En poursuivant votre navigation sur ce site, vous acceptez l’utilisation de cookies pour réaliser des statistiques de visites. En savoir plus

The intelligent Phishing - 22-March-06

27 novembre 2006 12:18

Analysis about the e-mails that cheats people

The Phishing policy consists in the creation into the addressee’s spirit of the feeling that the e-mail comes exactly from the supposedly sender.

For this, it is enough, at first place to make an e-mail address in which is the name of the bank or the financial organism into the forwarding merchant site. This is simply done when you put this last one in the “Sender e-mail” site in the settlements of its Internet account. I could send to you an e-mail from my own accountbut doing as if the e-mai l given as the addressee be the White House one.

Immediately, the evil person reproduces the shape, the colors and the logotype of that place. Generally, these e-mails don’t have another purpose than to obtain the access key and the password in order to can put you in the account and to do transferences to his own account.

The e-mail content reports about a technical or security reason and invites you to confirm the good working of the account because, in the opposite, you would lose the access benefit.

In order to consolidate the confidence, the visual entails integrated in these e-mails shows well the URL   of the usurped addressee however, you can’t click it. Even if you can, this entail hides the real destiny of the entail. The URL   you can see isn’t the one where you go after clicking above.

Therefore, the visitor doesn’t pay attention to his entail browser and he thinks he is in the corresponding site and completes with his confidential information. These data are registered and are sent to the ones that make frauds.

In order to frustrate this method is enough to verify the URL   that is effectively into your browser. After the double Slash that comes with the http (http://), they are the last characters before the next Slash that points the joined site.

>See an example of e-mail.<

* Phishing : act of attempting to dishonest, to acquire sensitive, personal information through deception, duplication of a Web page that already exists in order to trick and entail users into giving private or financial particulars or their password (Internet)

>See another example of e-mail. General Society.<

In the case we are going to analyze immediately, the link you can click sends to a different site from BNP PARIBAS site since the name that appears before the first Slash is dllinfo.cc.

What you find before the point that precedes this name is no more than a group named “alias”. These ones can be generated unconditionally and under all possible names. A sagacious glance is been able to detect at first sight a Phishing e-mail.

Example of a false entail. You can see below an entail that seems topographically re-go to the site of the newspaper “le Figaro”, but really, you are going to be on the site of “Le Monde”. Even when the logotype of le Figaro be reproduced there in a faithful way, you would believe to be in the other one.


It is necessary that you know any bank or financial organism ask its clients through e-mails to take access codes. This information is considered “ultra” confidential. Only your local agency or your usual counselor could write to you to communicate a new one. This is the reason that they will ask to you that you never reveal it by telephone or e-mail.

After we say this, if something is in doubt about some e-mail you might received, you don’t hesitate in being in touch with us. We are going to support you, for giving you peace, even if you aren’t a Domaine.fr client.


Partager Imprimer Envoyer a un ami