[Dshield] Heads up, Another Phishing scheme

Jon R. Kibler Jon.Kibler at aset.com
Fri Feb 27 21:40:15 GMT 2004


Robert Dodd wrote:
> 
> Jon,
>         I think this could be a simple faked URL with no DNS manipulaton required.
> The text read one thing, but the actual URL was something else.
> 
> Example: <a href="bogus URL here">legitimate looking URL here</a>
> 
> Jon R. Kibler wrote:
> 
> >What I find REALLY SCARY about this email is the fact that they are using a
> >CitiBank URL:
> >       https://web.da-us.citibank.com/signin/citifi/scripts/email_verifyjsp
> >
> >This looks like someone was able to either hack citibank.com's DNS and
> >insert a bogus entry for "web.da-us.citibank.com", or someone was able to
> >hijack the traffic to their DNS server and route it to a bogus DNS server.
> >(Anyone have other possibilities?)

Agree. I just assumed that Deb posted that actual URL. Would be interested to
see the actual HTML code that produced that link. Deb -- can you post it?

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list