Phishing

flyingcheesehead · Apr 23, 2006

So I got an e-mail from Chase Bank recently, saying something about my account had been tightened down for whatever. I was thinking "Hmmm, the AOPA credit card got bought out by someone recently..."

I got the same e-mail a couple more times, a week apart, and today clicked the link. It *looked* so damn good I actually completed their "customer survey" at the beginning before noticing... Hey, this isn't on a secure server, and it's not even on chase.com!

So, I pulled out the old geek tricks and found that the web site is owned by some spanish-sounding guy in Kansas and the e-mail was passed through a server in China after originally being sent using a "Personal" copy of "Bat" which I think is a program geared toward spammers.

I need to come up with a good way to prank these folks.

SkyHog · Apr 23, 2006

Be merciless. And post your fun times. I enjoy reading retaliation

fgcason · Apr 23, 2006

flyingcheesehead said:
So, I pulled out the old geek tricks and found that the web site is owned by some spanish-sounding guy in Kansas and the e-mail was passed through a server in China after originally being sent using a "Personal" copy of "Bat" which I think is a program geared toward spammers.

I need to come up with a good way to prank these folks.

You actually tracked the originating site down?
If so, having the FBI show up on his doorstep at 2am sounds like a really good prank.

wbarnhill · Apr 24, 2006

fgcason said:
You actually tracked the originating site down?
If so, having the FBI show up on his doorstep at 2am sounds like a really good prank.

As lovely as that would be, unfortunately 99.9999% of these sites are created using false names or stolen identities. They sign up with a random ISP, make a lookalike webpage with a form to send them an email, and then set the mailbombs a go go. A lot of the emails originate from China, and a number of the websites which aren't attached to ISPs end up being cyber cafes. Some individuals are even getting crafty to the point of adding SSL just to make you feel even more "secure".

Red flags for bank emails:

1. The financial institution does not refer to you by name.
2. The email makes a reference that the action is mandatory and negative effects will occur on your account if you do not comply (e.g. Your account will be suspended if you do not complete this update...blahblahblah).
3. When you hover your mouse over the link in the email, the URL in the status bar doesn't look right (Something like http://64.23.53.62:2380/ instead of http://mybank.com)
4. Upon clicking the link, you notice the page is asking for all of your account information, including Card Verification numbers.
5. (Just my personal favorite...) BAD ENGLISH. It doesn't take an english major to tell that the email was written by someone from another country.

If you notice any of those four items (or even a funny feeling about the email), contact your financial institution and DO NOT INPUT ANY DATA ON THAT WEBPAGE. Your financial institution should let you know where to forward the email so they can have law enforcement look into it. These four items aren't the only indicators, but they're the most obvious. Be vigilant when dealing with your personal information online.

poadeleted1 · Apr 24, 2006

I seem to get my share of those from Banks, Ebay, PayPal, etc. Ti's really good because I don't have accounts with any of them (note: no account - probably a bogus email).

A couple I thought I would play along, but generally I just forward it to spoof@_____.com (or whatever). A few banks, ebay and paypal have emailed me back; others don't have the time.

Bottom line - know who you are giving your info to.

flyingcheesehead · Apr 24, 2006

wbarnhill said:
Red flags for bank emails:

Usually I can smell 'em out in about three seconds (the e-mail, that is). This one didn't have any of the usual red flags in the e-mail - It was VERY well done. I didn't notice anything wrong until I clicked the link, and then I went back and showed the extended headers in the e-mail and started digging from there.

I wouldn't know where to send this stuff to get the FBI to show up on his doorstep anyway.

I do like my bank - Actually, a credit union. They have a "security phrase" that they splice into every e-mail they send. If the phrase isn't in the e-mail, it's bogus. They also have several challenge questions (like "Where were you born" type stuff) that are very easy for the right person to answer, but not easy for anyone else to find out. Every so often when you're on their web site it'll throw up a challenge question. I feel quite secure there.

It's just that silly AOPA credit card thing...

fgcason · Apr 24, 2006

wbarnhill said:
Red flags for bank emails:

For a while there was a few fun ones going around for IIRC USBank. Whoever put it together literally copied the bank site and put their links in. If you didn't pay attention to the link addresses, you simply would not know.

I don't even trust the banks emails when I know it's legitimate. I ALWAYS hand type the base site link in even if the bank or anyone else sends something legitimately. It takes a few extra seconds to get where I'm going but it keeps seedy link jumping/ID/$$ stealing from happening.

Richard · Apr 24, 2006

Just recently I started getting some very slick e-mails from Bank of America. It looks just like a monthly bank statement for a checking account. Of course, it's not BoA.

I don't have any accounts there except an account to send my daughter money back on LI.

I remember there was mention of a clearinghouse website to send this stuff. Anyone remember the name?

tdager · Apr 25, 2006

Man I tell you, they are getting better and better every day!

I am a Security Consultant and have dealt extensively with phishing with some big bank clients and the phishing emails, sites, and connection methods are getting more and more sophisticated.

Skip Miller · Apr 25, 2006

tdager said:
Man I tell you, they are getting better and better every day!

I am a Security Consultant and have dealt extensively with phishing with some big bank clients and the phishing emails, sites, and connection methods are getting more and more sophisticated.

Imagine my surprise when I called the bank to inform them of a phishing letter and they confirmed it was real! This occurred in the last 6 months. The "scheme" came from a new retail partner that had bought access to the bank's customer list and was seeking far more personal information than I was willing to give, so I called the bank to report it.

When I learned it was real, I sent the bank CEO a blistering letter informing him of the security breach. I added that since the bank GAVE AWAY our contact information and it was being used inappropriately, I would hold the bank responsible for any losses that occurred, and would be glad to provide copies of the correspondence to any class action lawyer that seemed mildly interested.

In a case of closing the barn door after the horse was out, the Bank sent out an apology letter to all! And I never heard from that "partner" again.

-Skip

RogerT · Apr 25, 2006

I think I get about 10 of these a week.

AirBaker · Apr 25, 2006

The Chase one is pretty good. I think most of us can spot a fake now, but it was done well. It would be nice to find the punk though.

mikea · Apr 25, 2006

Skip Miller said:
Imagine my surprise when I called the bank to inform them of a phishing letter and they confirmed it was real! This occurred in the last 6 months. The "scheme" came from a new retail partner that had bought access to the bank's customer list and was seeking far more personal information than I was willing to give, so I called the bank to report it.
...

Didja hear that tax prep firms like H&R Block have the rights to share your TAX information with "partners" if you dont' choose to opt out? They've been able to "share" for a long time. They just haven't done it where you could notice. The feds wanted some new controls on how that worked. The firms wanted more leeway so they'd have a new profit center, so it became known and the excrement hit the ventilator.

http://www.pcworld.com/resource/article/0,aid,125321,pg,1,RSS,RSS,00.asp
http://www.foxnews.com/story/0,2933,190320,00.html

Use a private accountant and don't opt in to anything.

flyingcheesehead · Apr 26, 2006

AirBaker said:
The Chase one is pretty good. I think most of us can spot a fake now, but it was done well. It would be nice to find the punk though.

Well, I found what appeared to be his home address...

And now it's disappeared. I think "they" found him! I've never seen NetSol de-register a domain that fast!

The rogue · Apr 26, 2006

I actually responded to an email from ebay and "gave away" my password. This was about three years ago, when I was 'young and stupid'. I had no idea that these people were doig this, and the email at the top looked okay. I found out about it because when I looked at the properties of the email, it was from something like ebay at josecuervo dot com.... I changed my password and let ebay know. I felt like a tool, but at least I got my password changed before they did anything.

--Matt

Phishing

flyingcheesehead

Touchdown! Greaser!

SkyHog

Touchdown! Greaser!

fgcason

En-Route

wbarnhill

Final Approach

poadeleted1

Deleted by request

flyingcheesehead

Touchdown! Greaser!

fgcason

En-Route

Richard

Final Approach

tdager

En-Route

Skip Miller

Final Approach

RogerT

Cleared for Takeoff

AirBaker

Pattern Altitude

mikea

Touchdown! Greaser!

flyingcheesehead

Touchdown! Greaser!

The rogue

Pre-takeoff checklist