Interesting phishing...

[Tiger Shark]

I got an interesting one today frowarded by me CEO, (Yes, they're getting it finally...), purporting to be from Smith Barney. When I clicked the link I guess it was intercepted by the offending IP's ISP because it popped up a cute little window that simply stated "For security reasons this port is unavailable". A very elegant way of blocking the problem while they fix the cause.

[morganlefay]

We have a new one here in Canada as I was warned by this email from CIRA

CIRA Warns Dot-ca Domain Name Holders of Misleading Verification Notices Protect your domain name. Do not share your CIRA User Account Number or Password with anyone!

Ottawa, December 13, 2004 - The Canadian Internet Registration Authority
(CIRA) is advising dot-ca domain registrants (holders of dot-ca domain
names) NOT TO RESPOND OR REPLY TO ANY EMAILS requesting verification of CIRA User Account Numbers and Passwords.

CIRA has learned that an unknown party is attempting to obtain CIRA User Account Numbers and Passwords from dot-ca registrants by sending MISLEADING EMAIL NOTICES that appear to originate from CIRA. These misleading emails request that CIRA User Account Numbers and Passwords be provided to validate registrant information and prevent domain name suspension (inactivation).
The emails originate from COMPLIANCE@CIRA.CC. CIRA's compliance email address is COMPLIANCE@CIRA.CA

If you have replied to an email requesting your CIRA User Account Number and Password, and have included your CIRA User Account Number and Password in your reply, PLEASE CONTACT YOUR REGISTRAR IMMEDIATELY to request a new CIRA User Account Number and Password. If you do not know the name of your registrar, you may obtain it by entering your dot-ca domain name in the WHOIS field at http://whois.cira.ca/public

For additional information: http://www.cira.ca/news-releases/139.html

MLF

[steve.milner]

Ms Mittens, on your second point:

Checking creditcard validity is relatively easy:

Here's a little pascal that will do the job:

Code:

// Perform LUHN check on a credit card number
function CCLUHNCheck(CardNumber: string): Boolean;
var
  Pos, Total, Temp: Integer;
  Double: Boolean;

begin
  Double := False;
  Total := 0;
  for Pos := Length(CardNumber) downto 1 do
  begin
    if Double then
    begin
      Temp := 2 * StrToInt(MidStr(CardNumber, Pos, 1));
      if Temp < 10 then
        Total := Total + Temp
      else
        Total := Total + (Temp - 9); // (Equivalent to adding two digits together)
    end
    else
      Total := Total + StrToInt(MidStr(CardNumber, Pos, 1));
    Double := not Double;
  end;
  if Total mod 10 = 0 then
    Result := True
  else
    Result := False;
end;

Steve

[MrLinus]

Oh.. it may be easy but I've rarely seen it actually used. Many of the phishings I've seen prior to this don't take the time/effort to do that.

[steve.milner]

A more intelligent phisher...

Didn't want to go to the trouble of filtering out the garbage or to make the phish look more real? I wonder what the real motive was..

Steve

[dspeidel]

There's to the best of knowledge a new IE security flaw that allows a phisher to show a legitimate web address for example paypal.com but redirect the unsuspecting to a different site. A test can be found on http://secunia.com/internet_explorer...rability_test/ this is an IE only bug. I did a search and could not find an announcement of the bug (if I missed it PM me and I'll delete this post)

Regrads,
-D

[jinxy]

Actualy I don't think the site verified whether the credit card was real or not..Only that the details entered matched the format of a credit card.

I'm only just learning javaScript but that is the impression i got looking at the sites sourse.................On the original site the script was not visible. The fake just looked like it was a course grab, with some bs javascipt added..............................Im not sure but i think submitted information would have been forwarded to another site hosted localy and not in the public domain.