||Oracle Tips by Burleson
Chapter 8 -
Phishing for Identity
The “from” address in these email messages will
often make the message appear to be from the company in question.
They usually have a link that the recipient is instructed to click
on. The link will appear to be part of the same company. Figure
8.2 shows a typical email message used in this type of scam.
Figure 8.2 - A sample Phish-mail
The first item to note is that this is a pretty
good email message. Several of the usual cues that the message is a
fake are not present. There is neither the horrible grammar nor the
poor spelling that is common with this type of swindle.
Additionally, the message plays on fear by stating that this message
is to prevent the user from having future problems. Rather ironic,
Finally, the air of legitimacy is supported by
the link that not only appears to be part of the US Bank website,
but if one were to manually type it in to their web browser, it
would take them to the genuine US Bank Account Access web page.
Unfortunately, the link in the e-mail does not take the user to a
website belonging to any part of the US Bank. In fact, it directs
the user to a scammer’s home page that is cunningly made to resemble
the genuine article.
If that link in the email is clicked, the user
will be prompted to enter more information like their address,
account number, Personal Identification Number (PIN), mother’s
maiden name and other privileged information. This falsely obtained
data could be used to steal that individual’s identity by taking
over accounts or obtaining new ones in that individual’s name.
Download your Oracle scripts now:
definitive Oracle Script collection for every Oracle professional DBA