The dilemma of phishing…

Written by Cornelius J. van Dyk on . Posted in Blog

OK, so I’m a pretty computer savvy guy.

I like FISHING, but these PHISHING attemps drive me crazy! 

I don’t get fooled by these phishing messages… never have… hopefully never will.  I got the following email from someone claiming to be Fifth Third Bank.

120806_1449_The dilemma2

The above email supposedly was sent from

I sincerely doubt the existence of such an email address, though the domain is valid.  The actual return path of the message is

Anyway, normally when I get these kinds of messages and when I check their sites, the sites have been taken down already.  Not this time.  Either these hackers are finding ways to stay up longer or my email address has moved to the front of the “who to hack” queue.  Whichever it is, it’s not good!

One can generally tell it’s a phishing message because there are some dead giveaways.  Grammar is always the prime one.  Most of these phishing messages originate behind what used to be the iron curtain i.e. former Soviet states.  Any country where police enforcement of online issues is hampered by normal crime figures being high, is a prime location for these hackers to base their operations from.  As such, English isn’t their first language and grammar is usually poor, resulting in a dead giveaway as to the message’s illegitimate source.

If you look at the email, you will notice that they are getting better and better at it though.  The logo, stolen directly off the bank’s web site at #1 makes it look legitimate.

The URL, with a very valid domain component, lends itself more to fooling the user into believing the email to be valid as in #2 and they even include the copyright footer information in #3.

The only indication of something fishy (excuse the pun) going on is at #4 and #5 where the grammar of the email is not as perfect as one would expect.

One thing that set this message apart from others is the fact that they didn’t just put the link in the message… instead, they encapsulated the entire message in a link object and as a result, clicking ANYWHERE in the message pops open the site as follows:

120806_1449_The dilemma3

Looking at the phishing site, at #1 you can see that the URL mimics that of the real 53 Bank site.  The only difference being that between “.com” and “wps” is a “.” instead of a “/” as on the real site.  The same goes for “wps” and “portal”.  It would be so easy for a novice user to miss that and think the site is real.

To add to the effect, the “Privacy & Security” link even points to the valid location on the site.

Of course what these hackers are really after is your information as in #3.

Providing them your full name, state, ID and password enables them to logon to your account.  The next thing they will attempt to do is change your password so as to lock you out of the account.  They may require a security verification code to do that.  The most common code people use is either their pet’s name or their mother’s maiden name ala #7 and #8 on the form.  With that information in hand, they can pretty much clean your account out.  Bastards! 

If you look at the 53 Bank site as follows:

120806_1449_The dilemma5

You will notice the logo at #1, which was stolen and used on the phishing email and site.

Furthermore, at #2 you will notice the URL that was mimicked on the phising site.  The real URL being:

while the phishing URL was:…

Notice the subtle differences? 

Oh, and of course the “Privacy & Security” link, also stolen for the phishing site…

So what are we to do?  Law enforcement can’t touch these guys.  They setup their sites and break them down so quickly that it’s almost impossible to catch them.  The fact that they are sitting in Russia doesn’t help either.  Actually, on this one, the site is hosted in Taiwan and the domain owner is a Russian named Fedor Burof.  The WHOIS record for the domain is as follows:

120806_1449_The dilemma7

How do we handle such threats to our finances, in fact our lives?  I don’t know… I honestly don’t have an answer to this one.  I know how to handle it if the guy was in my city, or even my state or country, but the internet has not only exposed all the information we could possibly want to anyone and everyone, it has also made us more vulnerable to such attacks from far, far away.

The only way to counter such threats is to be alert, trust nothing coming in via email, question everything written in email and above all, educate ourselves, so please stay safe…




Trackback from your site.

Cornelius J. van Dyk

Born and raised in South Africa during the 70's I got my start in computers when a game on my Sinclair ZX Spectrum crashed, revealing it's BASIC source code. The ZX had a whopping 48K of memory which was considered to be a lot in the Commodore Vic20 era, but more importantly, it had BASIC built into the soft touch keyboard. Teaching myself to program, I coded my first commercial program at age 15.

After graduating high school at 17, I joined the South African Air Force, graduating the Academy and becoming a Pilot with the rank of First Lieutenant by age 20. After serving my country for six years, I made my way back into computer software.

Continuing my education, I graduated Suma Cum Laude from the Computer Training Institute before joining First National Bank where my work won the Smithsonian Award for Technological Innovation in the field of Banking and Insurance. Soon I met Will Coleman from Amdahl SA, who introduced me to a little known programming language named Huron/ObjectStar. As fate would have it, this unknown language and Y2K brought me to the USA in 1998.

I got involved with SharePoint after playing around with the Beta for SharePoint Portal Server 2003. Leaving my career at Rexnord to become a consultant in 2004, I was first awarded the Microsoft Most Valuable Professional Award for SharePoint in 2005, becoming only the 9th MVP for WSS at the time. I fulfilled a life long dream by pledging allegiance to the Flag as a US citizen in 2006. I met the love of my life and became a private consultant in 2008. I was honored to receive my ninth MVP award for SharePoint Server in 2013.

Leave a comment

You must be logged in to post a comment.