Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our speciality !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Not Your Average Phishing Scam

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
tricore
Guest
PostPosted: Tue Jan 09, 2007 4:35 am    Post subject: Not Your Average Phishing Scam Reply with quote
One of the first phishing scams to catch Security Fix's eye in the new year -- a counterfeit Amazon.com login page -- may set the tone for the sophistication of online schemes involving fake bank and e-commerce sites in 2007. The bogus site, which was active as of early Tuesday morning, makes use of the real Amazon.com site in an effort to fool visitors into entering their real usernames and passwords.

This type of trick, known as a type of "man-in-the-middle" attack, logs the user into his or her account at Amazon.com, then it displays the data that Amazon serves up once the user is logged in. Visitors who supply bogus or otherwise incorrect usernames and passwords are shown a copy of the page Amazon users normally see if they mistype either of their credentials.


The lure in this phishing attack is an e-mail that warns the recipient about supposed unauthorized activity on his or her Amazon account and directs the user to reset the account's credentials. Anyone who enters a real Amazon username and password is asked to provide their date of birth, address and Social Security number.

Security Fix first learned of this scam site from Paul Laudanski of Castlecops.com, a group of volunteers who work with Internet service providers, Web hosting companies and law enforcement to help find and disable phishing sites and other online scams.

Laundanski said the fake Amazon site appears to have been created from a phishing "kit," or a pre-packaged set of counterfeit Web pages sold on the Internet black market. Already, he said, the same Amazon phishing kit has been spotted in use on a number of separate Web servers, suggesting that the technique is indeed being shared among scammers.

For all its sophistication, though, this particular Amazon scam site has some serious weaknesses. For one, it didn't attempt to obfuscate the IP address or otherwise monkey with the appearance of the browser address bar to hide the fake server's true address. Also, the anti-phishing technology in the Netcraft Toolbar and the blacklists built into both Internet Explorer and Firefox flagged this site as malicious pretty early on.

Laudanski said that if this type of man-in-the-middle attack becomes the norm, it could prompt more online merchants implementing things like "captchas," online Turing tests that prompt the visitor to read and type in a series of jumbled letters and or numbers in an effort to separate real users from automatic logins of the sort used in this attack.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group