*Phishing Scam Alert...and no, it's not the one from Nigeria this time...

Head's up regarding a Phishing scam that affected someone I know and had their e-mail credentials compromised. The e-mail may be distributed to an undisclosed list of recipients from someone you actually know. The subject says "Check out this property!" and has a "Click Here" link. In the interest of discovery, I clicked via a safe VirtualMachine and landed on http://pptyavail.c0ldwellbanker.us.jas/..[Do not bother to click on the Link, it's been modified to protect the technically challenged], a page that looks like it might be from Coldwell Banker. There's another "Click Here" button that prompts you to provide your login credentials from one of the four major e-mail systems--AOL, Yahoo, Gmail, and Windows Live. Here's the sneaky part: After you provide your credentials you're forwarded to a bonafide Coldwell Bank site. 

So how do you know if you're getting scammed? Here are some of the signs:

i) Ask yourself: Do you know the person who sent you the e-mail? and Is this something they would send? Context is important.

ii) Was the message sent to undisclosed recipients? Ask yourself: Why would someone do this? There are good reasons--distribution list from church, community group, intramural sports, etc. But more likely it's because the sender doesn't want you to see the hundreds--if not thousands--of users he's sent the message to.

iii) Is the URL an Extended Validation SSL site? If it isn't that doesn't make every site bogus, but it does mean you need to look more closely at the URL.  Very briefly, most people know by now that SSL encrypts the data traffic between your browser and the destination site. All you need to know about EV SSL sites is that the associated certificates are much harder to obtain by illegitimate groups, and when you go to EV SSL sites your address bar will change color--usually yellow or green, depending upon what browser you're using. Try browsing to your bank's web page. Most of the major banks use EV certs.

iv) Does the URL have a legit name you recognize in the HOST part of the domain name--that's the name to the immediate left of .com, .edu., .org, etc. (e.g., in login.wellsfargo.com, login is the subdomain, wellsfargo is the host domain, .com is the second level domain) A hacker will try to trip you up by inserting a name you recognize in the subdomain, because there are no controls on what a subdomain can be named (e.g., wellsfargo.hackersite.com)

v) Does the site ask you for credentials from an account not associated with the site you're on? If so, that should be a Red flag! Sirens should be going off in your head. Now facebook has an interface that allows single sign on to other apps, but a legit site won't need to ask you for credentials if you're already signed in (and have an active session) on facebook. Likewise, if you're asked to provide e-mail credentials, ask yourself why a bank needs to know your e-mail address AND the password. Unless you're accessing your web-based e-mail directly, NEVER provide this information to anyone.

In summary, if you're at work and you stumble upon one of these phishing emails, notify your Information Security folks of I.T. department pronto. If you're at home and you get one, most email services have a way of flagging the message sender as SPAM or you can forward to SPAM@.com

Hope this helps! I know we want to share with folks we trust, but let's be careful with the data we give up so willingly!

'Nough said
+THINKER