Re: Blatant phishing?

[Nick FitzGerald <nick () virus-l demon co uk>]

A few weeks back Rob Slade wrote:

> As I was sending along my daily allotment of phishing spam to the research sites, I 
> noticed, in the message:
>
> Message-ID: <20110621132512.8440.qmail () server3 dimakhconsultants com>
> From: Halifax Security Department
>
> <html>
> <head>
> <title>Crooks In Action - Jenson Farrago Phishing - Halifax</title>
> <meta content=true name=MSSmartTagsPreventParsing>
> <meta name="description" content ="Jenson Farrago's collection of 
>
> emails from Crooks In Action">
> <meta name="keywords" content="Jenson Farrago, life.etl, Henry T. 
> Smith, Crooks In Action, 419 scams, advance fee, time wasters, 
> Nigerian email fraud, bogus lottery, bogus jobs & business 
> opportunities, identity theft, phishing, pills, internet medication, 
> penny stocks">
> <meta name="generator" content="Microsoft FrontPage 5.0">

FWIW, this means that these phishers are lazy/cheap and have lifted 
their phishing scam message source directly from:

   http://www.htspweb.co.uk/cia/crooks.htm

rather than doing a few hours works of their own, getting one of the 
free phishing template kits (which are widely known to be backdoored 
and the tide is swinging away from web-hosted pages to "attached HTML 
forms" anyway), or shelling out a few bucks for a commercial template 
collection (which may also be backdoored -- theivees these days...).

Regardless of their laziness/cheapness these guys are clearly quite 
stupid to not even edit the HTML...



Regards,

Nick FitzGerald


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.