Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

New Phishing Technique?

from [Mace . Scott] Network Security [Permanent Link]
Subject: New Phishing Technique?
Date: Fri, 17 Mar 2006 14:59:39 -0500 
A couple of phishing emails got through our spamassasin/clamav filter here 
at work, and through to my gmail account, damn near simultaneously.  Both 
with very different text, and different urls.  Now clamav is generally 
very capable of stopping phishing attacks, so I'm surprised these made it 
through.  More interesting, is the fact one got through Gmail as well. And 
it's very obvious a phish.  Here's the text of the email (I added 11111 to 
the end of the url to guard against accidental clicking):
 Incidentally, Lotus Notes complains of an untrusted certificate when the 
email is opened.


Dear Chase account holder,
We recently reviewed your account, and suspect that your Chase Internet 
Banking account may have been accessed by an unauthorized third party. 
Protecting the security of your account and of the Chase Bank network is 
our primary concern. Therefore, as a preventative measure, we have 
temporarily limited access to sensitive account features. 
To restore your account access, please take the following steps to ensure 
that your account has not been compromised:
1. Login to your Chase Internet Banking account. In case you are not 
enrolled for Internet Banking, you will have to use your Social Security 
Number as both your Personal ID and Password.
2. Review your recent account history for any unauthorized withdrawals or 
deposits, and check your account profile to make sure not changes have 
been made. If any unauthorized activity has taken place on your account, 
report this to Chase staff immediately.
www.chase.com/signon?SIGNON_XCP=1010
We apologize for any inconvenience this may cause, and appreciate your 
assistance in helping us maintain the integrity of the entire Chase 
system. Thank you for your prompt attention to this matter.
Sincerely,
The Chase Bank Team
Please do not reply to this e-mail. Mail sent to this address cannot be 
answered. For assistance, log in to your Chase Bank account and choose the 
"Help" link in the header of any page.
® 2006 JPMorgan Chase & Co.security manager. All rights reserved.
Becky Draftel


=========================
Scott Mace
Security Administrator
Travelcenters of America
maceDOTscottATtatravelcentersDOTcom
=========================
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Possible AIM Hack?, Valdis . Kletnieks
Next by Date:  RE: Possible AIM Hack?, Jeff Bryner
Previous by Thread:  unicast netbios name service nbtstat query to/from same ip?, shad0w
Next by Thread:  Re: New Phishing Technique?, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]