How to identify Fraudulent Emails

In June 2004, a spam attacked many an email inboxes, asking people to logon to ICICI bank website and change their account details due to the said security verification by ICICI bank. The link in the email took them to a fake site that resembled ICICI bank’s website and asked them to key in their user-id, password etc. That was an email fraud initiated by someone who wanted to get the user-id and password of ICICI bank customers to tap money out from their accounts.

Though there weren’t any reports on financial loss due to this, no one has to think twice to understand the motive behind such an email. Fraudulent emails are becoming rampant as internet banking has grown in popularity. Lets try to examine a fraudulent email from real life so that you could identify it when one such arrives in your inbox one fine day. Let’s also go through a few measures that could be adopted so as to ensure that you would not be devastated by an innocent looking email.

Shown below is the screenshot of an email one of my friends got in his inbox. It’s supposedly from Bank of America saying that the bank requests the recipient to start a client details confirmation procedure. A link to click-on to start the confirmation procedure was also shown in the email.

Bank of America email
A perfect link it was and when it was clicked, the following website got opened.

Bank of America fraud website
The site asked for the online user-id and password among several other details. It looked as authentic as it could be. For a reference, have a look at the actual BankAm website below.

Bank of America actual website
Now what all are the catches. Let’s examine the email and the opened website in detail.

The sender’s id in the email was some reference number @ bankofamerica.com. How could this be possible? Is it possible for anyone to send an email with someone else’s email id at the sender’s place? The matter of fact is it is very much possible to send an email with someone else’s email id in the sender’s place. People who are working in the IT industry would vouch for it. You can feed in any address to the email sending function and it will send emails as if the sender’s email id is the one that’s entered.

Now the URL shown in the email is, http://www.bankofamerica.com/onlinebankingid1073531410/session.cgi
One would wonder what problem does this email have? The catch here is the address to which the URL takes you need not be the URL that is displayed on the email. Let’s have a look at the URL of the site that got opened when this URL is clicked. It is, http://www.bankofamerica.com.onlinebankingid1073531410.ezgor.biz/session

You may not see any difference between the two, but if you notice closely, there are a few changes in the two URLs. There is an extra ‘ezgor.biz’ in the site that has opened. Second thing is most of the ‘/’s in the shown URL are replace by ‘.’s in the site opened. Now in the internet world, a ‘.’ signifies a sub-domain of a main domain, like mail.yahoo.com of yahoo.com where as a ‘/’ denotes a sub-folder in a sub-domain or main domain. Now what this turns out to be is that bankofamerica.com.onlinebankingid1073531410 is the sub-domain of the site named ezgor.biz, which is a fake site opened by the frauds and is not the site of Bank of America. The sub-domain name is well crafted so as to look quite real. The fraud site was made to look exactly similar to that of Bank of America website so that people won’t feel the slightest of doubts about it.

In the internet world, such activities to get hold of confidential information by masquerading as a trustful entity are termed as ‘phishing’. New age browsers carry phishing filters along with it, which verifies the entered URL with universal databases of phishing site names and warns you in case the site is found out to be a phishing site.

Going forward, here are a few steps you could follow to protect yourself from being cheated.

When you receive such an email, have a look at the ‘from address’, body etc. for doubtful content

Prefer not to click on the URL given in the mail for the displayed URL and the real URL may not always be the same. Either copy paste the URL in to the address bar of the browser or if clicked directly see to it that both the URLs are the same

Verify the URL of the newly opened site and look for any doubtful texts in the address. Like the ‘/’s to ‘.’s and the extra domain name in this case

For internet banking most of the banks provide a secure http connection denoted by an ‘https’ instead of normal ‘http’. Look out for ‘https’ while doing such transactions. ‘Https’ is always preferred for such transactions

When in doubt, call the customer care service of your bank to confirm whether the bank is running such a program or not

Enable phishing filter that comes along with the latest version of your browser

Ever since its inception the internet has made our life simpler to a great extent. But every good thing has its own flip side. Spam and email fraud would account for that in the internet world. With a little care, enjoy your online experience to the fullest and make the most out of it.