10 August 2011

Phishing

In this era of viruses, malware, adware, trojans, hacking, malicious rootkits, worms, e-mail scams, phishing attacks, and what have you, one of the recommendations always given for users to protect themselves is to never click on any suspicious links in e-mails you don't absolutely know is legitimate.

That's why it always irritates me to find links in 'legitimate' e-mails from large, well known commercial companies.   They don't foster good habits when they include links in their e-mails that to my eye, at least, would look suspicious if I didn't already "know" they were legitimate .

Here's just a few recent examples that arrived in my inbox:

http://links.newsletter.futureshop.com/ctt?kn=15&ms=MzY5MDUxNzcS1&r=MzM0NDc2MDA3NQS2&b=0&j=MTA4ODM4MzgyS0&mt=1&rt=0

This one from Futureshop isn't too bad, since "futureshop.com" is in there, but what's with all that gibberish at the end? Is that supposed to instill confidence?

http://lt02.brierleycrm.com/track?type=click&eas=1&mailingid=6086068&messageid=6086068&databaseid=6086068&serial=16777794&emailid=myemail@xxx.xx&userid=xxxxxxxxxxxx=&extra=MultivariateId=&&&6086095&&&http://www.gamestop.com/StoreLocator.aspx?cid=eml_10000269

This link from a Gamestop e-mail only has "Gamestop.com" near the end. Besides, what the heck is "lt02.brierleycrm.com" and all that gibberish between?

To my admittedly non-expert eye these links look all too easy to spoof or mimic for non-legitimate purposes.

And finally the true impetus for this post was receiving an e-mail from Sony Playstation offering free identity theft protection for users in Canada:
"If interested, please submit your email address by 03/10/2011 at 11:59:59 PM CST at: http://www.playstation.ca/identity-theft-protection/. Please note, you must enter the same email address used to register your Playstation Network or Qriocity account[...]"
This sounds like a classic phishing attack, working on consumer concern regarding Sony PSN being hacked earlier this year, and that Sony had stated previously that they would provide something like this globally (where feasible) and not just the United States.  Sort of like those scams that show up trying to take advantage of natural disasters or real events.

Even worse, when I hovered my mouse over the link in the above excerpt, this is the actual address the link would take you to:

http://playstation-email.com/r?xnlJHTHEcqJqHTEHWTJnTnPPclH

Doesn't match too well, does it, and I'm expected to decide this is a legitimate link/e-mail?  When as of this writing I can't find any official announcement of this offer on Playstation Canada or PS blog?

Anywhoo, latest rant over.  I should say that as far as I know the above link examples are legitimate... just suspicious.