Phishing Attack: Verizon - ´Billing Error´
Verizon customers have joined the phishers´ target list. This phish is not the most dangerous out there, but not the most harmless one either. The e-mail you recieve is simple and believable :
The sender and the real URL behind the link are spoofed, so you don´t have a great chance in exposing it at this stage (unless you look a the HTML source code of the message).
The main phish page does demand a lot of information from the potential victim, which should be suspicious. The URL in the address bar also looks phishy:
You may try to enter a bogus CC number, but the phish will tell you it is not valid. This could make you believe this is a legitimate transaction. In fact, the rules for CC number validation are available to the public. This means that a phisher can check whether the entered number is within the valid range of numbers. It, however, CAN NOT check if the number is the given person´s CC number. You are safe as long as you don´t enter your real CC number.
More you can perform a google search on
credit card number validation.
This scam is hosted on a server in an IP range designated to the ´Latin American and Caribbean IP address Regional Registry´ . This shows a most probably a South American host - we believe more scams will come from there in the near future. Phish website on IP: 24.232.147.238   Post your comment
Phishing Attack: Citibank - ´Safeguard your account´
This phish uses some interesting and dangerous tricks.
The message itself is simple but effective in inciting urgency into the potential victim. The sender address is spoofed (it looks like it really comes from Citibank, while it does not), but the URL link is not hidden. This could raise suspicion, although the message does mention use of a separate server for the ´check´:
The phish site does look the way a Citibank page would look. It does not demand excessive amounts of information, and when you try to type in a bogus CC number, it rejects it. All this seems to point toward the conclusion that this is really a legitimate Citibank site:
However, it is not. It does check the credit card number using a publicly available formula (Yes, even you can tell if a CC number a valid one, if you know the formula - click here for more information). Of course, the phisher can not check whether this is a real card´s number, or (even less) whether it´s your CC number (this is why they phish you in the first place :) ).
But if a real username / password had been entered, the login would have proceeded with no problem. This way, the phish could pass TOTALLY unnoticed.
The suspicious URL remains in the address bar. The phish server is hosted on a server in Hubei Province, China. Phish website on IP: 219.138.133.5
Post your comment
Phishing Attack: Yahoo - ´E-mail account security warning´
This message represents quite a large category of phishing. It is targeted at inexperienced users that are overly gullable and overly trusty, when they see the attributes of legitimate organizations:
The attachment is a hidden executable (does run some code on the victim´s machine, despite not being an .EXE or .COM), containing malicious code - a virus, for example, or a keylogger for stealing passwords, etc.
It is very important to remember that due to the insecure environment that e-mail currently is, the legitimate companies DO NOT send attachments. They ocnduct business via secure websites instead. Post your comment
Phishing Attack: VISA - ´Verified By Visa´
This Scam call to action is ´You may activate Verified by Visa for your Visa card in two ways: Activate Now or Activate During Shopping...´. Its goal is probably of getting victim´s credit / debit card information, SSN, contact information (name, e-mail address, phone numbers, etc.).
This phish is quite an interesting one. It does not do the usual threatening phish scams do. It takes a real service offered by VISA, and offers to enroll you to it - from VISA´s name, of course. The only difference is that VISA does not activate this service online.
The message is a very mild and calm in temper (while most phish scams create an atmosphere of urgency) and explains the new service - essentially a password protection of the transactions made from your card online. The text itself is largely copied from the VISA website:
The URL is not hidden. It does, however, start and finish like a normal URL on the VISA website, and could be very convincing. When eventually the link is clicked, the phish site opens:
As you see, the site copies the VISA style - in colors, fonts and pictures. It does have multiple links to the legitimate VISA site, and does not urge you to do anything - and this is what makes this scam so believable. The URL is, again, untampered. It is just believably constructed. After the ´submit´ button is pressed, the business end of the phish comes out. This is where it should become suspicious. The amount of information is too great for just a service activation. Yet, it does look nice and believable.
Phish website on: datasecurities.net
WHOIS data: Expiration Date: 2007-08-14 10:58:27; Creation Date: 2004-08-14 08:49:56
REGISTRANT CONTACT INFO
Rajagopal Srirangam, 1539 Platte St. Denver, CO 80202, US, Phone: 3034805307
The domain to a fictious name and was probably registered with a stolen credit card. Interestingly, the address belongs to Spot Domain, a domain registrar. So they are probably a 3th party victim.
Post your comment
Phishing Attack: Paypal - ´Fraud´
This phish message is really composed with some ingenuity. It proves that a real con-artist approach comes into play in phishing - alongside a rich arsenal of purely technical tricks:
As you see, this scam does not rely on misleading you using complex spoofing. However, it is cleverly made - hence dangerous. The phish site demands a whole lot of information from you, and it does not have a login screen, which is quite suspicious:
The address bar is not manipulated in any manner - the phishers count on the ´social engineered´ domain name: The phish does not check whether the information falls into any borders - it simply checks whether all the fields have some text in them. A logout screen follows:
Domain Name: USERS-PAYPAL.COM
Creation Date: 07-sep-2004
Expiration Date: 07-sep-2006
Post your comment
| 
