Wednesday, September 8. 2004
Phish phish phish phish
We've been hit with dozens of Citibank phishing schemes. Why Citibank?
Well, when I started capturing all email related to Citibank, I found this:
This is a real email about paying a Citibank bill. Note the fake button (It's actually a GIF pulled from the Checkfree site). Citibank outsources online bill pay to Wachovia/Checkfree.
So Citibank customers are trained to click on links within HTML emails. This is a very bad idea.
Here's some of the Citibank Phish emails. They actually look NICER than the Wachovia email, and are very successful. Also, Briwsers before IE 6 are tricked into telling you you are connecting to Citibank, when you are actually connecting to the Phish site. Our Help Desk is swamped with calls from people trying to tell the difference between the good ones and the bad ones.
Administrators: BLOCK ALL OUTBOUND ACCESS TO PORT 38. That's what these emails have in common - they connect to port 38.
Well, when I started capturing all email related to Citibank, I found this:
This is a real email about paying a Citibank bill. Note the fake button (It's actually a GIF pulled from the Checkfree site). Citibank outsources online bill pay to Wachovia/Checkfree.
So Citibank customers are trained to click on links within HTML emails. This is a very bad idea.
Here's some of the Citibank Phish emails. They actually look NICER than the Wachovia email, and are very successful. Also, Briwsers before IE 6 are tricked into telling you you are connecting to Citibank, when you are actually connecting to the Phish site. Our Help Desk is swamped with calls from people trying to tell the difference between the good ones and the bad ones.
Administrators: BLOCK ALL OUTBOUND ACCESS TO PORT 38. That's what these emails have in common - they connect to port 38.
Trackbacks
Trackback specific URI for this entry
No Trackbacks