Full Disclosure mailing list archives
Analysis: Postbank.nl Phishing Scam
From: Vincent van Scherpenseel <mailinglists () vanscherpenseel nl>
Date: Mon, 6 Jun 2005 15:48:21 +0200
Hi there, I've just finished writing a technical analysis on the Postbank.nl phishing scam hitting Dutch e-bankers as from last Saturday. This was fortunately really big in the Dutch media so the amount of victims may have been limited. I found some interesting things in the scam: the victim was redirected 4 times (including through Google and MSN) before arriving at his/her final location, the use of URL obfuscating to social engineer the user into clicking 'the link below' and the inclusion of a stylesheet over a HTTPs connection to resemble an authentic bank to Joe Average. You can read the analysis at: http://www.syn-ack.org/papers/postbank.html . I would love to receive any feedback on it, either positive or negative, as long as arguments are supplied. - Vincent 'rastakid' van Scherpenseel _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Analysis: Postbank.nl Phishing Scam Vincent van Scherpenseel (Jun 06)
- Re: Analysis: Postbank.nl Phishing Scam Moritz Naumann (Jun 06)