Re: Survey sites used for Phishing attacks

[Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>]

We're staring to see this in the phishing campaign emails we receive:

Shortened_URL_Service_A -> Shortened_URL_Service_B -> ... -> Compromised
site hosting credential harvesting form -OR- Legitimate survey / form site.

In the latest, the phisher/spammers (phammers?) even went through the
trouble of branding the email.

On 10/19/2010 6:57 PM, Philip Webster wrote:
> On 20/10/10 2:39 AM, Chris Green wrote:
> > I’ve seen an increasing number of these of late and they are a pain
> > to deal with, especially if you take the IP based approach when
> > responding.  Even URL-based ones can be of limited use since the
> > actual form can change so often.   On a related note, I’ve been
> > trying to look at encryption portal/email solutions so you can
> > transport messages in an encrypted fashion without needing to deploy
> > PKI.
> >
> > Net result:  You send out emails that instantly ask people to click
> > on something and enter a password. ;-)
>
> Our email team found one over the weekend -- phishing hosted by a
> survey/form site, link-shortening service used. After two quick emails
> the phishing site was taken down and the shortened link was pointing at
> a phishing awareness site, both voluntary actions by the respective owners.
>
> No blocking needed at our end in this case.
>
> Cheers
> Phil

-- 
- Anthony Maszeroski, CCNA, CISSP
-----------------------------------
Information Security Manager
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226
-----------------------------------