Cops cuff 4 in £1m banking fraud malware case Four people have been arrested and £80,000 in cash seized as part of a Met Police investigation into the theft of an estimated £1m from UK banks using malware. Two men, both aged 31, and two women aged 24 and 27, were arrested on suspicion of conspiracy to defraud and conspiracy to launder money during raids on properties in …
And to think that my bank has a declaration on its home page saying that they will never ask you for your banking details either by phone or by mail. It must be the only one, I guess.
Not to mention the fact that the body of the mail may have been properly engineered to resemble an official mail, but I'm pretty sure that a quick check of the replyTo address would/should have raised some red flags.
There is a disturbingly high need for mail training these days.
Many people do look at official looking emails and think they're OK. Sometimes looking at the reply to address isn't going to work either as that can be forged too.
I think for non techies a "better safe than sorry" approch needs to be taken. If it's from a bank or other sensitive organisation they should pass it by someone who can look at it or call the bank and ask if they sent it. As you say, education is key!
Reply-to address don't mean jack. Malware authors aren't going to fake this, they'll just put in the real one, because it's the LINKS that they want you to click on - you know the links that don't actually go anywhere near your bank's domains. The only way of getting round that is to read the tooltip of the URL, but with banks using a wide variety of domains, along with the fact that non-techie people like your mum not knowing what the hell this is, it means that even that method can't be totally relied on.
Best thing is to simply use your sense - if it's asking you to do something, ask yourself WHY, do you really need to and whether it's best to actually call/contact the bank via another method for verification.
Outlook makes it really hard to read the headers. However even if you could very few folk know what they are looking at.
It would not be hard for a mail client to flag emails where the various addresses don't stack up and the referenced domains in URLs don't match the email domain. The client could deref the URLs from the HTML and display exactly what you will click on and even change them to plain text when they are not in the domain that sent the email.
It is not foolproof and the downsides - eg "legit" spammers (eg estate agents and other businesses who bulk email) being forced to properly identify themselves all the way through are not too onerous.
Hmm, need to think about this a bit and see what I can do with Exim and a new filter I can feel coming on ...
To be honest a simple filter that turns hrefs into plain text will go a really long way and that should be a doddle.
Cheers
Jon
Dunno about you, but I LOVE to read about criminal scum getting caught. It's like porn to me.
One the one side, there are decent, hard-working folk, like the readership here. At the other side, there are the parasitic scum who have no compunctions about stealing from others, as a cushy alternative to working. They are filth and I hope they have a rotten time in the Queen's Hotel and lose all their stuff.
BTW - I use Thunderbird for email, so I'm used to seeing the real URL in the phishing spams. I was shocked to see that my colleagues using the standard corporate-issued MS Outlook can't actually see the URL.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
