Interesting People mailing list archives
Amex goes phishing
From: David Farber <dave () farber net>
Date: Thu, 22 Jan 2009 18:06:07 -0500
Begin forwarded message: From: "James J. O'Donnell" <provost () georgetown edu> Date: January 22, 2009 5:36:54 PM EST To: David Farber <dave () farber net> Subject: Amex goes phishing Dave, I kid you not. Got messages on various accounts over the weekend from American Express to tell cardholders that their 2008 year-end statement is online. Just click on this address, it said, giving an address. If you mouse-overed the address, a different address appeared in the status bar, and if you clicked on the address, you went to a third uniquely different address. I did so, on a machine that could be cleaned if it were compromised, twice. What I found when I got there is that after you clicked on the nonconforming link, you went to a page that asked you to input credit card information: either your existing login/password for the amex site *or*, if you didn't have login/pwd yet, to input your actual credit card information including card number, expiry date, and 4-digit "security code". Now I believe that the message was in fact legit: came from Amex and led you to a site that was what it said it was. What gobsmacked me was that Amex was using classic phishing technique to get you to their site, and asked you once there to engage in *exactly* the behavior that we tell everybody not to behave in. So what happened? Today we got two messages that obviously responded to the incomplete logins yesterday -- alerts to tell us that there was a problem with that account due to multiple attempted logins and asking us to login to the site to check and confirm information there. The "security messages" took exactly the same form: please click on this inconsistent URL and when you get to the page referenced, go ahead and input confidential information. I phoned Amex and nobody on their standard phone lines understood the issue, but they got me eventually to corporate in NYC and I spoke to someone in "investigations" who got what I was saying instantly and I could hear him shaking his head. He said he'd get on it. Jim O'Donnell Georgetown ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Amex goes phishing David Farber (Jan 22)
- <Possible follow-ups>
- Re: Amex goes phishing David Farber (Jan 23)