stargeek
PHP news website logo.
home    PHP scripts    articles    seo tools    links    search    contact    shop    realtors


Analysis Of A Phishing Scam







Analysis Of A Phishing Scam

Analysis Of A Phishing Scam 11/14/2003 08:38 PM

Email "phishing" is the popular email scam going around these days, with emails appearing to come from companies you supposedly trust, asking you to provide updated financial information. These scams are pretty sophisticated and are even trickin g relatively savvy users. Now, a security firm has taken some of these phishing emails and done a fairly detailed analysis on them, to determine that a large portion of the emails seem to originate from a single group, and that group appears to be testing out a variety of different scams over time (sometimes including spyware, sometimes just going directly after the victim's bank account). One interesting tactic, which I had not heard about before, is that the URLs they put in the emails (which are usually disguised to look like legitimate URLs - but which are obviously fake if you look carefully) actually redirect users to the actual site for the institution in question, but also throw up a pop-up of their own that asks for your bank account details. I received one of these emails pretending to be from Amazon a few days ago. I didn't click on the link, but did send it off to Amazon who bounced back a form letter. It sounds like these researchers got the form letter treatment as well - but they've done a tremendous amount of research which would probably be very helpful in tracking down who is running this scam.




This is a GrokNews Entry: (what is grok?)





Similar Items

Analysis Of A Phishing Scam

Grok Headline matches for Analysis Of A Phishing Scam

Trojan Automates Phishing Scam


Trojan Automates Phishing Scam 08/30/2004 03:59 PM

More Scam Artists Go Phishing (PC World)


More Scam Artists Go Phishing (PC World) 05/31/2004 04:02 AM
PC World - Increase in e-mail, Web site hoaxes prompts calls for change.

IE phishing scam exploit unearthed


IE phishing scam exploit unearthed 12/11/2003 06:15 AM
Master of disguise

New phishing scam: Spoofed campaign site


New phishing scam: Spoofed campaign site 08/03/2004 05:52 PM
WASHINGTON - Phishing fraudsters have found another group of victims to target -- people who want to donate to political campaigns.

Phishing scam reports skyrocket in April


Phishing scam reports skyrocket in April 05/18/2004 01:14 PM
Reports of a type of online crime known as "phishing" surged by almost 200 percent in April, according to figures from a computer security industry group.

Microsoft Seeks to ID Phishing Scam
Authors


Microsoft Seeks to ID Phishing Scam
Authors 03/31/2005 05:36 PM
Washington Post Mar 31 2005 9:39PM GMT

Yahoo Messenger Invaded by Phishing Scam


Yahoo Messenger Invaded by Phishing Scam 03/26/2005 09:27 PM
Search Engine Journal Mar 27 2005 1:40AM GMT

Gone phishing Trying to stop the latest
internet scam


Gone phishing Trying to stop the latest
internet scam 12/17/2003 05:00 AM
Independent Dec 17 2003 4:12AM ET

Coding error thwarts Paralympic phishing
scam


Coding error thwarts Paralympic phishing
scam 06/01/2004 08:53 AM
ZDNet UK Jun 1 2004 12:52PM GMT

Report Cites Consumer Education as Key
to Phishing Scam Prevention


Report Cites Consumer Education as Key
to Phishing Scam Prevention 06/02/2004 02:32 AM
FraudWatch International, the Internet’s high profile fraud prevention and education website (www.fraudwatchinternational.com), has today released a report examining the trends of phishing scams, citing education as the key to the reduction of phishing scam victims. [PRWEB Jun 2, 2004]

Harry Potter Author Warns Of Hogwarts
Phishing Scam


Harry Potter Author Warns Of Hogwarts
Phishing Scam 02/05/2005 09:59 PM
TechWeb Feb 6 2005 1:30AM GMT

Phishing Scam Twist: Bogus Sites Built
To Snatch Credit Cards


Phishing Scam Twist: Bogus Sites Built
To Snatch Credit Cards 04/08/2005 10:04 AM
TechWeb Apr 8 2005 2:10PM GMT

Fraudulent e-mails provide fertile
phishing grounds, anti-scam group finds


Fraudulent e-mails provide fertile
phishing grounds, anti-scam group finds 04/20/2004 04:52 PM
InternetRetailer.com Apr 20 2004 9:51PM GMT

Anti-Phishing Toolbar Available. How to
Avoid Bank and Ebay Phishing Scams


Anti-Phishing Toolbar Available. How to
Avoid Bank and Ebay Phishing Scams 12/30/2004 07:54 PM
Tech-Recipes Dec 30 2004 11:09PM GMT

Scam Busters Just As Bad As Scam
Victims?


Scam Busters Just As Bad As Scam
Victims? 01/19/2004 05:05 AM
An odd article out of South Africa complaining that scam busters are just as bad as scam victims - in that they act in just as predictable a manner. Of course, the scam busters aren't the folks losing money to the scammers, and, in fact, they often are doing a good job to spread news of a scam to protect potential victims. So, I'm a bit confused as to what's so upsetting about people taking it upon themselves to tell others about a scam. Certainly, there are some things that don't deserve to be publicized, but are, due to the intensity of the efforts against them. However, scams are something that clearly should be publicized to limit the negative impact. It seems that the real complaint of the writer isn't so much scam busters, but "fad" busters who complain about people getting hooked on the latest fad. However, fads and scams are two very different things.

Scam Within A Scam Warning


Scam Within A Scam Warning 12/22/2003 07:43 PM
There have been a ton of warnings about so-called "phishing" spam scams - where a very realistic email from a well-known financial firm asks you to confirm the details of your account. Of course, the email isn't real and the scammers just want your account details. They go through all sorts of tricks to hide the fact that the email isn't real, but the latest such phishing scam uses a bit of social engineering. It warns people about such scams, and then says they need to fill out new information to avoid being taken by such a scam. It seems the scammers are trying to get increasingly clever, and it's an interesting social engineering trick to try to get people to let down their guard by first warning them about a scam - and then scamming them anyway.

Gone Phishing


Gone Phishing 01/25/2004 09:50 PM

Phishing for the end


Phishing for the end 08/17/2004 04:56 PM
"This site was created with one goal; to create the most comprehensive online archive of information and digital photos of the Coventry Vermont Phish show, August 14th and 15th 2004." Seems odd to think folks went to the trouble of dedicating an entire website to just a single concert, until you learn it was the very last one for Phish.

DIY phishing kits hit the Net


DIY phishing kits hit the Net 08/19/2004 05:48 AM
My little fraudster

Phishing and Bouncing


Phishing and Bouncing 09/12/2004 12:36 PM

Looks like the trick of using redirection CGIs at popular website (described in Phishing with Google) is getting popular among phishers. I just got a couple that uses AOL's redir-complex CGI at:

http://r.aol.com/cgi/redir-complex?url=whereever

Note that phishers can use not just the redirecting CGIs, but also those CGIs that use return URL as parameters.  In fact, these types of CGIs are popular among financial institutions and single-sign on services.  For example, both Passport and 3D-Secure uses them.


Phishing behind Google


Phishing behind Google 08/28/2004 01:03 AM

I just received a phishing email purporting to be from PayPal.  No surprise there since I get many of them everyday, but I looked closer at this one because it looked very professionally done.  I looked at the raw message and found this odd link:

This particular phisher is bouncing off Google to hide itself from domain name-based phishing detectors and scanners.  Clever.  Clicking on the link will open a browser to Google's URL search CGI which will automatically redirect the browser to the phishing site at IP address 209.152.181.10.  This trick will bypass phishing detectors that examines only the domain name part of a URL to see if it looks suspicious.

So the lesson here for security developers is to look at all the parameters and to keep track of oh-so-helpful redirectors like Google.  Also, website developers should keep in mind that helpful service is helpful to all, including the bad guys, and they might become an unwitting partner in crime.  For lawyers, it's a new source of income concern.


eBay Goes Phishing


eBay Goes Phishing 01/03/2005 12:35 PM
The popular online auction site rolls out a new approach in tackling account hackers: cut bait.

IE bug provides phishing tool


IE bug provides phishing tool 12/10/2003 05:50 AM
ZDNet UK Dec 10 2003 5:09AM ET

Do-it-yourself phishing kits appear on
web


Do-it-yourself phishing kits appear on
web 08/21/2004 04:39 PM
Personal Computer World Aug 21 2004 8:48PM GMT

Political Phishing


Political Phishing 08/03/2004 12:32 PM
It's election season, and that means that, just like with all the other news-sensitive scams, phishers are getting political. The latest is a phishing email that simply copied a donation request from the John Kerry campaign, but changed the link to a fake site. Of course, the folks behind the scam made one very stupid mistake: remotely using an image hosted on the Kerry website -- which was quickly changed by the campaign to explain that the site was a scam (though, it's likely this confused some people -- hopefully enough to stop them from donating). Still, it's likely that the next version won't make the same mistake. With the success phishing emails have had lately, and the fervor with which people seem to be donating to campaigns, an awful lot of cash supposedly going to campaigns is going to be making criminals wealthy.

War Against Phishing Continues


War Against Phishing Continues 03/14/2005 04:32 PM
Phishers and other online scammers are well ahead of law enforcement officials and security experts right now in terms of techniques and tactics.

The future of phishing


The future of phishing 04/29/2004 10:42 AM
vnunet.com Apr 29 2004 2:09PM GMT

Phishing for Opera (GM#007-OP)


Phishing for Opera (GM#007-OP) 06/03/2004 12:03 PM
GreyMagic Software (Jun 03 2004)

Phishing on the rise in U.S


Phishing on the rise in U.S 06/15/2004 02:57 PM
ZDNet Jun 15 2004 5:56PM GMT

Thunderbird Will Have New Phishing Tool


Thunderbird Will Have New Phishing Tool 03/23/2005 05:18 PM

The Mozilla email client, Thunderbird will have scam detection capabilities. We all have seen phishing emails that try to have you click on a link that sends you to a bogus website rather then the website you thought you were going to. They try to get your usernames and passwords from you. If Thunderbird thinks an email message is a possible scam message - it will notify the user with a visual queue. Similar to spam tools, it will also have a "not a scam" button to denote safe messages - for example notifications of online statements from banks or stock institutions.

According to the open-source blogAmong its features, Thunderbird will reconcile the hostname shown in an href's display link and the underlying destination URL -- which is one of the primary methods for 'phishing' people into visiting sites that aren't as they appear.There is a final warning dialog if a user proceeds and clicks a link, and gives one last chance to cancel.

 


Gartner: Phishing on the rise in U.S.


Gartner: Phishing on the rise in U.S. 06/15/2004 11:29 AM
Nearly 2 million people say their checking accounts were breached during the last year, the company says.

Database of Phishing Scams Available


Database of Phishing Scams Available 04/24/2004 01:00 PM
Phishing scams are when you get e-mails from alleged legitimate institutions (banks, eBay, whatever) saying that your account has been compromised or you've been charged a zillion dollars or whatever....

Fighting phishing and defending IM


Fighting phishing and defending IM 04/04/2005 03:35 PM
Google adapts its e-mail service to foil online fraudsters. Microsoft is also out to nail phishers, and faces a worm targeting MSN Messenger.

MasterCard tackles phishing


MasterCard tackles phishing 06/22/2004 10:30 AM
Company wants to attack scammers before they rip off consumers' data, rather than chase down criminals after they've victimized people.

Phishing Blacklist Thoughts


Phishing Blacklist Thoughts 04/17/2004 05:47 PM

These are some of the thoughts I had recently about phishing blacklists which is going to play a major role against phishing in the near future.

  1. False reports can be submitted by phishers and pranksters.  To prevent this, anonymous reports should not be allowed.  Unfortunately, the user is not likely to be logged in when a report is made.  Solution is to queue the report until the reporting user successfully logs in.  Once the user is identified and associated with the report, filters and weights can be applied to rate the report.

    Queueing reports with client-software is no problem.  For server-side only, file the report under a cookie which can be claimed when the user logs in.  Unclaimed reports are removed after a time limit.
     
  2. Maintenance, particularly the removal of entries, will be a big headache as domains are reused and websites are cleaned up.  Current maintainers are not equipped to handle this properly IMHO.
     
  3. Companies should also be able to prevent some domain names from being reused independent of domain name registrars.  Ultimately, domain name registrars and blacklist maintainers will have to work things out.  This will likely lead to registrars taking over maintenance of blacklists and extending the service to provide 'howis', 'whatis', and 'whereis' information as well as 'whois'.
     
  4. Beyond correlating reports, suspected URLs can be crawled to a) see if it is indeed a phishing site, b) warn the phisher into running and thus abandoning the phishing site, and possibly c) spoofback bogus information.

Phishing on rise: Study


Phishing on rise: Study 06/15/2004 04:42 PM
globetechnology.com Jun 15 2004 9:27PM GMT

Phishing morphs into pharming


Phishing morphs into pharming 02/01/2005 09:24 PM

About face on ID theft, phishing


About face on ID theft, phishing 07/15/2004 03:38 PM
ZDNet Jul 15 2004 6:55PM GMT

Pharming Out-Scams Phishing


Pharming Out-Scams Phishing 03/14/2005 05:21 PM
A fast-spreading online swindle redirects web users to phony sites where criminals can capture passwords and other data. Unlike phishing, which targets one user at a time, pharming nabs multiple victims at once. By Michelle Delio.
Grok Description matches for Analysis Of A Phishing Scam
GrokA matches for Analysis Of A Phishing Scam

Analysis Of A Phishing Scam

The following phrases have been identified by the grok system as matching this entry:

















Also check out:


Grok

Ipod Porn on the
Rise
Brief Abstract of
Wikipedia's
Mesothelioma Cancer
page
Get first aid
instructions in your
cell phone
IE is crap
JSPWiki gains
podcasting support
Fewer, But Better,
Computer Science
Students
AT&T Wireless
slashing 1,900 jobs
as part of
cost-cutting
Apple Aims At Teens
With New iPod Site
No iTunes For
Now-Lah
Inbox Robot –
Business &
Competitive
Intelligence News
Retrieval System
Personal Search
Engine Knows What
You Want
Karl and The
Register on Blogging
and Bloggers
Court rules in favor
of ICANN
FileOnTheFly v1.1
November 14, 2003
Boeing looking to
sell its digital
cinema business
CNET Hops Aboard
Digital Music Wagon
PBTE to introduce
computerised exam
system: chairman
Dazzling speed,
technology abound in
luxury class
Brother Bear, oh
brother!
MSN Has Quarterly
Profit of $58
Million
Music Labels Tap
Downloading Networks
Microsoft sees EU
hearings as 'step
towards solution'
Microsoft rivals
upbeat after talks
High schoolers take
on CalTechies in
robot race
Exchange servers
still seeing Code
Red
Vulnerability
Disclosure Formats
(was "Re: Funny
article")
On dimly remembered
books from
childhood...
PHP Class 'phpCal'
released
Microsoft antitrust
hearings wrap up
Winnipeg police turn
to Web
Microsoft's EU
antitrust hearing
ends
Microsoft's EU
Antitrust Hearing
Ends
What's the Worst Job
Posting You've Seen?
California Spam Law:
Won't Stop Spam,
Will Increase
Lawsuits
Cheapskates Who
Spend Big For Items
That Hit Them
Emotionally
Motorola nixes
'walled garden'
phone patch
IBM's energy saver
Software tool
smothers sponsored
search
Google's AdWords
Tweak Draws Some
Customer Fire
Googling Without a
Browser
Energy-efficient
supercomputer that
is air-cooled
Sun CEO outlines
plans for progress
Who's Afraid of
Vendor Acquisition?
The middleman's
dwindling value
Microsoft closes in
on web search
domination
Thanks, Orphans!
Bellum omnia omnes
Motorola sets up
purchasing hub in
S'pore
A window of
opportunity...
Marvel Comics
International
Gallery Update
An apology
This week on Perl 6,
week ending
2003-11-09
Building the Recipe
Web?
Epicor Software to
buy European rival
what is grok?

Promotions

salvia
Buy absinthe online
guitars for sale
salvia divinorum
Absinthe
Inexpensive Snowboards
oops
buy Salvia Extract
purchase czech absinthe
cheap electric guitars
Buy Salvia divinorum
Cohiba Cigars
Montecristo Cigars
discount airsoft guns
Cuban Cigars online
North End
North End Restaurants
cheap flowers online
inexpensive Wedding Favors
buy steaks online
realtor in Massachusetts
Las Vegas Realtors
Boston Martial Arts
Rubber Stamped