funsec mailing list archives
Re: Blatant phishing?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 18 Jul 2011 10:05:41 +1200
A few weeks back Rob Slade wrote:
As I was sending along my daily allotment of phishing spam to the research sites, I noticed, in the message: Message-ID: <20110621132512.8440.qmail () server3 dimakhconsultants com> From: Halifax Security Department <html> <head> <title>Crooks In Action - Jenson Farrago Phishing - Halifax</title> <meta content=true name=MSSmartTagsPreventParsing> <meta name="description" content ="Jenson Farrago's collection of emails from Crooks In Action"> <meta name="keywords" content="Jenson Farrago, life.etl, Henry T. Smith, Crooks In Action, 419 scams, advance fee, time wasters, Nigerian email fraud, bogus lottery, bogus jobs & business opportunities, identity theft, phishing, pills, internet medication, penny stocks"> <meta name="generator" content="Microsoft FrontPage 5.0">
FWIW, this means that these phishers are lazy/cheap and have lifted their phishing scam message source directly from: http://www.htspweb.co.uk/cia/crooks.htm rather than doing a few hours works of their own, getting one of the free phishing template kits (which are widely known to be backdoored and the tide is swinging away from web-hosted pages to "attached HTML forms" anyway), or shelling out a few bucks for a commercial template collection (which may also be backdoored -- theivees these days...). Regardless of their laziness/cheapness these guys are clearly quite stupid to not even edit the HTML... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Blatant phishing? Nick FitzGerald (Jul 17)