Security Quiz 1
出自 MozTW Wiki
Thinking that you know how to protect your privacy and security on the Internet? Take a test.
Read the following e-mail message and determine if it is safe:
Test Message
From - Sun Nov 07 18:58:46 2004 To: --------- Subject: Security Measures From: PayPal <billing@paypal.com> Date: Sun, 07 Nov 2004 19:12:09 -0600
https://www.paypal.com/en_US/i/logo/paypal_logo.gif
Dear valued PayPal® member:
It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension. Please update your records on or before November 15, 2004.
Once you have updated your account records, your PayPal® session will not be interrupted and will continue as normal.
To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Thank You.
PayPal® UPDATE TEAM
Accounts Management As outlined in our User Agreement, PayPal® will periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions. http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
Answer
(NOTE: due to the wiki system's security measure, I cannot spoof the URL. The http://www.paypal.com/cgi-bin/webscr?cmd=_login-run link should have linked to http://209.67.214.140/secure/ instead (HTML code <a href="http://209.67.214.140/secure/">http://www.paypal.com/cgi-bin/webscr?cmd=_login-run</a>)
The example is an actual e-mail message (slighted modified). The message is fake. The link "http://www.paypal.com/cgi-bin/webscr?cmd=_login-run" actually points to "http://209.67.214.140/secure/". To see this, move your cursor over the link and look at the status bar (the bar at the bottom of your browser window).
This message employees multiple methods of "spoofing". First, the sender falsified the sender address as from PayPal (which can be easily done). The message is well-crafted and contains an urgent message that most people will respond to. The signature, which includes a name, a statement explaining the message, and the PayPal privacy policy link, makes the message look legitimate. The main body contains only one link. This link uses a full (but false) URL (Web location) as its link text. To make this link look more real, the sender also uses a full (and true) URL as text for the privacy policy link.
Recommendation
To protect yourself, it is recommended that you check the URL before following any link. If you move your mouse pointer over the link (and you have not changed the default Mozilla/Firefox security settings), the status bar should show the destination URL.
You can further protect yourself by showing all messages as plain text. If you do, the message should appear as:
<http://www.paypal.com/cgi-bin/webscr?cmd=_home>
Dear valued **PayPal^® * *member:
It has come to our attention that your *PayPal^® * account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records on or before *November 15, 2004*.
Once you have updated your account records, your *PayPal^® * session will not be interrupted and will continue as normal.
To update your *PayPal^® * records click on the following link: http://www.paypal.com/cgi-bin/webscr?cmd=_login-run <http://209.67.214.140/secure/>
Thank You. *PayPal^® UPDATE **TEAM*
Accounts Management As outlined in our User Agreement, *PayPal^® * will periodically send you information about site changes and enhancements.
Visit our Privacy Policy and User Agreement if you have any questions. http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside
Note the http://209.67.214.140/secure/ address is shown (and not obsecured).