Full Disclosure mailing list archives
Re: Huge amounts of Citipank phishing spam seen this weekend.
From: Duncan Hill <dhill+fulldisc () cricalix net>
Date: Mon, 5 Jul 2004 14:38:36 +0100
On Monday 05 July 2004 12:15, Feher Tamas might have typed:
<b>Dear Citibank Customer</b>, <p> We recently noticed one or more attempts to log in to your Citibank<br=
<p><i>The login attempt was made from:<br> IP address: 173.97.087.24<br> ISP Host: cache-89.proxyserver.cis.com</i></p> <p> By now, we used many techniques to verify the accuracy
whom you are dealing with. The system is called CitiSafe and it's<br> the most secure Citibank wallet so far.</p>
That's a pretty nice bit of dumb-user engineering. Couple of spelling mistakes in the actual phishing pages (wget + less = wonderful), but otherwise quite well crafted. I'd swear I even see a browser URL overlay or similar to give the impression of a different site to the real one. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Huge amounts of Citipank phishing spam seen this weekend. Feher Tamas (Jul 05)
- Re: Huge amounts of Citipank phishing spam seen this weekend. Duncan Hill (Jul 05)