One of the advantages of being disorderly is that one is constantly making exciting discoveries.
-- AA Milne
JaBbA's Hut

Today's Tao (Chapter 50):

Men flow into life, and ebb into death.

Some are filled with life;
Some are empty with death;
Some hold fast to life, and thereby perish,
For life is an abstraction.

Those who are filled with life
Need not fear tigers and rhinos in the wilds,
Nor wear armour and shields in battle;
The rhinoceros finds no place in them for its horn,
The tiger no place for its claw,
The soldier no place for a weapon,
For death finds no place in them.
Friends and Family Login
Username

Password

Remember Me
NEW It Works!!!!

Friend or Family?
To see the stuff
hidden from the wider world,
Click Here

Contact Me

Email Me at http://xri.net/=Justin.B.Alcorn

Subscribe

Subscribe to JaBbA's Hut! Have new entries emailed to you!
Your email address:

Quicksearch

About Me

  • PGP Key Fingerprint A36D D691 C5B0 BE15 5A2A AF49 AA1C 372C. Get my Key for "Justin Bradford Alcorn" from http://pgpkeys.mit.edu .

Calendar

Back May '12
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Archives

May 2012
April 2012
March 2012
Recent...
Older...

Syndicate This Blog

Blog Administration

Open login screen

Categories



All categories

Powered by

Serendipity PHP Weblog

Creative Commons License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

JaBbA's Hut

White Hat Liberal Geek Dad

Monday, August 16. 2004

Why are the phishing schemes getting so sophisticated?

Phishing
Another example of how nasty and sophisticated the phishing schemes are getting. It comes in an email from "U.S. Bank " with the subject "Urgent Security Notification" The email is HTML and looks like this (Code has been defanged to make it not work):

<html><p><font face="Arial"><A HREF="http : //www.usbank.com/cgi_w/cfm/confirmation/account_access/account_confirm.cfm" > <map name="FPMap0"> <area coords="0, 0, 633, 303" shape="rect" href="http : //%36 %39%2E%31%34 %36%2E %35%34%2E %31%30%34:%38%37/ %63%66 %6D/ %69%6E%64%65%78 %2E%68%74%6D" > </map><img SRC=" cid: part1.00030204.03070508@ anti-fraud.ref.num8188@ usbank.com" border="0" usemap="#FPMap0"> </A> </a> </font> </p><p> <font color="#FFFFFF">Oscar Jobs Horoscopes In short. in 1873 It's funny CDC: West Nile Young to see you When the I object to... haven't seen Look Smart Dragonball </font> </p> </html>


Note a few things: The image map is broken now, the site has been shut down. But the URL looks legitimate because it surrounds the image map, which overrides the A HREF URL. So instead of going to US bank, the user goes to that encoded URL. When they hit the URL, javascript pops open the dialog box (See image) and the actual US bank site is opened in the background. So for the user, it looks like USBank opened a login box. Also, the odd text at the bottom is a SPAMMING technique to get through SPAM filters by including "syntactically interesting" text.

If your bank opens a popup without an address bar to login, complain to them! These phishing schemes are dangerous.

According to news reports, the reason that these are getting more sophisticated and more dangerous is that Russian Organized Crime syndicates have recognized this "business opportunity" and have hired out-of-work programmers to clean up the original phishing schemes and make them much more dangerous.

Let's be careful out there!
Posted by JaBbA in Phishing at 09:06 | Comments (0) | Trackback (1)

Trackbacks
Trackback specific URI for this entry

Convergence
MessageLabs has a quick report on the convergence of SPAM and Viruses -- something we've been noticing over the last couple of months. Add to this the convergence of Phishing and Malware (viruses and trojans) with the entry of Organized Crime into the
Weblog: JaBbA's Hut
Tracked: Aug 18, 09:25

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.
 
Please send a whole bunch of email to johnny@jalcorn.net