Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

The New Face of Phishing

From: Dave Farber <dave () farber net>
Date: Sat, 18 Feb 2006 19:07:08 -0500


-------- Original Message --------
Subject: The New Face of Phishing
Date: Thu, 16 Feb 2006 21:55:08 -0500
From: Monty Solomon <monty () roscom com>
To: undisclosed-recipient:;


The New Face of Phishing
By Brian Krebs |  February 13, 2006

Phishing is a difficult enough form of fraud to avoid for most
computer users, but when some of the biggest names in the financial
industry fail to do their part to detect and eliminate these online
scams, consumers often are placed in an untenable situation.

Case in point: A source recently forwarded a link to one of the
"best" phishing attacks I've ever seen. This one -- targeting the
tiny Mountain America credit union in Salt Lake City, Utah -- arrives
in an HTML-based e-mail telling recipients that their Mountain
America credit union card was automatically enrolled in the Verified
by Visa program, a legitimate security program offered by Visa that
is supposed to provide "reassurance that only you can use your Visa
card online."

The e-mail includes the first five digits of the "enrolled card," but
those five digits are found on all Mountain America bank cards, so
that portion of the scam is likely to be highly convincing for some
recipients. The message directs readers to click on a link and
activate their new Verified by Visa membership.

Now here's where it gets really interesting. The phishing site, which
is still up at the time of this writing, is protected by a Secure
Sockets Layer (SSL) encryption certificate issued by a division of
the credit reporting bureau Equifax that is now part of a company
called Geotrust. SSL is a technology designed to ensure that
sensitive information transmitted online cannot be read by a
third-party who may have access to the data stream while it is being
transmitted. All legitimate banking sites use them, but it's pretty
rare to see them on fraudulent sites.

...

http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_1.html


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: