Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: A pretty neat Chase Phish

from [Bob] Network Security [Permanent Link]
Subject: Re: A pretty neat Chase Phish
Date: Mon, 13 Mar 2006 12:20:04 -0800 
Yes, my intent was not to have knowledgeable persons see all the errors.
I feel that this phish which is in circulation will trap a lot of persons who 
are NOT savvy.

The same ones who send emails to "everyone" because the emails tell them to.

I sent this to chase also, so I am not claiming anything other than when viewed in certain browsers, it can confuse average joes or jills.

I am setting my mail servers to stop this kind of email from getting to one of my customers without my system marking it as a probable phish.

I have some friends who are not educated in the net and some have filled in information and were shocked to find money missing from their checking accounts.

This is a serious problem and most phish sites get closed right away, but this one has been live for at least 5 days already.

I could not forward the actual email, as securityfocus refuses to allow that and returned it to me as unacceptable.

That is a shame, because the actual email was very misleading as the hypertext was not visible and appeared only as a "login" prompt

The main problem here is that it uses Google to redirect and therefor is hard 
to trace to the real site.

This is becoming more prevalent as Google and others do not qualify the redirects, so there is more to this problem than just the phish, as they are using other tools to mask the actual link to the phish site.

Bob



Robin wrote: 
Some notable distinctions are:

1.  yes, it does say it is an HTTPS address, however,
2.  there is no security certificate in the bottom right corner.
3.  there is no security certificate information in the properties tab for
this page.
4.  the URL does NOT start with www.chase.com
5.  the browser even shows the IP rather than Chase.com
6.  if you do a whois lookup on the IP at ARIN you'll see its registered in
Latin American/Caribbean registry
7.  if you use neotrace pro you'll see that the IP is in Santa Fe De Bogota
8.  the are errors on the page.....

Just my two cents..........

Robin Noyes


-----Original Message-----
From: Bob [mailto:Bob@dexis.net] Sent: Saturday, March 11, 2006 7:20 PM
To: incidents@securityfocus.com
Subject: A pretty neat Chase Phish

This in one of the PHISHES I caught yesterday.

It is still active as of this email

It purports to be Chase Bank and wants me to validate my information, how clever.

But this is a VERY SOPHISTICATED PHISH --- it looks real and even simulates an HTTPS address

It does appear different in different browsers, looks most authentic in IE, Firefox looks pretty bad and non-convincing.

http://www.google.com/url?q=http://200.75.49.126/webpai/webpai/images/chase_
com/index.html


Attachment: Bob.vcf
Description: Vcard

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: A pretty neat Chase Phish, Robin
Next by Date:  Possible AIM Hack?, belka
Previous by Thread:  RE: A pretty neat Chase Phish, Robin
Next by Thread:  Re: A pretty neat Chase Phish, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]