Security Incidents mailing list archives
RE: Discovering and Stopping Phishing/Scam Attacks
From: "Calder, James (EXP)" <james.calder () lmco com>
Date: Wed, 27 Apr 2005 11:45:02 -0400
Notice that the images on that site are actually hosted locally, rather than being pulled from rbc.com. And as I was refreshing the page to compare it to rbc.com, the page disappeared, 404 FNF. That didn't take long. J. -----Original Message----- From: Krul Thomas [mailto:Thomas.Krul () psepc-sppcc gc ca] Sent: April 27, 2005 10:31 AM To: 'Alex'; incidents () securityfocus com Subject: RE: Discovering and Stopping Phishing/Scam Attacks I received a phishing scam email for RBC Bank literally moments ago. The Web site is based in the Czech Republic with very little in the way to disguise the address of the site. (At last check, the site was still up at: http://updatestatus.webz.cz/rbc/cgi-bin/rbaccess/login.html) Odd, either there are some newbie phishers out there, or they are starting to realise that no matter how much they disguise their sites someone will be having them shut down soon enough so catching the uninformed in the few moments they have is paramount. Will we be seeing an increase in the diversity of referring addresses in a flooding attempt to catch the last remaining moms and pops who don't know better versus well-crafted addresses that don't arouse suspicions? -----Original Message----- From: Alex [mailto:incidents () alex gotdns org] Sent: Tuesday, April 26, 2005 7:51 PM To: incidents () securityfocus com Subject: Re: Discovering and Stopping Phishing/Scam Attacks I agree that checking by referer addresses is a powerful way to detect phishing sites, but such logs can easily be adverted? Doesn't some anti-popup software remove referer fields? Simple use of javascript can allow a page to fetch anything without showing up in referer logs. While we are on the subject, has anyone come across commercial and/or government websites being (illegally?) mirrored? For example, I recently came a website located on a (Asian?) hosting provider where the content of the website was EXACTLY that of a well-known US govt website. (It appeared that they ran the equivalent of a recursive "wget" on the real site and hosted the files). It appeared to be several layers deep. Why would anyone want to do that? -Alex ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: Discovering and Stopping Phishing/Scam Attacks, (continued)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks Crispin Cowan (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks thomas adams (Apr 26)
- Re: Discovering and Stopping Phishing/Scam Attacks Alex (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Thomas Adams (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Scovetta, Michael V (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Marco A. Zamora Cunningham (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Krul Thomas (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Calder, James (EXP) (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Randy (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Nuno Costa (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Dave Greer (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Rainer Duffner (Apr 28)
- Message not available
- Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Daniel Hanson (Apr 28)
- Re: Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Valdis . Kletnieks (Apr 29)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Steven (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Alex (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)