lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 21 Feb 2007 11:31:07 -0500
From: Troy Cregger <tcregger@...nedyinfo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Bank of America [phising email]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Got an email today that was crafted to look like it came from Bank of
America, the message contained the following:

Because of   unusual number of invalid login attempts on you account, we
had to believe that,   their might be some security problem on you
account. So we have decided to put   an extra verification process to
ensure your identity and your account security.   Please click on <A
href="http://www.candy-pop.com/www.bankofamerica.com/BOA/sslencrypt218bit/online_banking/index.htm"
target="_blank">sign in to Online Banking</A> to continue to the
verification process and   ensure your account security. It is all about
your security. Thank you, and   visit the customer service section.

Which of course loads a phishing page that would capture login
credentials should anyone fall for the ruse.

This may be old news though and possibly related to another story I read
earlier on Zone-H
here: http://www.zone-h.org/content/view/14577/31/




Troy Cregger
Lead Developer, Technical Products.
Kennedy Information, Inc
One Phoenix Mill Ln, Fl 3
Peterborough, NH 03458
(603)924-0900 ext 662
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF3HPLnBEWLrrYRl8RAmPbAJsEhggVS+bHdwHYAi6Zrax+azPPXwCfd2T8
gKSsfPlF/9a+kPWEYacykVg=
=aepj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ