MrLinus
July 11th, 2004, 02:45 PM
Now, first off, I'm a Canadian. We don't have a branch of US Bank as far as I know. So imagine my surprise this morning when I got the following:
Dear U.S. Bank valued member,
Due to concerns, for the safety and integrity of the Internet Banking community we have
issued this warning message.
It has come to our attention that your account information needs to be updated due to
inactive accounts, frauds and spoof reports. If you could please take 5-10 minutes out of
your online experience and renew your records you will not run into any future problems
with the online service. However, failure to update your records will result in account
deletation.
Once you have updated your account records your online banking account will not be
interrupted and will continue as normal.
Please follow the link below and renew your account information.
http://www.usbank.com/cgi_w/cfm/personal/account_access/account_access.cfm
U.S. Bank Internet Banking
Kinda funny since I DON'T have an account. But what would happen if I did fill out the form? Lo' and behold, it allowed me to continue (I had asked to pay bills and got a screen to update my Debit/credit cards). So I put in a fake VISA number along with some arbitrary date, fake pin and a fake "security number". It happily accepted them all. :D
You can find the "real phish" here (http://211.233.5.177/requestCmdId/USBank/internetBanking/DisplayLoginPage/RequestRouter/). It's interesting to look at the source and figure out where they are putting stuff. I wonder how much people would be willing to phish if all they got was garbage?
Oh.. and I've notified the Anti-Phishing Workgroup (http://www.antiphishing.org) so I don't know how long this site will remain up. Anyone speak korean? Perhaps the ISP should also be notified.
Dear U.S. Bank valued member,
Due to concerns, for the safety and integrity of the Internet Banking community we have
issued this warning message.
It has come to our attention that your account information needs to be updated due to
inactive accounts, frauds and spoof reports. If you could please take 5-10 minutes out of
your online experience and renew your records you will not run into any future problems
with the online service. However, failure to update your records will result in account
deletation.
Once you have updated your account records your online banking account will not be
interrupted and will continue as normal.
Please follow the link below and renew your account information.
http://www.usbank.com/cgi_w/cfm/personal/account_access/account_access.cfm
U.S. Bank Internet Banking
Kinda funny since I DON'T have an account. But what would happen if I did fill out the form? Lo' and behold, it allowed me to continue (I had asked to pay bills and got a screen to update my Debit/credit cards). So I put in a fake VISA number along with some arbitrary date, fake pin and a fake "security number". It happily accepted them all. :D
You can find the "real phish" here (http://211.233.5.177/requestCmdId/USBank/internetBanking/DisplayLoginPage/RequestRouter/). It's interesting to look at the source and figure out where they are putting stuff. I wonder how much people would be willing to phish if all they got was garbage?
Oh.. and I've notified the Anti-Phishing Workgroup (http://www.antiphishing.org) so I don't know how long this site will remain up. Anyone speak korean? Perhaps the ISP should also be notified.