Sleazy phishing code du jour

Topic

New Reply

Obviously it is a good practice, and the default out-of-the-box configuration, to disable JavaScript (“Active Scripting”) in the e-mail client. For those who allow script to run, here’s an example of how one phishing scam e-mail writes a deceptive URL into the status bar of the viewer window to trick you into believing that you will be visiting a legitimate site:

Visible text: Login immediately to your account.

HTML code: Login immediately to your account.

Outlook 2000 and 2002 don’t display a status bar, so this must be targeted at other mail clients.

(Incidentally, the IP address for “US Bank” is listed under a service provider in Spain.)

Reply | Quote

Replies

nice! NOT!
here’s the most recent phishing scam which in essence exploits bad html design on the server, which allows cross site script injection (for instance mastercard.com is vulnerable)
http://www.zapthedingbat.com/security/scriptinjection/%5B/url%5D

(this is not a browser vulnerability exploit, just bad site design practice)

Reply | Quote

nice! NOT!
here’s the most recent phishing scam which in essence exploits bad html design on the server, which allows cross site script injection (for instance mastercard.com is vulnerable)
http://www.zapthedingbat.com/security/scriptinjection/%5B/url%5D

(this is not a browser vulnerability exploit, just bad site design practice)

Reply | Quote

Jefferson

I had the usual “you must log onto your account and give us all your details” email this morning from “US Bank”.

Do scammers really think that someone from the UK would do this?

John

Reply | Quote

Yes

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Yes

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

What I appreciate are the ones from “banks” with which I have no account.

Reply | Quote

Or like the one that is going around about my account at eBay ( I do NOT have) and there is a balance of $0,01 and it MUST be paid to the account owner.

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Charlotte

That was my very point! How many UK customers have even heard of “US Bank” (I certainly haven’t), let alone have accounts there!

John

Reply | Quote

John, as long as it’s cheaper to send e-mail than to check where it’s going, you can expect an endless stream of these.

Reply | Quote

John, as long as it’s cheaper to send e-mail than to check where it’s going, you can expect an endless stream of these.

Reply | Quote

John,
I never heard of them either until I got a phishing message last week.

Reply | Quote

John,
I never heard of them either until I got a phishing message last week.

Reply | Quote

Charlotte

That was my very point! How many UK customers have even heard of “US Bank” (I certainly haven’t), let alone have accounts there!

John

Reply | Quote

The scary part is when they hit someone who DOES bank at the phishing scam bank. My wife has been hit with a phish masquerading as her actual bank, leading to a conversation something like this:

Me, in absolute hysterical panic: “Mother of God, that’s a SCAM, you didn’t reply or even click on it or anything did you?”
Wife, calmly: “You don’t think I’m that stupid, do you?”
Me: “Um, no, of course not, honey. Say, I think we’re out of lettuce …”

Reply | Quote

I got a phone call like that once, claiming to be from my mortgage holder. They definitely had some of my information, name, address, etc., but I became suspicious when they wanted a credit card number and other confidential information and became belligerent when I refused to give it to them. They threatened me with a rate hike in my mortgage if I didn’t give them the information. I told them to go ahead!

Reply | Quote

The problem with e-mail is you can’t say: “What is your general office number? I’ll call back and ask for you.”

Reply | Quote

The problem with e-mail is you can’t say: “What is your general office number? I’ll call back and ask for you.”

Reply | Quote

I got a phone call like that once, claiming to be from my mortgage holder. They definitely had some of my information, name, address, etc., but I became suspicious when they wanted a credit card number and other confidential information and became belligerent when I refused to give it to them. They threatened me with a rate hike in my mortgage if I didn’t give them the information. I told them to go ahead!

Reply | Quote

---

Say, I think we’re out of lettuce …

---

Not bad. I’ll put that one in the database, under the “Might work sometimes” category.

Alan

Reply | Quote

---

Say, I think we’re out of lettuce …

---

Not bad. I’ll put that one in the database, under the “Might work sometimes” category.

Alan

Reply | Quote

It didn’t save me from “the raised eyebrow of death”.

Reply | Quote

It didn’t save me from “the raised eyebrow of death”.

Reply | Quote

Might I suggest as a diversionary sentence: “The cat has just been sick on the sofa”??

John

Reply | Quote

[indent]

---

Might I suggest as a diversionary sentence: “The cat has just been sick on the sofa”??

---

[/indent]
Doesn’t work for me……….any cat that upchucks on the sofa is automatically my cat.

Have a Great day!!!
Ken

Reply | Quote

Looks like this thread is headed for a visit from I_eat_lost_cats

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Looks like this thread is headed for a visit from I_eat_lost_cats

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

[indent]

---

Might I suggest as a diversionary sentence: “The cat has just been sick on the sofa”??

---

[/indent]
Doesn’t work for me……….any cat that upchucks on the sofa is automatically my cat.

Have a Great day!!!
Ken

Reply | Quote

Might I suggest as a diversionary sentence: “The cat has just been sick on the sofa”??

John

Reply | Quote

In my household, it’s simply “the look” – that says it all. It’s kind of an airbourne version of “the death of a thousand cuts”… time for that long-overdue bunch of flowers.

Alan

Reply | Quote

In my household, it’s simply “the look” – that says it all. It’s kind of an airbourne version of “the death of a thousand cuts”… time for that long-overdue bunch of flowers.

Alan

Reply | Quote

The scary part is when they hit someone who DOES bank at the phishing scam bank. My wife has been hit with a phish masquerading as her actual bank, leading to a conversation something like this:

Me, in absolute hysterical panic: “Mother of God, that’s a SCAM, you didn’t reply or even click on it or anything did you?”
Wife, calmly: “You don’t think I’m that stupid, do you?”
Me: “Um, no, of course not, honey. Say, I think we’re out of lettuce …”

Reply | Quote

What I appreciate are the ones from “banks” with which I have no account.

Reply | Quote

[indent]

---

Do scammers really think that someone from the UK would do this?

---

[/indent]
Scammers don’t think much about what you might do or where you are located and they hope you don’t either. As long as you do something it increases their chances of success. Remember, they work on volume output and low percentage responses. But 1% of 1,000,000 is still a substantial number, be it dollars or people who respond.

Reply | Quote

[indent]

---

Do scammers really think that someone from the UK would do this?

---

[/indent]
Scammers don’t think much about what you might do or where you are located and they hope you don’t either. As long as you do something it increases their chances of success. Remember, they work on volume output and low percentage responses. But 1% of 1,000,000 is still a substantial number, be it dollars or people who respond.

Reply | Quote

Jefferson

I had the usual “you must log onto your account and give us all your details” email this morning from “US Bank”.

Do scammers really think that someone from the UK would do this?

John

Reply | Quote

[indent]

---

Outlook 2000 and 2002 don’t display a status bar, so this must be targeted at other mail clients.

---

[/indent]There is a status bar viewable if the preview pane is used — though that’s not an option I would advise for your Inbox or any other folder where these sort of messages could end up.

On another note, we’ve received a few of these scams in the ofice the last few days, and I’ve seen that the level of sophistication is going up again. When I did a ‘View Source’ of the message, the code had the web target masked using non-ascii text code so unless you were willing to do some translation you wouldn’t know what the true link was. Additionally, they’ve added stuff to the message header in an attempt to ‘legitimize’ the message — FCC: mailbox://antifraud.ref.num76739133887@citibank.com/Sent — trying to make it look like the message had been screened by the Federal Communications Commission.

Reply | Quote

[indent]

---

Outlook 2000 and 2002 don’t display a status bar, so this must be targeted at other mail clients.

---

[/indent]There is a status bar viewable if the preview pane is used — though that’s not an option I would advise for your Inbox or any other folder where these sort of messages could end up.

On another note, we’ve received a few of these scams in the ofice the last few days, and I’ve seen that the level of sophistication is going up again. When I did a ‘View Source’ of the message, the code had the web target masked using non-ascii text code so unless you were willing to do some translation you wouldn’t know what the true link was. Additionally, they’ve added stuff to the message header in an attempt to ‘legitimize’ the message — FCC: mailbox://antifraud.ref.num76739133887@citibank.com/Sent — trying to make it look like the message had been screened by the Federal Communications Commission.

Reply | Quote