Re: Phishing Attacks version 2

["David L. Wasley" <dlwasley () EARTHLINK NET>]

Historical note: this sounds like a modern variant of a very old
attack.  Back in the time sharing era, a malevolent user could write
a program that emulated the system login screen and leave it running
on a vacant terminal.  A naive user would try to log in, get an error
message, and then the real login screen would appear.  Meanwhile
their userid/password was emailed to the perpetrator in the
background.

In the modern case, the perpetrator should redirect the victim to the
real webmail page after capturing his/her credential.

        David (old guy ;-))

-----
At 11:27 AM -0400 on 7/3/08, Zach Jansen wrote:

> Well this had to come eventually, but just in case others haven't
> seen this... One of my users received a phishing attack that offered
> a link to our webmail page and insisted that the user needed to
> login to secure their account instead of asking for the password by
> reply. The link actually goes to an exact copy of our webmail login
> page and records the username and password of whoever visits the
> site. I've also seen HTML forms embedded directly in the email that
> do more or less the same thing.
>
>
> Zach
>
> --
>
> Zach Jansen
> Information Security Officer
> Calvin College
> Phone: 616.526.6776
> Fax: 616.526.8550