|
-
July 11th, 2004, 01:45 PM
#1
Phishing about... (for giggles)
Now, first off, I'm a Canadian. We don't have a branch of US Bank as far as I know. So imagine my surprise this morning when I got the following:
Dear U.S. Bank valued member,
Due to concerns, for the safety and integrity of the Internet Banking community we have
issued this warning message.
It has come to our attention that your account information needs to be updated due to
inactive accounts, frauds and spoof reports. If you could please take 5-10 minutes out of
your online experience and renew your records you will not run into any future problems
with the online service. However, failure to update your records will result in account
deletation.
Once you have updated your account records your online banking account will not be
interrupted and will continue as normal.
Please follow the link below and renew your account information.
http://www.usbank.com/cgi_w/cfm/pers...unt_access.cfm
U.S. Bank Internet Banking
Kinda funny since I DON'T have an account. But what would happen if I did fill out the form? Lo' and behold, it allowed me to continue (I had asked to pay bills and got a screen to update my Debit/credit cards). So I put in a fake VISA number along with some arbitrary date, fake pin and a fake "security number". It happily accepted them all. 
You can find the "real phish" here. It's interesting to look at the source and figure out where they are putting stuff. I wonder how much people would be willing to phish if all they got was garbage?
Oh.. and I've notified the Anti-Phishing Workgroup so I don't know how long this site will remain up. Anyone speak korean? Perhaps the ISP should also be notified.
-
July 11th, 2004, 04:39 PM
#2
heh, that is somewhat comical. These scam's are pretty much determined to hit somebody that won't just "click delete" as you did. You notified people who could put these scammer's/spammers/etc in trouble (or worse). Now what if by a SLIM chance they had e-mailed the head CEO of US Bank that would be something, wouldn't it? Just as ironic as mailing a Canadian.
-
July 11th, 2004, 04:43 PM
#3
Yup Spyder, that is the idea. By putting out mass amounts of email they will of course get people who don't know better and will enter their real information and I have a feeling most people don't fill in garbage if they know it's not real because it's a hassle, and takes some time. Besides, they wouldn't keep doing it if it wasn't profitable, right?
-Cheers-
-
July 11th, 2004, 05:05 PM
#4
Well it's definitely profitable. It's one of the most profitable form's of advertising on the market right now. And yes, the prey on people who don't know better. However every now and then they get a MsM or someone who know's wtf is going on and they get caught or reported.
-
July 11th, 2004, 05:12 PM
#5
Should set up some automation to flood them with bad #'s.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
July 11th, 2004, 05:58 PM
#6
However, failure to update your records will result in account deletation.
Note the use of the word "deletation". The US bank is unlikely to make a spelling error like that.
Cheers,
cgkanchi
-
July 11th, 2004, 07:48 PM
#7
Should set up some automation to flood them with bad #'s.
It'd be cool if someone wrote a program like that, but scriptable so that you could set the number of fields, etc...  X, you own at programming, have any spare time? :P
-Cheers-
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote