"These kind of arms races require us to increase awareness constantly and to make users more resilient all the time. If we fail this our users, customers, ... will fall prey and we will have failed our users and/or customers in the end."

Phishing arms race (http://isc.sans.org/diary.php?storyid=1183)

---

Nice read Rmus. Thanks for the post.

Thanks,

Chris

Nice read.
AND given all the warnings about these scams, who in their right mind would still give passwords and their account details over the net? The Banks specifically say NEVER give away personal details and passwords/PIN numbers to anyone, because they [the bank] would never ask for it.
I get these phishing mails all the time and I just add the 'banks' address to the black list of my spam filter to delete all future mails as I know my bank never send out such e mails.

I got another PHISHING mail this morning from CHINA !!

Trying to get my bank details via my mobile phone bill, which is interesting as I dont have a moblile phone!. :wacko:

I received another one last evening, and it's typical of many that have obvious spelling and syntax errors.

When I clicked on the link, the form appeared asking for login information, and as ghodgson points out, no one should fall for this any more.

By the way- the link indicates it is a secure site - HTTPS - so I expected my browser to prompt for the outbound connection, since I have a firewall rule for HTTPS to use a custom address group only. The browser did not prompt, and a check of the source code showed a spoof - the real link was HTTP.

I was going to take a screen shot of the site this morning but notice that it has been taken down.

Message below.

-----------------------------------------
Dear CitiBank Clients,

We are looking forward to your assistance and understanding and inform you about new CitiBusiness® department system updrade performed by security management team in order to protect our clients from increased online fraud activity, unauthorized account access, illegal funds withdrawal and also to simplify some processes.

The new updated technologies guaranty convenience and safety of CitiBusiness® account usage. New services for your account will be effective immediately after an account confirmation process by a special system activation application.

To take an advantages of current updrade you should login your account by using CitiBusiness® Online application. For the purpose please follow the reference:

https: / /citibusinessonline.da-us.citibank.com/cbusol/signon.do

Please note that changes in security system will be effective immediately after relogin.

Current message is created by our automatic dispatch system and could not be replyed. For the purpose of assistance, please use the "User Guide" reference of an original CitiBusiness® website.

Sincerely yours,
CitiBusiness® Administration.
----------------------------------------------

Went to hxxps://citibusinessonline.da-us.citibank.com/cbusol/signon.do and got the 128 Bit padlock. Filled in a bogus name and number, which required Scripting, and got this

http://img439.imageshack.us/img439/756/citi13oj.png (http://imageshack.us)

Notice the toolbar missing. Looked pretty genuine to me, and the links i tried worked too ! But what do i know, Rmus is da Man !

Just heard about this.

Hacked bank server hosts phishing sites. China Construction Bank may not know that a security vulnerability on its server has been exploited.

http://www.computerworld.com/securitytopics/security/story/0,10801,109500,00.html?source=NLT_VVR&nid=109500


StevieO

Got one yesterday from Chase JP Morgan. Here's the link from the e-mail.
http://google.com/url?sa=p&pref=ig&pval=2&q=http://ip-213-135-240-4.static.luxdsl.pt.lu/.CHASE-ONLINE/index.html
They used an exact copy of the Chase homepage. Standard personal info harvesting. Appears to be taken down already.
Rick

My bank has an internal message system to communicate with their customers, once they are logged in.
If I would receive an email from my bank, I would ignore and delete it.

Here is another I got today. Trying to Harvest personal details. It looks like it has already been taken down.

{QUOTE-> Dear Barclays Customer

Our anti-fraud department detected that the amount on your
account exceeds two thousand pounds. To prevent any attempt
of a third person to access your business/premier account
we have developed a unique security system which enables us
to eliminate any possibility of unauthorized access.

The core of this new security system is an authorization
of every transaction made from your business/premier account.
The authorization will be successful after you enter a correct
security pin number from your personal pin card:

- Security number contains of 6 digits
- Pin card contains a list of 300 unique pin numbers which
can be used for confirmation of your transactions

In cases where the pin number is entered three times incorrectly,
your account will automatically be suspended. The security number
can only be used once and becomes invalid after the transaction
is ended.


To apply for the Online Guard protection system you need to click
the link below and follow the instructions on screen. If we do not
hear from you within 14 days your account will be suspended.
At the last stage of your registration you will be asked to enter
the address where you would like your pin card to be delivered,
including full postal code. Please make sure you enter these details
correctly to avoid any delay.
The card will be delivered to you within 14 days after your
application was is submited. In the meantime you can continue to
use your business/premier account as usual

To start please click here:

Barclays iBank Logon.xxxxx

S A Salmon
Security Advisor
Barclays Bank PLC <-QUOTE}

Gordon............................. by the way I dont bank with Barclays, and a shame they cant use correct grammar or spelling..

I got quite a convincing looking one supposedly from ebay today with no obvious spelling or grammatical errors;

"Dear eBay Member,

During our Security and Resolution Center regular maintainance period it has come to our attention that your eBay Billing Information is out of date. The update process is a very simple and fast one and it must be completed immediately in order to avoid any future issues - Terms of Service (TOS) violations, cancellation of service, account suspension or even account termination.

To update your eBay records on file now click here:
[Link removed by me]

Once you have completed the process your eBay session will not be interrupted and your online experience will continue as normal.


eBay sent this e-mail to you because your Notification Preferences indicate that you want to recieve information regarding your eBay Credit Card Statement.

To change your communication preferences, [removed] Or, simply reply to this e-mail with UNSUBSCRIBE in the subject line. Please note that it may take up to 14 days to process your request. Visit our Privacy Policy and User Agreement if you have any questions.

Copyright © 2006 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
eBay and the eBay logo are trademarks of eBay Inc."

I wouldn't have clicked on the link even if I had an ebay account (which I don't), but I could see how an inexperienced user could be fooled if they haven't yet 'got the message' about links in emails. ebay have confirmed that it's a fake

yes, These scams could take in a more inexperienced internet user, happily most of us here would never be fooled by such phishing mails , but the fact is many, many people are still being fooled by these scams, otherwise the perpetrators would stop if it wasnt profitable for them.
The message of not responding to such e mails must be re-inforced to the less experienced internet user, but how? Maybe someone should spam them with informative e mails ;D , although that does defeat the object somewhat.

A striking banner on each email-software with a link to a webpage, that explains what spam-emails really are together with examples, etc. could be a good solution for educating newbies on the net.