Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News

 

Target's Latest Failure And How To Spot A Scam

Jan 7 2014, 7:36am CST | by

Target's Latest Failure And How To Spot A Scam

Photo Credit: Forbes
 
 

Undoubtedly you’ve heard about Target's recent loss of millions of consumers credit card data and title="Target Pin Data Stolen">associated PIN data. Who hasn’t at this point? Target at this crucial moment should of course be laser focused on rebuilding consumer trust and naturally consumers are on red alert scrutinising everything Target related looking for signs of the attackers abusing their stolen information. I was, therefore, very interested to see an e-mail message arrive from Target with decidedly dodgy attributes that did everything possible to make a user concerned (and saw an opportunity to show the tell tale signs of a nasty scam). This e-mail from Target is a lesson in how to make an e-mail that looks like a scammer’s (but is actually legitimate) and is bad practice that should be avoided by all enterprises. Let me step you through what makes this all look so iffy.

First things first, the screen shot labeled Exhibit A shows the e-mail is from target.bfi0.com. The bfi0.com bit is curious and concerning. This is a technique a great deal of attackers use. They put the legitimate company name in front of their own domain – e.g. microsoft.somedomainiown.com. The hope is that everyone reads the Microsoft bit and ignores the bit afterwards. I spotted this and immediately browsed to bfi0.com (on a secure system) to see what the real page was. Turns out it is entirely blank or if you refresh it a few times sometimes returns a “Permission Denied” page. There is no explanation of their business, what the e-mail is about or anything to explain the nature of their business. That is extremely concerning as again they are behaving just like many cyber criminal attack pages would. Exhibit B shows us one of the other links in this e-mail we are supposed to click. Users are often advised in security training that they should hover over and check where a link will take them before they click it to insure it is what they expect. Exhibit B shows one of the many links which simply put looks incredibly dodgy.

The e-mail address from which this e-mail was sent also does little to rebuild my confidence. Take a look at the beautifully horrible address in Exhibit C. Many users would decide this is a scam e-mail (or wouldn’t even notice any of this which is more concerning given how often true scammers behave nearly identically).

The final step of the process is to identify what this bfi0.com really is. A quick whois (you can use a web based tool like this to look up any domain you like) enables us to identify the owner of the domain and gives away their business. You can see the results in exhibit D. It turns out that this highly suspect bfi0.com domain name (which has no home page) is actually a domain owned by Epsilon data management (historically BigFoot Interactive thus the odd domain). This company sends and tracks e-mails on behalf of companies so they can tell which customers clicked links and what they found interesting. A little more rummaging and you can see this e-mail is legitimate (though I have no idea why I received it given I’m not a customer and haven’t signed up – but perhaps I’m just forgetful), but clearly demonstrates many of the same traits as a malicious or scam e-mail.

I showed only a small number of the hoops I jumped through over a few minutes to validate the e-mail (technical folk think DKIM, SPF, message source etc). What hope do users have of making a decision about the legitimacy of e-mails when the good guys behave like this? Target needs to look closely at how it rebuilds consumer trust and suspicious looking e-mails is not going to help. That said, it did offer me the chance to show you the kinds of things to check for in a suspicious e-mail and for that I suppose I’m thankful.

Source: Forbes

You Might Also Like

Updates

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Rare Discount On The 2013 Razer DeathAdder Mouse
Rare Discount On The 2013 Razer DeathAdder Mouse
Best Buy pulled out Black Friday pricing on one of the most popular FPS gaming mice. Only valid for 24 hours!
 
 
Kendall Jenner and the Complicated Life she leads
Kendall Jenner leads a Complicated Life
Kendall Jenner, and the complicated life she leads with friends, fans and family, prove one thing. And that is that she knows how to hang in there amidst the media hype and mass publicity.
 
 
Joe Frazier Statue is Ready for Public Display
Joe Frazier Statue is Ready for Public Display
A statue of the boxer, Joe Frazier has been finalized and is almost ready for public display in Philadelphia. Hopefully, it will get unveiled by the time 2015 arrives.
 
 
Apple explains why apps get rejected from the App Store
Apple explains why apps get rejected from the App Store
Apple explains its side of the story on a new webpage called “Common App Rejections.”
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.