Friday, March 02, 2007
How Mushy Got His Groove Back
While I'm not going to name the business or partners or any of the other 'special sauce' stuff, if you're reading this blog and you've known me for longer than a month you're probably interested. (And I'm sure my parents would like to know too, Alene; it's not like they read anything I scribble online. Thankfully.) My job title is Fraud Analyst. I'm working for a business which seeks out websites which attempt to fool people into giving their personal information or financial information, for the purpose of stealing identities and money. It's called "phishing". These sites are duplicates of the login and account setup screens for banks and e-commerce websites; people reach those pages through bad links on webpages or in 'urgent' emails which appear to come from legit sources, and many of them are VERY convincing. Many e-commerce, auction, online payment, and similar sites have been duplicated, and every good-sized bank and credit union has been the subject of a fraudulent duplicate site (or will be eventually). It's probably not priviledged information for me to say that there are about 20 sites created per day which pretend to be PayPal's login alone, about 10 sites a day which pretend to be eBay's login, and maybe 5 sites a day which imitate Amazon.com's login... where the money is, the crooks will go. I knew that phishing was a problem but never realized just how massive or organized it was until I joined the battle against it -- it's a big game of Whack-A-Mole, one we're getting better at as the businesses being spoofed and the Internet providers through which those bad sites are created (often without the knowledge of those who rightfully own the webspaces being used) gain more understanding of the issue, and the public becomes more wary of what's out there and how it happens so they can avoid becoming victims. My job duties include going through lists of webpages which have been reported to the business as being possibly fraudulent and ascertaining whether they really are, keeping track of who is being attacked so we can let the targetted sites know what's happening to their brand names, and taking appropriate actions to shut down those fake websites (and herein is the challenge, since one has to find the person with the power to delete an account or mysteriously implanted folder). Phishing is all my business handles; online pharmacies and 'enhancement' pill spam and junk bonds and other forms of fraud aren't in our field, which does simplify things a bit for us and I don't know where to direct you with those except to say don't open mail from strangers!
Here are a few suggestions you should keep in mind to avoid becoming a victim, and this is by no means everything. First, your bank or the well-known sales sites are not going to request you re-enter your account or financial data as though they'd lost that information. (They would have lost your email address in the process, right?) Second, always look at the address bar in your browser if you click on one of those links; most of the time it's going to tell the truth about where you really are, and you might have to look for what comes right before the first "/" to notice that "secure-login.paypal.com.badguy.hk/cgi/login.php" is coming from "badguy in Hong Kong" and not PayPal. Tangental to that, when the page says it's secure or has a lock on it or other assurances the page is safe, look at the very beginning of what's in the address bar of a page asking for your login info; if it doesn't say "https:" (for HTTP Secure) it isn't secure, and again your bank or a trusted sales site wouldn't ask for sensitive information in a plain ("http:") page -- or at all through an email. Third, if you are going to do business with a known site, make sure you're going to the site directly -- type in the site's URL instead of clicking a link. If the address in the browser when you clicked a link is misspelled, be suspicious. If there's stuff on the page itself that's misspelled or doesn't look quite like you remember it (font changes or character set changes), be suspicious. A bonus trick of the trade if you're not entirely certain you're in the right place (or, heck, if you know it's a phisher), which I've used for a couple years: enter bogus information in the login fields and then hit the Submit button, and if it acts like it logged you in you know it's not for real. And now a tip for anyone who has a website or there's a webspace associated with their Internet account: Make sure you have a secure (more than six characters, with letters and numbers) password so your webspace isn't so easy to sneak into, and keep an eye on the contents of your space to see if any new files or folders have popped up. I'm serious, I've gone to phisher sites which were being inadvertently hosted by a church, a high school choir, several colleges' unused student accounts, and a self-run blog for discussion of Asian soap operas, all due to the site owners having a guessable password.
[addendum, a day later: Damn, forgot to say that the update to Laughter is the Spackle of the Soul has been posted. I think the pictures are funnier than the captions this time, but that's what I get for being in a hurry -- was distracted by the new job process and didn't work on the site previous to 10pm Feb 28, ugh. Things will improve; I just bought a big heaping bag of 1950's-1990's photos.]
I get tons of e-mails from paypal customer service. Do you want those forwarded? Or does the contract say paypal kicks it to you? Anything I can do to help ye out.
(Incidentally, if anyone wants to give the company I work for money, go to any cell-phone maker or service providers website and have them send their settings to your phone. we pwn that tech. not that i'm feeling great corporate loyalty. Company I work for has either tripled or quadrupled in size since i started two years ago. I remember when the big boss knew me by name. same boss, but he doesn't say hello anymore.)
I'm so glad you got the job!!!!
It does sound like a great fit. It's unusual to hear you singing praises about your co-workers and job. Maybe, over time, some stupidities will crop up. So, phish away...
Happy weekend to you and Paige. I'm sure she is very happy that you found a job that you are happy with.
And yeah, definitely, you're welcome to email me (I'll give you my work addy soon) when you get a phish. We accept phish URLs from anywhere we can get them -- which are typically a set of phish-catching services and to a lesser degree the targets themselves when they find out about them (most of the time anything they tell us was what some consumer told them). When we stumble across a site ourselves (or someone tips us off another way) we toss it into the hopper. Just the other day a bank's phish site came up on the list, and I was deleting back layers in the URL to find other points that would spit out more fish (remarkably none of the directories had index.html pages to prevent this) and at the base domain... two directories, one for the bank phish, one for an ecommerce phish! Two two TWO phishers in one! So I added the second phish and reported the domain as having no other purpose than committing fraud, so it can be knocked out by its host.
Jamie: True, it is unusual for me. I don't have to deal with the unwashed public calling me, so that's definitely a step in the right direction. Definitely will be stupidities, a few I've seen over other people's shoulders. Like the New York bank that was the subject of a phishing attack by a site in Canada, and the bank gave us the go-ahead to take down the phish site; it took a lot of babytalk to inform the Canadian Internet provider that there was a problem only they could fix (example, quoting whomever my coworker was talking to, "I'm sorry, but we don't provide support for that bank..."). She definitely is happy, and we're getting our kitchen remodel plans into gear.