[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] US Bank scam

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] US Bank scam
From: Eric LeBlanc <inouk@xxxxxxx>
Date: Tue, 15 Jun 2004 13:58:39 -0400 (EDT)

On Tue, 15 Jun 2004, David Lederman wrote:

> This is the best phishing scam I've seen yet:
> http://www.bis1bp.com/a12/index.html
>
> I have Windows Server 2003 fully patched and this works. The program fakes an 
> address bar so this
> would pass through most people's safety check, after all the address bar 
> clearly has the correct
> address.
>
> There are bugs in the code, for example, all your Internet Explorer windows 
> will now have this
> address, but again for most people would only have one window open.
>

If you have google's toolbar or something similar, it will overwrite this
toolbar and not the address bar.

But, I must admit that this thing is ingenious !

E.
--
Eric LeBlanc
inouk@xxxxxxx
--------------------------------------------------
UNIX is user friendly.
It's just selective about who its friends are.
==================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] US Bank scam
  - From: David Lederman

Prev by Date: RE: [Full-Disclosure] Akamai
Next by Date: [Full-Disclosure] [ GLSA 200406-08 ] Squirrelmail: Another XSS vulnerability
Previous by thread: [Full-Disclosure] US Bank scam
Next by thread: RE: [Full-Disclosure] US Bank scam
Index(es):
- Date
- Thread