:: Stringing-along 419 scammers for my amusement ::

 

Terry Scambaiter – The BaiterBlog

419 Scams, Scambaiting, and the Internet

Phishing – a new approach

April 29th, 2009 tagsInternet / Computers userTerry Scambaiter

Along with the hundreds of 419 scam e-mails that I receive each day, I also get a lot of regular spam, e-mails with nasty attachments, and phishing e-mails.

Normally, phishers set up a fake website that appears to look and function like the site at your online banking institution. The idea is to target possible customers with phony e-mails demanding that the recipient ‘click the link’ in the e-mail to login to his or her bank account.

Of course, the link in the e-mail leads not to the recipient’s banking intutution but to the phisher’s own phony website where the victim’s real login name and password can be captured by the criminal.

Thankfully, most of these phony bank sites are reported fairly quickly to whomever is hosting them and the phisher may or may not actually capture any useful information in the short amount of time that the phony bank site is in operation.

One phisher has devised a way around this problem. He has actually attached the phony website (actually one login page) to the phishing e-mail itself.

Other than the attachment, the e-mail was just your bog standard phishing e-mail.

============================

From: AIB Bank
Reply-to: do-not-reply@aib.ie
Subject: Your AIB Internet Banking access has been locked.
Date: 29 Apr 2009 23:51:21 +0200 (17:51 EDT)

Dear AIB Customer,

Your Internet Banking access has been suspended due to many unsuccessful login attempts.

You are kindly advised to follow the instructions below to reactivate your account.

The activation form is attached to this email. Please download the attachment, open it, and follow the instructions on your screen.

The data submitted will be transmitted over an SSL encrypted connection (128 bit Secure Socket Layer).

HTML document attachment (form.html)

==============================

This is a simple but very effective solution to the phisher’s problem. No strange links in the e-mail and no one can take the phony login page offline.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

No Comments

rssComments RSS transmitTrackBack Identifier URI

No comments. Be the first.

Sorry, the comment form is closed at this time.


The previous post is A disturbing approach to 419 and the next one is