nanog mailing list archives
Re: Phishing (Was Re: WashingtonPost computer security stories)
From: Henry Linneweh <hrlinneweh () sbcglobal net>
Date: Mon, 16 Aug 2004 03:41:37 -0700 (PDT)
How strange, I received that in my email too.. -Henry --- Niels Bakker <niels=nanog () bakker net> wrote:
Speaking of computers fubar'ed by spyware, I just found a particularly nice example of a phishing attempt. SpamAssassin had tagged it with the astronomical score of 136.3 thanks to SARE. The mail originated from 68.77.56.130 (an ameritech.net DSL connection, right now not pingable) and loads some images from www.citibank.com. It links to http://61.128.198.51/Confirm/ - an IP address hosted by Chinanet (transit to there supplied by Savvis from my point of view). That page does something interesting: it meta refreshes itself to Citibank's corporate homepage but also pops up a window (/Confirm/pop.php) requesting the user's card#, PIN (twice) and a new PIN. The main page being citibank probably lends some credibility to the scam. This attack won't work if your browser blocks popups, or if you remember that the padlock icon in the status bar is what tells you the status of a connection, not a "128-bit SSL" or "Verisign trust-e" or whatever logo inside the webpage. It's disheartening to see that this website is still online after several days (I received the scam mail received Friday morning). I'm thinking that Citibank will cease to be a target if they give (ok, it's a bank - sell) their subscribers a hardware token that requires presence of the ATM card when the customer wants to use online banking facilities... as several banks here in the Netherlands do. -- Niels.
Current thread:
- Re: WashingtonPost computer security stories, (continued)
- Re: WashingtonPost computer security stories Mikael Abrahamsson (Aug 15)
- Re: WashingtonPost computer security stories Owen DeLong (Aug 15)
- Re: WashingtonPost computer security stories Deepak Jain (Aug 15)
- Re: WashingtonPost computer security stories David Lesher (Aug 15)
- Re: WashingtonPost computer security stories John Underhill (Aug 15)
- Re: WashingtonPost computer security stories Sean Donelan (Aug 15)
- Re: WashingtonPost computer security stories Mikael Abrahamsson (Aug 15)
- Re: WashingtonPost computer security stories Jerry Pasker (Aug 15)
- Re: WashingtonPost computer security stories Stephen J. Wilcox (Aug 17)
- Re: WashingtonPost computer security stories Doug White (Aug 15)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Henry Linneweh (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Christopher L. Morrow (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Mark Kasten (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Sean Donelan (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) David Lesher (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Michael . Dillon (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Joel Jaeggli (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Richard Cox (Aug 17)