Other domains used for phishing I have seen are paypal-unlocking.net,
secure.commonwealth-banking.com and
citibusinessonline.da-us.citybizcorp.com.
Surely someone, somewhere, has to take some responsibility for allowing
domains to be created which are clearly and obviously bogus. Who could
possibly have a reason to register paypal-unlocking.net?
It's also interesting to "Google" the names of the people registering
some of these domains, I have seen a few who were famous for one reason
or another. I wonder if it's possible to register a domain with the name
George W Bush or F. Castro..
Cheers
Geoff Vass
-----Original Message-----
From: Paul Laudanski [mailto:zx (at) castlecops (dot) com [email concealed]]
Sent: Tuesday, 21 February 2006 18:11
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Amazon phishing scam on Yahoo servers
We just got some emails for amazon phishing scams. Turns out the scam
domain was registered just today (same day). Internic and others aren't
reporting it, but Melbourne IT does. Phishing site resides on Yahoo's
servers, but their Abuse department closed at 5pm. A full 6 or so hours
secure.commonwealth-banking.com and
citibusinessonline.da-us.citybizcorp.com.
Surely someone, somewhere, has to take some responsibility for allowing
domains to be created which are clearly and obviously bogus. Who could
possibly have a reason to register paypal-unlocking.net?
It's also interesting to "Google" the names of the people registering
some of these domains, I have seen a few who were famous for one reason
or another. I wonder if it's possible to register a domain with the name
George W Bush or F. Castro..
Cheers
Geoff Vass
-----Original Message-----
From: Paul Laudanski [mailto:zx (at) castlecops (dot) com [email concealed]]
Sent: Tuesday, 21 February 2006 18:11
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Amazon phishing scam on Yahoo servers
We just got some emails for amazon phishing scams. Turns out the scam
domain was registered just today (same day). Internic and others aren't
reporting it, but Melbourne IT does. Phishing site resides on Yahoo's
servers, but their Abuse department closed at 5pm. A full 6 or so hours
to run before they open back up.
Assessment:
http://castlecops.com/a6531-Amazon_phishing_scam_on_Yahoo_servers.html
--
Paul Laudanski, Microsoft MVP Windows-Security
[de] http://de.castlecops.com
[en] http://castlecops.com
[wiki] http://wiki.castlecops.com
[family] http://cuddlesnkisses.com
[ reply ]