nanog mailing list archives
Re: Phishing (Was Re: WashingtonPost computer security stories)
From: "Alexei Roudnev" <alex () relcom net>
Date: Mon, 16 Aug 2004 21:33:47 -0700
Why don't write out a generator of credit cards / pins and flood out this site by false information? (I saw a few better examples, btw). ----- Original Message ----- From: "Niels Bakker" <niels=nanog () bakker net> To: <nanog () merit edu> Sent: Monday, August 16, 2004 3:26 AM Subject: Phishing (Was Re: WashingtonPost computer security stories)
Speaking of computers fubar'ed by spyware, I just found a particularly nice example of a phishing attempt. SpamAssassin had tagged it with the astronomical score of 136.3 thanks to SARE. The mail originated from 68.77.56.130 (an ameritech.net DSL connection, right now not pingable) and loads some images from www.citibank.com. It links to http://61.128.198.51/Confirm/ - an IP address hosted by Chinanet (transit to there supplied by Savvis from my point of view). That page does something interesting: it meta refreshes itself to Citibank's corporate homepage but also pops up a window (/Confirm/pop.php) requesting the user's card#, PIN (twice) and a new PIN. The main page being citibank probably lends some credibility to the scam. This attack won't work if your browser blocks popups, or if you remember that the padlock icon in the status bar is what tells you the status of a connection, not a "128-bit SSL" or "Verisign trust-e" or whatever logo inside the webpage. It's disheartening to see that this website is still online after several days (I received the scam mail received Friday morning). I'm thinking that Citibank will cease to be a target if they give (ok, it's a bank - sell) their subscribers a hardware token that requires presence of the ATM card when the customer wants to use online banking facilities... as several banks here in the Netherlands do. -- Niels.
Current thread:
- Re: WashingtonPost computer security stories, (continued)
- Re: WashingtonPost computer security stories David Lesher (Aug 15)
- Re: WashingtonPost computer security stories John Underhill (Aug 15)
- Re: WashingtonPost computer security stories Sean Donelan (Aug 15)
- Re: WashingtonPost computer security stories Jerry Pasker (Aug 15)
- Re: WashingtonPost computer security stories Stephen J. Wilcox (Aug 17)
- Re: WashingtonPost computer security stories Doug White (Aug 15)
- Phishing (Was Re: WashingtonPost computer security stories) Niels Bakker (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Henry Linneweh (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Christopher L. Morrow (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Mark Kasten (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Sean Donelan (Aug 16)
- Re: Phishing (Was Re: WashingtonPost computer security stories) David Lesher (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Michael . Dillon (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Joel Jaeggli (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Richard Cox (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Petri Helenius (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Alexei Roudnev (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Eric Kuhnke (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Tim Wilde (Aug 17)
- Re: Phishing (Was Re: WashingtonPost computer security stories) Edward B. Dreger (Aug 17)