Security Incidents mailing list archives

RE: A pretty neat Chase Phish

From: "Jason Burton" <jab () leximedia net>
Date: Thu, 23 Mar 2006 13:55:29 -0500

Hi,

Thank you for your note. We apologize for our delayed response. We

appreciate your bringing this to our

attention, and we'll investigate.

Regards,
The Google Team


Braught it to google's attention ;-) They need to fix their script as to not
allow redirects from domains they shouldn't trust ;-) (or somethin else like
a key..)


Jason Burton
Riverfront Solutions, Inc.
Network Architect
jab () leximedia net
301-370-2983


-----Original Message-----
From: Bob [mailto:Bob () dexis net] 
Sent: Saturday, March 11, 2006 7:20 PM
To: incidents () securityfocus com
Subject: A pretty neat Chase Phish

This in one of the PHISHES I caught yesterday.

It is still active as of this email

It purports to be Chase Bank and wants me to validate my information, how
clever.

But this is a VERY SOPHISTICATED PHISH --- it looks real and even simulates
an HTTPS address

It does appear different in different browsers, looks most authentic in IE,
Firefox looks pretty bad and non-convincing.

http://www.google.com/url?q=http://200.75.49.126/webpai/webpai/images/chase_
com/index.html

Current thread:

A pretty neat Chase Phish Bob (Mar 13)
- RE: A pretty neat Chase Phish Robin (Mar 14)
  - Re: A pretty neat Chase Phish Valdis . Kletnieks (Mar 14)
- RE: A pretty neat Chase Phish Jason Burton (Mar 23)
- <Possible follow-ups>
- Re: A pretty neat Chase Phish Bob (Mar 14)