Home

Investigation Of An E*Trade Phishing Scam

Filed under:

We thought we would take the time to post our investigation steps when analyzing potential scam emails. Recently we received the following email made to look like it was from E*Trade:

E*trade phishing email

 

To analyze this email, we go through the following steps:

Step 1: Examine the content of the email message. Notice the first warning sign, they are asking for us to click a link from the email and enter our account information. 9 times out of 10 this tells us it is a scam.

Step 2: Examine the properties of any links in the message. In the example email above, you can see we viewed the properties of the link to see that the destination URL is actually "upetrades.com". This is not their standard site, a definite warning sign. But let's investigate further...

Step 3: Next we checked out the destination site found in the link, upetrades.com. We do not recommend you take this step if you are at all suspicious from your findings in step 1 or 2. However, we are curious and decide to check out where this mystery URL takes us

We type in the url into our web browser (not clicking the link in the email) and come to the following page:

upetrades.com phishing site

 

As you can see, the site above looks pretty legitimate! The scammers went to a lot of trouble to make their phishing site look just like the real E*trade website. So how can we know for sure? Well, one step you can take is to call E*trade directly. Don't use any phone numbers on the phishing site, go directly to etrade.com and use a customer service phone number there.

Step 4: Check website ownership through whois.org. Another step we like to use is to verify the Who is information. Whois.org is a great place to look up who owns a domain name or website. We plugged in this phishing site and found the following results:

upetrades.com whois info

 

As you can see from the above whois.org results, the owner of "upetrades.com" is some guy in Florida who just registered the domain today! Also notice the domain name is only registered for one year. All these are sure signs that this is scam.

Step 5: Report this email to your ISP/email provider as a phishing scam email. They can then take the necessary follow-up steps to help make sure this scam is squashed before it gets any legs.


delicious Delicious | digg Digg | yahoo Yahoo | Add to stumbleupon Stumble This


Post new comment

The content of this field is kept private and will not be shown publicly.