lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: peterharvey at emergency.qld.gov.au (Peter B. Harvey (Information Security))
Subject: US Bank scam

Couple of notes,

First the page is not encrypted.

Second the overlay stays on top when you switch windows. At the moment it is sitting in the middle of the email i am typing.

However a novice to computer scams could be fooled quite easily by this. Impressive.

Peter
____________________________________________
Peter Harvey
Information Security Officer
Dept. Emergency Services - QLD
Phone: +61 7 3109 7292
____________________________________________

-----Original Message-----
From: Eric LeBlanc [mailto:inouk@....net]
Sent: Wednesday, June 16, 2004 3:59 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] US Bank scam


On Tue, 15 Jun 2004, David Lederman wrote:

> This is the best phishing scam I've seen yet:
> http://www.bis1bp.com/a12/index.html
>
> I have Windows Server 2003 fully patched and this works. The program fakes an address bar so this
> would pass through most people's safety check, after all the address bar clearly has the correct
> address.
>
> There are bugs in the code, for example, all your Internet Explorer windows will now have this
> address, but again for most people would only have one window open.
>

If you have google's toolbar or something similar, it will overwrite this
toolbar and not the address bar.

But, I must admit that this thing is ingenious !

E.
--
Eric LeBlanc
inouk@....net
--------------------------------------------------
UNIX is user friendly.
It's just selective about who its friends are.
==================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

This correspondence is for the named persons only.
It may contain confidential or privileged information or both.
No confidentiality or privilege is waived or lost by any mis transmission.
If you receive this correspondence in error please delete it from your system immediately and notify the sender.
You must not disclose, copy or relay on any part of this correspondence, if you are not the intended recipient.
Any opinions expressed in this message are those of the individual sender except where the sender expressly,
and with the authority, states them to be the opinions of the Department of Emergency Services, Queensland.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ