New Bank Phishing Scam

Discussion in 'privacy general' started by Rmus, Mar 12, 2006.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    "These kind of arms races require us to increase awareness constantly and to make users more resilient all the time. If we fail this our users, customers, ... will fall prey and we will have failed our users and/or customers in the end."

    Phishing arms race

    ---
     
  2. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Nice read Rmus. Thanks for the post.

    Thanks,

    Chris
     
  3. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Nice read.
    AND given all the warnings about these scams, who in their right mind would still give passwords and their account details over the net? The Banks specifically say NEVER give away personal details and passwords/PIN numbers to anyone, because they [the bank] would never ask for it.
    I get these phishing mails all the time and I just add the 'banks' address to the black list of my spam filter to delete all future mails as I know my bank never send out such e mails.
     
    Last edited: Mar 13, 2006
  4. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    I got another PHISHING mail this morning from CHINA !!

    Trying to get my bank details via my mobile phone bill, which is interesting as I dont have a moblile phone!. o_O
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I received another one last evening, and it's typical of many that have obvious spelling and syntax errors.

    When I clicked on the link, the form appeared asking for login information, and as ghodgson points out, no one should fall for this any more.

    By the way- the link indicates it is a secure site - HTTPS - so I expected my browser to prompt for the outbound connection, since I have a firewall rule for HTTPS to use a custom address group only. The browser did not prompt, and a check of the source code showed a spoof - the real link was HTTP.

    I was going to take a screen shot of the site this morning but notice that it has been taken down.

    Message below.

    -----------------------------------------
    Dear CitiBank Clients,

    We are looking forward to your assistance and understanding and inform you about new CitiBusiness® department system updrade performed by security management team in order to protect our clients from increased online fraud activity, unauthorized account access, illegal funds withdrawal and also to simplify some processes.

    The new updated technologies guaranty convenience and safety of CitiBusiness® account usage. New services for your account will be effective immediately after an account confirmation process by a special system activation application.

    To take an advantages of current updrade you should login your account by using CitiBusiness® Online application. For the purpose please follow the reference:

    https: / /citibusinessonline.da-us.citibank.com/cbusol/signon.do

    Please note that changes in security system will be effective immediately after relogin.

    Current message is created by our automatic dispatch system and could not be replyed. For the purpose of assistance, please use the "User Guide" reference of an original CitiBusiness® website.

    Sincerely yours,
    CitiBusiness® Administration.
    ----------------------------------------------
     
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Went to hxxps://citibusinessonline.da-us.citibank.com/cbusol/signon.do and got the 128 Bit padlock. Filled in a bogus name and number, which required Scripting, and got this

    http://img439.imageshack.us/img439/756/citi13oj.png

    Notice the toolbar missing. Looked pretty genuine to me, and the links i tried worked too ! But what do i know, Rmus is da Man !

    Just heard about this.

    Hacked bank server hosts phishing sites. China Construction Bank may not know that a security vulnerability on its server has been exploited.

    http://www.computerworld.com/securi...0801,109500,00.html?source=NLT_VVR&nid=109500


    StevieO
     
  7. herbalist

    herbalist Guest

  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    My bank has an internal message system to communicate with their customers, once they are logged in.
    If I would receive an email from my bank, I would ignore and delete it.
     
  9. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Here is another I got today. Trying to Harvest personal details. It looks like it has already been taken down.

    Gordon............................. by the way I dont bank with Barclays, and a shame they cant use correct grammar or spelling..
     
  10. Togg

    Togg Registered Member

    Joined:
    Jun 24, 2003
    Posts:
    177
    I got quite a convincing looking one supposedly from ebay today with no obvious spelling or grammatical errors;

    "Dear eBay Member,

    During our Security and Resolution Center regular maintainance period it has come to our attention that your eBay Billing Information is out of date. The update process is a very simple and fast one and it must be completed immediately in order to avoid any future issues - Terms of Service (TOS) violations, cancellation of service, account suspension or even account termination.

    To update your eBay records on file now click here:
    [Link removed by me]

    Once you have completed the process your eBay session will not be interrupted and your online experience will continue as normal.


    eBay sent this e-mail to you because your Notification Preferences indicate that you want to recieve information regarding your eBay Credit Card Statement.

    To change your communication preferences, [removed] Or, simply reply to this e-mail with UNSUBSCRIBE in the subject line. Please note that it may take up to 14 days to process your request. Visit our Privacy Policy and User Agreement if you have any questions.

    Copyright © 2006 eBay Inc. All Rights Reserved.
    Designated trademarks and brands are the property of their respective owners.
    eBay and the eBay logo are trademarks of eBay Inc."

    I wouldn't have clicked on the link even if I had an ebay account (which I don't), but I could see how an inexperienced user could be fooled if they haven't yet 'got the message' about links in emails. ebay have confirmed that it's a fake
     
  11. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    yes, These scams could take in a more inexperienced internet user, happily most of us here would never be fooled by such phishing mails , but the fact is many, many people are still being fooled by these scams, otherwise the perpetrators would stop if it wasnt profitable for them.
    The message of not responding to such e mails must be re-inforced to the less experienced internet user, but how? Maybe someone should spam them with informative e mails :D , although that does defeat the object somewhat.
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    A striking banner on each email-software with a link to a webpage, that explains what spam-emails really are together with examples, etc. could be a good solution for educating newbies on the net.
     
Loading...
Thread Status:
Not open for further replies.