North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Phishing (Was Re: WashingtonPost computer security stories)
Why don't write out a generator of credit cards / pins and flood out this site by false information? (I saw a few better examples, btw). ----- Original Message ----- From: "Niels Bakker" <[email protected]> To: <[email protected]> Sent: Monday, August 16, 2004 3:26 AM Subject: Phishing (Was Re: WashingtonPost computer security stories) > > Speaking of computers fubar'ed by spyware, I just found a particularly > nice example of a phishing attempt. SpamAssassin had tagged it with the > astronomical score of 136.3 thanks to SARE. > > The mail originated from 68.77.56.130 (an ameritech.net DSL connection, > right now not pingable) and loads some images from www.citibank.com. > It links to http://61.128.198.51/Confirm/ - an IP address hosted by > Chinanet (transit to there supplied by Savvis from my point of view). > > That page does something interesting: it meta refreshes itself to > Citibank's corporate homepage but also pops up a window > (/Confirm/pop.php) requesting the user's card#, PIN (twice) and a > new PIN. The main page being citibank probably lends some credibility > to the scam. > > This attack won't work if your browser blocks popups, or if you remember > that the padlock icon in the status bar is what tells you the status of > a connection, not a "128-bit SSL" or "Verisign trust-e" or whatever logo > inside the webpage. > > It's disheartening to see that this website is still online after > several days (I received the scam mail received Friday morning). > > I'm thinking that Citibank will cease to be a target if they give (ok, > it's a bank - sell) their subscribers a hardware token that requires > presence of the ATM card when the customer wants to use online banking > facilities... as several banks here in the Netherlands do. > > > -- Niels.
|