Sign in / up

back to article German finance ministry tags fraudsters’ phishing form

The German Ministry of Finance has applied some lateral thinking in order to warn potential victims of a new phishing campaign. Fraudulent tax refund emails doing the rounds in Germany seek to con marks into handing over sensitive information in order to claim a tax refund. The scam email uses images pulled from the genuine …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Alan Brown Silver badge

    In other words...

    ... they put in a bit of code to check the Referrer for each request and serve up a different image if it wasn't from within their own website.

    Not hard and I've seen this used as far back as 1995 to ward off image thieves

    The real question is: "why isn't it used routinely?"

    2 0
    1. Steven Roper
      Reply Icon
      Boffin

      Why isn't it used routinely?

      1. The HTTP_REFERER variable is extremely unreliable - it's trivially easy to spoof, and in addition, many proxy servers strip it out. Any bandwidth thief with any technical conpetence would already mask it out when fetching it for their site or email.

      2. A slightly better way to ensure requests for images originate from your own site is to set up a mod_rewrite in your .htaccess script (this is how some sites were famously able to substitute the well-known goatse.cx image for their real images whenever someone tried hotlinking them). However, not all web hosts offer access to .htaccess, and even fewer webmasters know how to set it up. Finally, it too can be circumvented by a determined image bandwidth thief.

      I might add that the best way I've found to protect images from bandwidth theft is to bury them as binary data in a SQL database, and embed them into a page on-the-fly using PHP. Thus, any access to an image requires a login to the database plus a valid session id. As to why this hasn't been more widely adopted: 1) it's a lot more work than just using <img> tags and 2) a lot of people probably haven't figured out that, or how, you can do it that way.

      0 0
  2. Miek

    lmao

    This is why you don't include external media on your website/email, in case someone exchanges that for something malicious. In this case vice-versa .

    0 0
  3. Anonymous Coward
    Anonymous Coward

    What are the chances of any Government department in UK

    on the ball enough to do this? I suspect very low if not outsourced IT (lower if)

    0 0
  4. Anonymous Coward
    Alert

    What i cant get is:

    All i do is out the pointer over the "click here to enter details" and i can then see the real address which clearly isn't anything to do with tax etc.

    Perhaps we should educate users into doing this rather than spending millions of pounds, euros, dollars etc on things like image poisoning. The scammers will adapt but they cant hide a genuine URL...

    0 0
  5. Anonymous Coward
    Anonymous Coward

    Oh noes!

    Now scammer will have to host their own copies of the pics instead of directly linking to the original source.

    Still a good idea to defuse the current wave of scam though. Looks like German gov IT are not as useless as in some other countries #cough#

    And at least, that will cost the scammers more bandwidth, so a thumb up.

    0 0
This topic is closed for new posts.

Other stories you might like