The ways of a phisher are plenty but so are the methods in differentiating a phishing mail from a genuine mail. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers may include PayPal, eBay, MSN, Yahoo, BestBuy, America Online, Banks – basically any online website.
Spammers for now have been doing the rounds using fake American Express mailers into getting unsuspecting people to click fraudulent links. From ‘Fraud Protection Alert’ to ‘Change In eMail Address’ – these mails have been used to download malware in the background and siphon off user details.
Given below is a snapshot of where the highlighted links point to and it isn’t American Express – except for one.
However, for reasons unknown they included a genuine link pointing to American Express. Could either be a mistake on the phishers part or they are just trying their best to gain the users trust.
In the event you cannot differentiate between a genuine and phishing mail, always hover your cursor over the given hyperlink. The link will be displayed towards the bottom left of the screen (See the above given pic).
According to our analysis the following link ‘https://hwproblems.com/TnD8VW4T/index.html’ downloads the following frames:
missing.hwpub.com/404-header.htm
missing.hwpub.com/?ck=ndc96uyh76&et=1
And scripts
pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js
dsnextgen.com/?o_id=162786&domainname=hwmissing.hwpub.com/
cdn.dsultra.com/js/main.js
The links are nothing but advertising programs that generate revenue for spammers based on the number of clicks.
Next time you click a link, make sure to check the domain the hyperlink actually points to.
