If we disregard the name of the domain and the lack of a secure connection, it’s not difficult at all to reproduce the login page of a company’s website. This rule applies for PayPal, Nationwide, Lloyds TSB and most other financial institutions and payment processors.
Another example is represented by a series of emails which pretend to come from Discover – one of the most popular direct banks from the United States.
In order to trick the recipient into clicking on the links they carry, the fake notifications rely on a classic topic:
Dear Discover Card member,
Your latest Discover card statement is available in the Account Center on Discover.com. With Paperless Statements you are protecting your account and the environment.
Log in to view your statement.
Did you know that you can view detailed rewards activity, sort your transactions, view additional transaction details, dispute a charge and more on Account Activity.
Account Summary Ending August 20, 2012
Statement Balance $258.06
Credit Line Available $13,926.00
Minimum Payment Due $84.00
Payment Due Date September 18, 2012
If such an email reaches a Discover customer, it’s likely that the bogus numbers from the message don’t actually match the ones from his/her account.
The cybercriminals that run this scheme hope to induce a sense of urgency and determine the victim to quickly click on the link and enter his/her username and password without giving it much though.
Once the Log In
button is clicked, all the data is sent back to the fraudsters, giving them access to the unsuspecting user’s financial assets.
As we mentioned at the beginning of this advisory, the easiest way to tell the difference between a fake email and a real one is to check out the website where the links point to. If the address doesn’t start with “https” then something is clearly amiss.