  

Phishing sites are usually operative less than a day. A hacker will register a website online – probably using a stolen credit card number and using an internet registrar that doesn’t check the registration information. Then they can get a free email account virtually anywhere and list of email addresses from any number of spam companies. Then the hacker will go to the website of a legitimate company and easily download parts of their website; their logos and main screens. Then the hacker can modify this code and put it on their  phishing website.

They send out a spam email of maybe 100,000 and can expect to get 5,000 responses of honest people. In just a few hours the crooks get up to 5,000 credit card numbers, pins, and passwords.

Usually within hours of a phishing email going out, people start reporting it to the companies who are being spoofed, and then those companies get their security people trying to close down the spoofing website.  They can trace the site to the internet registrar who sold the name, but usually they find the legitimate owner of the site is registered as Mickey Mouse who Lives in Cheeseville, Wisconsin. All the registration information is bogus – the only reality is that 5000 people have had their credit card information stolen.

Phishing is such a threat to Ecommerce that most banks and retailers have informed their customers that they will never be asked online to verify their billing information. So you should never respond either to an email from anybody asking you to verify this information.

The program most people use to connect to the internet is Microsoft’s Internet Explorer, which has been plagued with security holes which have led to many of the internet problems I have talked about in this series. Next week I’ll talk about a new browser which by design eliminates many of these problems, and best of all – it’s free.

For Raw Bytes

This is Frank Delaney

(C) 2004 MTA Micro Technology Associates

http://www.mtamicro.com/kpbx.html

PO Box 31522 Spokane, Wa 99223-1522

(509)624-7230

mailto:frank@mtamicro.com