Mal-aware is a portmanteau meaning being aware of malicious activity on the internet. In this article I’ll be tackling phishing scams (as relevant to Myspace accounts, though the general concept is applicable to eBay, Paypal and various other internet communities). I’ll try to be thorough yet simple enough for the layman to understand. Why? Because of a flood of bulletins from Myspace friends apologizing for their account being hacked (which isn’t what’s happening). So if you feel your account is being constantly hacked, you might want to take a look-see (this is a long article but an easy-read with most of the important points illustrated).

Now a lot of what I mention may be common-knowledge for the web-savvy but since most of the internet’s population is web-happy, not web-aware, it’s important to understand the basics. Indeed, just a rudimentary understanding of web addresses (URLs) would prevent most Myspace phishing scams (and the ensuing apologies).

According to Wikipedia, “phishing is an attempt to criminally and fraudulently acquire sensitive information such as usernames, passwords and credit-card details, by masquerading as a trustworthy entity in electronic communications.” The most effective aspect of phishing, however, isn’t evident from the definition. Unlike hacking, where the nefarious geek actively pursues your computer/account in order to submit it to his/her will, phishing is a passive process. It doesn’t involve the hacker in real-time nor is anyone trying to break into your computer (necessarily, though with the information gleaned, that can be a concern). Indeed, the beauty of the phishing scam is that the average user willingly surrenders sensitive information without knowing better. Which means, it’s time to know better.

I’m going to use a typical Myspace example to illustrate the process. Comments and bulletins are commonplace on the ‘Space. Since Myspace comments accept html code (by default I believe), it’s possible for users to embed hilarious Youtube videos such as the just-married couple doing a “I-like-big-butts” dance. Wonderful stuff. Click, watch, have a chuckle, post a reply. Unfortunately, somewhere along the way you’ve willingly given away your login information.

A TYPICAL PHISHING PROCESS

Picture (1) shows a standard Myspace comments box. You’ll notice several comments and videos. Say you wanted to watch a video. You click and then … what the hell, you’re at the login page; apparently you were accidentally logged out. Nuts, well it happens all the time so you re-enter your login information, get back to your profile page and proceed to watch the movie with nary a worry in the world, right? Wrong.

Picture (2) shows the login page that you arrive at after clicking the video.

Picture (3) shows the official Myspace Video page (pay special attention to the web address or URL). Notice the discrepancy in the URLs. They’re close, but not identical. Even if one were to notice the difference, many users would simple forge ahead knowing Myspace URLs can be long strings of myriad characters.

WHAT’S GOING ON

The page in picture (2) is a phishing page or phishing-hook (a bogus page). It doesn’t belong to Myspace but has been carefully tailored to look identical to the official login. When you enter your account information on this spurious page and and click “Login,” your data is sent to a phisherman (who, for this article, is someone engaged in a phishing scam) and not Myspace. And since during this whole process you were never actually signed out of Myspace, the phishing-hook either redirects back to your profile when done or mirrors actual Myspace pages but on a different site. You assume you have indeed logged back in and proceed with whatever you were doing.

Now, I like watching Youtube videos of Japanese oddities and grannies with sagging mammaries as much as the next person. So I’m not advocating being click-shy (although like the Republicans say, abstinence is most effective). Instead, you’ve just got to pay attention to the URL of the login page (like the Democrats say, safe-sex is important). What follows is a simple explanation of URL structure that’ll help you identify official URLs from the counterfeit ones.

A LITTLE URL/DOMAIN NAME EXPLANATION

A standard URL looks like this

[http://domain.com]

and is called a bare domain name. This is the fundamental address of the site you are visiting (Myspace, Facebook, eBay, etc.). Notice the absence of the familiar [www] immediately following the [http://]. A subdomain is a portion of the original domain much like a folder is a portion of your entire hard-drive. Subdomains appear before the domain as follows:

[http://subdomain.domain.com].

Just as you use folders on your computer to organize your data, subdomains are used to organize different sections of a website. For example, on Myspace, you might be familiar with the following subdomains,

[http://vids.myspace.com] and [http://music.myspace.com],

which deal with either Myspace videos or bands. In this manner, you can theoretically subdivide the bare domain as many as 127 times, eg.

[http://example.of.an.excessive.subdomain.domain.com].

The biggest difference between URL structure and your hard-drive is that successive subdomains are listed from right-to-left, as opposed to standard file-systems which list successive folders from left-to-right (C://My Videos/DVDs/Porn/Midgets).

Most of us are familiar with the “www” prefix when using URLs. Based on the previous explanation, we can now infer that “www” is merely a subdomain of the fundamental site, i.e. [http://www.domain.com] is actually the “www” subdomain of [http://domain.com]. In most cases, the “www” subdomain automatically redirects to the fundamental site which explains why [http://www.myspace.com] and [http://myspace.com] are the same thing.

THE TRICKY PART

Phisherman exploit URL structure in their quest to obtain sensitive information. Consider the following confirmed phishing URL:

[http://vids.myspace.com.fuseaction.user.id.28902334.aherprbaic.cn/dhs523/adhe.htm].

It looks remarkably similar to a standard Myspace-Video URL (including the garbage after the “.com”). But if you’ve been paying attention, you’ll realize that this URL isn’t a subdomain of [http://myspace.com] at all. In fact, it’s a seventh-level subdomain of [http://aherprbaic.cn]. So clearly, if this is the URL showing up in your broswser, you are no longer still at Myspace. Any information you enter and submit on this site is going somewhere other than the Myspace servers.

You can imagine how easy it is to mistake a well-crafted phishing-hook for the real-deal. Even if you were mal-aware, you could simply misread the URL. Consider that the most common top-level domain is [.com]. In this case, though, the lesser known [.cn] is the top-level domain (identified because it immediately precedes the first forward slash in the URL (reading from left to right). Many users would simply see the [.com] and move on. This is what phisherman are counting on in when they snag you upon the proverbial phishing-hook.

THE REMEDY

Pay attention to the URL. It can be tricky, but if you’re just a smidgen careful you can avoid this entire “account-been-phished” hassle. And I don’t have to see any more Myspace apology bulletins. Also remember, Myspace doesn’t automatically log-out users. Logging-out is only achieved by clicking the “logout” link or closing your browser. If you see the log-out page prematurely, it’s a good indication you got snagged on a phishing-hook.

CONCLUSION

Fortunately, a phished Myspace account is a relatively minor thing. While they can change your password and lock you out of your own account, most phisherman only target the ‘Space for access to your friend’s list with an eye on promoting spam (or penis-enlarging pumps). The same cannot be said of phishing scams on eBay or Paypal (which contain important credit-card and bank details). And truthfully, it’s a matter of time before more elaborate phishing scams are devised for the ‘Space to somehow trick you into handing over sensitive financial information.

As is always the case, a little know-how can go a long way. Have a safe, happy Myspace journey. Barring that, just quit Myspace and help with world peace. Whichever.

Author’s note: If I’ve misconstrued some technical aspect of how URLs and domains work and you’re a web-Jedi, please correct me. If you notice a new phishing scam, definitely let me know.

Popularity: 9% [?]