Saturday, July 12, 2014
info@e-sonyonline.com is not fake
I received a suspicious e-mail with a Landmark beta invite. The mail looked perfectly real, but was sent from info@e-sonyonline.com, instead of from soe.com or station.sony.com. And the beta client download link also directed me to link.e-sonyonline.com. That looks very much like a phishing mail. So I googled it, and mostly found a lot of confused people asking whether mails from info@e-sonyonline.com were phishing mails, and some people who said yes, it was phishing, while others said no, it was legit.
So I decided to test this out. Certainly not by following the link and logging in with my true credentials. But there are two ways to test whether a login screen is fake. One is to enter fake login credentials, which a real site will reject, while a fake site will react differently. The other, which I actually used in this case, is taking advantage of a feature of many websites who won't ask you for a login if you are already logged in. So I went to the legit SOE site, logged into my account from there, and THEN clicked on the link. And lo and behold, the mail was real and I got to download the Landmark beta client without having to enter my SOE credentials on the e-sonyonline.com site.
What I think happened is that SOE outsourced sending out that sort of invitation to some marketeer, without letting him use the soe.com mail system. In an age where one gets phishing mails every day and people are highly suspicious that isn't really a good move.
So I decided to test this out. Certainly not by following the link and logging in with my true credentials. But there are two ways to test whether a login screen is fake. One is to enter fake login credentials, which a real site will reject, while a fake site will react differently. The other, which I actually used in this case, is taking advantage of a feature of many websites who won't ask you for a login if you are already logged in. So I went to the legit SOE site, logged into my account from there, and THEN clicked on the link. And lo and behold, the mail was real and I got to download the Landmark beta client without having to enter my SOE credentials on the e-sonyonline.com site.
What I think happened is that SOE outsourced sending out that sort of invitation to some marketeer, without letting him use the soe.com mail system. In an age where one gets phishing mails every day and people are highly suspicious that isn't really a good move.
Comments:
<< Home
Newer› ‹Older
That's horrifying. My bank has pulled this stunt before. Big companies need to stop training people to click on phishing links. Ugh.
"One is to enter fake login credentials, which a real site will reject, while a fake site will react differently"
That's actually pretty dangerous - a good phishing site can easily forward your credentials to the real site to see if it will log you in or not, and behave exactly like it. The only difference the user will see is that it takes a little longer.
Post a Comment
That's actually pretty dangerous - a good phishing site can easily forward your credentials to the real site to see if it will log you in or not, and behave exactly like it. The only difference the user will see is that it takes a little longer.
<< Home