lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Mon Jun  6 14:48:48 2005
From: mailinglists at vanscherpenseel.nl (Vincent van Scherpenseel)
Subject: Analysis: Postbank.nl Phishing Scam

Hi there,

I've just finished writing a technical analysis on the Postbank.nl phishing 
scam hitting Dutch e-bankers as from last Saturday. This was fortunately 
really big in the Dutch media so the amount of victims may have been limited.

I found some interesting things in the scam: the victim was redirected 4 times 
(including through Google and MSN) before arriving at his/her final location, 
the use of URL obfuscating to social engineer the user into clicking 'the 
link below' and the inclusion of a stylesheet over a HTTPs connection to 
resemble an authentic bank to Joe Average.

You can read the analysis at: http://www.syn-ack.org/papers/postbank.html .

I would love to receive any feedback on it, either positive or negative, as 
long as arguments are supplied.

 - Vincent 'rastakid' van Scherpenseel

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux