Security Incidents mailing list archives
Re: Discovering and Stopping Phishing/Scam Attacks
From: Rainer Duffner <rainer () ultra-secure de>
Date: Thu, 28 Apr 2005 21:01:33 +0200
Dave Greer wrote:
Here is a scenario - Victim connects to Fake.com Fake.com prompts for username/password Fake.com connects to Real.com, enters username/password, recieves Third Field Fake.com presents Third Field to Victim Victim enters Third Field That seems like a reasonable scenario
There have already been ebay-fakes that did this.You couldn't enter fake credentials into their scam-site - it verified if login/password worked.
cheers, Rainer -- =================================================== ~ Rainer Duffner - rainer () ultra-secure de ~ ~ Freising - Munich - Germany ~ ~ Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ =================================================== -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- RE: Discovering and Stopping Phishing/Scam Attacks, (continued)
- RE: Discovering and Stopping Phishing/Scam Attacks Thomas Adams (Apr 27)
- Re: Discovering and Stopping Phishing/Scam Attacks byte_jump (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Scovetta, Michael V (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Marco A. Zamora Cunningham (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Krul Thomas (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks Calder, James (EXP) (Apr 27)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Randy (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Nuno Costa (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Dave Greer (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Rainer Duffner (Apr 28)
- Message not available
- Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Daniel Hanson (Apr 28)
- Re: Administrivia: RE: Discovering and Stopping Phishing/Scam Attacks Valdis . Kletnieks (Apr 29)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Steven (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Alex (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks webcenter (Apr 28)
- RE: Discovering and Stopping Phishing/Scam Attacks Michael J. Pomraning (Apr 28)
- Re: Discovering and Stopping Phishing/Scam Attacks Andrew Kopp (Apr 28)