Home » Blogs » Steve's blog

Phishing getting more creative in deception

Posted May 30th, 2008 by Steve

For the months of May to July, most taxpayers in the US are looking eagerly for that one thing in the mail. That will be the Economic Stimulus Payment checks from Uncle Sam, providing extra spending cash in the pockets. Hence this is a busy time for the IRS working to send out the checks. There is another party who are also busy around this time. These are the people who are looking for ways to enjoy your piece of pie, even as IRS puts it in your hands. A unsolicited scam email has been circulating on the Internet claiming to be from the IRS. For an unsuspecting reader, this email has every appearance of coming from the IRS, complete with logos and all. Of course, if you are not from the US, you will probably suspect that it is fake. But for those in the US who are not informed enough and sometimes downright naive, they could become victim to such Internet fraud. Basically what this kind of scam email does (known as phishing) is to direct you to a web site ( which again has every appearance of being a genuine IRS site) and entice you to submit your personal information. This one I received even asked your for bank account and pin numbers. That should immediately throw up a BIG red flag. But you may be surprised at how many people do actually fall for such stuff, naively giving up such confidential information.

Anyway scam email is nothing new. We get that all the time. Some are rather creative in their methods and they get better in their deception. The most recent one that I received is one of such. Instead of using the normal qualified domain name to take you to their trap, they use a hexadecimal equivalent of the IP address of the web server. Using an IP address in the URL is nothing new to me but using the hexadecimal method certainly is.

For example, instead of using http://www.google.com you can also use its IP address as such http://209.85.173.104. And you can also do it like this: http://0xd1.0x55.0xad68 All three methods take you to the same web page.

In using the hexadecimal representation of the IP address, it makes less obvious to the victim. Take for example, http://0xd1.0x55.0xad68/notebook doesn't reveal that the website is a Google site by just looking at the url.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
2 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.