[Dshield] Heads up, Another Phishing scheme

Robert Dodd bobdodd at sheperd.com
Fri Feb 27 20:31:53 GMT 2004


Jon,
	I think this could be a simple faked URL with no DNS manipulaton required.
The text read one thing, but the actual URL was something else.

Example: <a href="bogus URL here">legitimate looking URL here</a>

Jon R. Kibler wrote:

>What I find REALLY SCARY about this email is the fact that they are using a
>CitiBank URL:
>	https://web.da-us.citibank.com/signin/citifi/scripts/email_verifyjsp
>
>This looks like someone was able to either hack citibank.com's DNS and
>insert a bogus entry for "web.da-us.citibank.com", or someone was able to
>hijack the traffic to their DNS server and route it to a bogus DNS server.
>(Anyone have other possibilities?)




More information about the list mailing list