Even The IRS Wouldn’t Stoop This Low
Posted on 09. Nov, 2007 by The Gimcracker in Gimcrackery
Hey, retired AOL using grandmas of the world. If you get this email, delete it immediately:
Now that we’ve established the true point of this post, let’s delve into the grand gorge of gimcrack and discuss it for a bit.
Clicking the link at the bottom of the email will take you to this website (click the image for a larger view):
I hate to break it to you, but here’s the real IRS website:
Yeah, they’re almost identical. Almost. Someone out there is an amazing web designer as they were able to clone the IRS website design, color scheme, menu behavior, content, white space – everything that makes up the site. Aside from realizing this website was a fake just by reading the initial email, which is truly the best way to avoid phishing, I’ll show you a few ways to spot the fake once you’ve fallen for teh haxorz tricks and clicked on the link of doom.
The Address Bar
You wouldn’t step inside a house on 429 East 38th Street if you were trying to get to 1305 South Hiatt Street, just as you wouldn’t give your credit card info to wwwwww.bestestbuy.cornmaze if you were trying to shop online at Best Buy. The address bar is there for a reason: to give you the address of the website you are visiting. Do you really think the IRS resides at http://211.192.139.107:8080/www.ir$.g0v/Get_tax_refunding.html? I’d wager it was something more along the lines of http://www.irs.gov.
The fake:
The real one:
The Navigation
Click a few links once you get to the website in question. Usually it’s just a facade with nothing under the surface, which you’ll uncover very quickly if you dig a little deeper. Haxorz don’t want to spend a lot of time matching up content, they just want to create one good page that looks completely authentic and BADABOOM – grandma got ran over by a thieving reindeer. Upon clicking just one link in the navigation of the fake IRS website, I realized that there were no other pages in the site. All the links just took me to ‘Not Found’ error pages. LOL n00bs.
The Favicon
This one isn’t as obvious, but I did notice it when comparing the real and fake IRS sites. The favicon was slightly different. You can see that the fake is a little darker and less clear, like they saved it in the wrong format or something. The real site is the one on the right.
My point is, look for the subtleties. It’s not always going to be the favicon. It could be a mispelling, a little less padding underneath a box, or a link hover color that doesn’t match the original.
Go To The Real Website
The easiest and most important tactic is to search for the site using Google, which will never give you phishing websites in its results. From there, you can get to any page within that website and be sure that it is authentic. If the email was trying to get you to update your contact information, just browse to that area of the real site and do it. If the email told you your account was about to expire, go to the real site and see if they give you that same message. Use common sense.
In conclusion, well done hax0rz. Your site was spot on identical in almost every way. But, all your tricks are belong to us.
Anyone have any funny phishing/identity theft stories? Lay them on me.
My wife got phished once in college. It was about 2am one night and she got an email from eBay saying that she needed to update her account. She was going to call me about it, but then decided she could do it on her own. 5 minutes after filling out the form she realized she just did something really stupid and called the credit card company immediately to have her card cancelled.
It was pretty funny.
I’m assuming by “funny” you mean “shitty”. No offense Jen.
Fill’s been fished.
Oh yeah, I think it was via a Paypal email. Happened to my dad too.
jen was on paypal email . . im in san diego. brian. wee need to hanh out sometime soon. im goin 2 thea colts game on sunday. look for me on tv, ocolts side right near the goal line.
pleas forgive me for that previous post.
srlsy. kthanxbye.
Friends don’t let friends post drunk.
Brad… buddy… put down the iPhone or put down the beer. You can’t use both at once.
It’s all good. Don’t let random strangers take you out for mexican food and tequila in San Diego. Lesson learned.
Tequila. There’s your problem right there.
If you would stop being gone every weekend we could plan our game night. I’ll KIT about that via email.
I had a dream last night that I was at a Cardinals/Colts game and it got rained out and then all the players started fighting and the Colts beat up all the Cardinals players and Dungy beat up the Cards coach and then they gave Indy the W. It was glorious.
I’m insanely jealous of you.