How to...
Spot phishing scams
There are many emails being sent around the net looking like official documents.
Microsoft emails will never expect you to Click on this big button to go to our download page.
This is one such email among many that look official:
If you want to find out what would happen if you click on the email then Right click within a blank area of the email and select View Source.
You will then see the HTML code that makes up the email.
If your email contains no mention of the official website or contains something like this:
microsoft.com%01 @ %7a%69%70%2e%70%68%70%77%65%62%68%6f%73%74%69 %6e%67%2e%63%6f%6d/%7E%62%75%6C%6B%65%72/update/
Then it is not official and is making up the domain name by using codes which spellout something entirely different that where you think you are going.
Those % codes are hexadecimal numbers translated into characters you would type at the keyboard this sequence would produce:
microsoft.com @ zij.jhjwebhosting.com/~bulker/update/
The www.microsoft.com at the front looks like you will be taken to the Microsoft home page but this is information that is passed into the website using the @ sign. It is yet another scam.
I recieved yet another of these scams or phishing sites. This one is designed to gather details about my online banking passwords and pins.
At first it looks OK, using the official graphics from Halifax.
I viewed the source as before and found a hyperlink that looked like it was linking to the Halifax official website.
halifax-online.co.uk/_mem_bin/FormsLogin.asp?source=halifaxcouk
But looking a little further I saw that there was an Html Area code containing a different hyperlink.
halifax-online.co.uk%2E%75%73%65%72%6D%61%69 %6E%64%6C%6C%2E%63%6F%6D:%39%31%32%30/%66/%69%6E%64%65%78%2E%68%74%6D
Although this also looked OK at first, it starts with the expected halifax-online.co.uk
But then the real website details are hidden in hexadecimal coded: %2E%75%73%65%72%6D%61%69 %6E%64%6C%6C%2E%63%6F%6D:%39%31%32%30/%66/%69%6E%64%65%78%2E%68%74%6D
Clicking this (not a good idea as it could be malicious) I discovered it was taking me to halifax-online.co.uk.usermaindll.com:9120
So the real web address is usermaindll.com, as the first bits are all sub domains or folders within this domain.
If you recieve any of this kind of email it is a good idea to forward it to the bank or even serious crime squad and let them know as they can try to shut the website down.
If you would like to decode these hex numbers then try using the Character Map in your Windows system. Start -> Programs -> Accessories -> System Tools -> Character Map.
Select a font such as Arial and then select different characters the hex value of the character will appear at the bottom in the status line.
As a piece of advice never (ABSOLUTELY NEVER) click on an email link to visit a website. Start your browser and type in the correct web address or select from your favourites to ensure you are going to the official website and not some hoax or scam.
Happy surfing and be careful out there.
