Some strange phishing emails were there in my Rediff Webmail. Should I just delete it? No. I just thought I would do some sort of recycling and find if something useful was there.
And the email was faithful to give the following details. Of course, some of the links I had to ensure that should not be clicked by copy pasted to a Google Toolbar to get the actual victimized website which has been phished.
- The site URL was Barclays Bank, based in UK. It seems to be a really an impressive and premiere banking website based in UK. There are useful tips and tricks besides interactive tools like Mortgage Calculator, Map and Area locator etc.
- Obscured URLs. The URL was really strange it was like http://0xC18003C6. For security reasons, I am not giving the phished URL rather tiving the URL of the bank itself in hexa decimal format.
- A search in Google revealed a lot of things. Actually, hexadecimal URLs are supported by the web browser for security reasons since some confidential transactions can be safely sent using encoded and encrypted URLs. However, phishers seem to use this maliciously like this.
- Technical Knowhow:
- We can study the anatomy of the URL like this: http://0xC18003C6
- http:// stands for the standard HTTP protocol.
- 0x prefix indicates that the string literal, if convertible, is a valid hexadecimal number.
- Every two digit then on would the IP address part. In this case, C1 80 03 C6 would resolve to 193 128 3 198. In the decimal notation, we need to use dot between the individual entities.
- You can simple use the Windows Calculator in View -> Scientific mode to get conversions from Decimal to Hexadecimal and vice-versa.