Phishing & BotNets
phishing attack May 01 2006 03:56AM
anon sumfin de (1 replies)
RE: phishing attack May 01 2006 09:38PM
AJ Rembert (ajrembert stny rr com) (2 replies)
RE: phishing attack May 02 2006 01:29PM
David Dominick (dominickda corp earthlink net)
Please please please remember to turn off read receipt before posting to a
subscription list.

-----Original Message-----
From: AJ Rembert [mailto:ajrembert (at) stny.rr (dot) com [email concealed]]
Sent: Monday, May 01, 2006 5:38 PM
To: phishing (at) securityfocus (dot) com [email concealed]
Subject: RE: phishing attack

Good question, one thing you can do through phishing detecting
software is, notice, the form is hosted on a different location that a)
other links and b) images. Also, there is no greater antivirus/phishing
technique than a cautious user. Remind your users, I do this weekly, the
importance of internet security and assuring there is no abuse of the
network. These are the methods I use of detecting them. You can also notice
the servers for logging into banking institutions are on ssl's. Don't be
mistaken, the security lock that was on your screen was not intentional, the
attacker didn't do this, the attacker merely forgot. Don't over estimate
them. Keep your eyes peeled though. I suggest poking around chatrooms every
now and then just to see how scam artists are acting and you'll see
similarities between them. These are my personal methods and I stick with
them until I see things in addition but phishing isn't as organized as
people make it out to be so taking a logical approach to detection and
prevention are the starts to wrong steps.

Regards,

AJ Rembert

arembert (at) samscreen (dot) com [email concealed]

Ph. 607-722-3979

Cell. 607-221-3668

Samscreen, Inc. / PSSI - IT Information/Implementation

216 Broome Corporate Pkwy

Conklin, NY 13748

-----Original Message-----
From: anon (at) sumfin (dot) de [email concealed] [mailto:anon (at) sumfin (dot) de [email concealed]]
Sent: Sunday, April 30, 2006 11:57 PM
To: phishing (at) securityfocus (dot) com [email concealed]
Subject: phishing attack

We had a phishing attack going on in our network for a while. What the
attacker did was he created a fake website of a bank and managed to capture
login's and passwords. The bank website was using differnt domains for its
login and for main website. for eg on banks website suppose is aaa.com when
users went on this website and clicked on login it opened a pop-up which had
a url something like aala.com. so what the attacker did was he just created
the fake website of this login page in our network. Now according to me if
the bank has same domain for login as for its main website..attacker would
have to create fake website of whole website and somehow that would have
been easier to detect. what i want to know is am i right ? if they had same
domain, is it still would have been possible to fake the login pop-up
page..while keeping the main site intact. Another thing is on the fake login
page the attacker created the only possible way to find out was click on the
lock at the stat
us bar which told that security certificate is invalid.. but the thing
normal users dont click on it. i even doubt they know what is it. so is
there is any other way to detect these kind of attacks ??

Thankx everybody.

[ reply ]
Re: phishing attack May 02 2006 03:11AM
Jason Ross (algorythm gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus