Following emails reproducing more or less well the emails sent by the original provider, the customer can be redirected towards a site, on which one can note several points letting show through the swindle.
The suspect URL
The received email redirects towards a page whose actual address is masked by a URL which seems valid. The address which appears in the browser is then:
Address IP of URL root, http://62.193.219.105/LaSalleBank.com/httpd/.../update_card.htm
Or the URL of a free hosting company, http://mapage.hebergeurgratuit.com/LaSalleBank.com/httpd/.../update_card.htm
The URL close to the original one
xxxtrade.com >> xxxtrading.net, xxxonlinebank.com
The site name is very close to the original, the URL is much less suspect than in the case of an IP, or a under-field at a free hosting company. It is more difficult for the user to call into question the validity of the site.
In this particular case, it is important to protect its domain names and to supervise all new registration, as well as the use which is made by it.
The masked address
The address which appears in the browser corresponds to the address of the provider, but it is not the actual address.
Double redirect
The possibility of opening starting from one only link to two different sites. To make credible this technique, the phishers open the original site of the person receiving benefits, and a pop-up window which contains the site of phishing in foreground, on which the URL is not posted.