PHP Buzz Forum - Phishing

Articles |
News |
Weblogs |
Books |
Forums

Artima Forums | Articles | Weblogs | Java Answers | News

Sponsored Link •

PHP Buzz Forum
Phishing

0 replies on 1 page.

Welcome Guest
Sign In

Back to Topic List

Reply to this Topic

Search Forum

Threaded View


Previous Topic		Next Topic

Flat View: This topic has 0 replies on 1 page

Chris Shiflett

Posts: 124
Nickname: shiflett
Registered: Sep, 2004

Chris Shiflett is a PHP security specialist and creative thinker.

Phishing

Posted: Feb 17, 2005 5:44 PM

This post originated from an RSS feed registered with PHP Buzz by Chris Shiflett.
Original Post: Phishing Feed Title: Chris Shiflett's Blog Feed URL: http://www.feedburner.com/fb/static/error.html Feed Description: Author, Consultant, Programmer, Speaker, Trainer	Latest PHP Buzz Posts Latest PHP Buzz Posts by Chris Shiflett Latest Posts From Chris Shiflett's Blog

Phishing seems to be getting more and more popular. This can only mean one thing - it's successful.

The usual scenario goes like this. You receive an email that makes it sound like you need to visit a web site in order to address some security concern with your account. Clicking the link leads you somewhere other than where you intend to go, but the page looks like you expect. For example, a phishing email going around right now links to http://logon.personal.wamu4u.com:280/login/index.php:

Of course, wamu4u.com is not the same as wamu.com, but if enough people receive this email, there are plenty of victims who won't notice (and who will, by coincidence, bank with Washington Mutual). Once you've been tricked into believing that the phishing site is the real thing, you are asked to provide some sensitive information. For example, if you visit the previous URL and attempt to log in, you will arrive at http://logon.personal.wamu4u.com:280/login/check.php:

This page asks for your name, credit card information, and PIN. Once you provide this, you are redirected to http://www.wamu.com/personal/Welcome/Privacy.htm, a page within the legitimate Washington Mutual web site, possibly unaware that you've just given your personal information to a phisher.

Interestingly enough, whois wamu4u.com shows the following:

Domain Name : wamu4u.com
 
::Registrant::
        Name      : Constance Edwards
        Email     : edwards@mail333.com
        Address   : 1094 SE St Patricks Court, Port Orchard, WA
        Zipcode   : 98367
        Nation    : US
        Tel       : +1.302-338-7956
        Fax       : +1.302-338-7956
 
::Administrative Contact::
        Name      : Constance Edwards
        Email     : edwards@mail333.com
        Address   : 1094 SE St Patricks Court, Port Orchard, WA
        Zipcode   : 98367
        Nation    : US
        Tel       : +1.302-338-7956
        Fax       : +1.302-338-7956
 
::Technical Contact::
        Name      : Constance Edwards
        Email     : edwards@mail333.com
        Address   : 1094 SE St Patricks Court, Port Orchard, WA
        Zipcode   : 98367
        Nation    : US
        Tel       : +1.302-338-7956
        Fax       : +1.302-338-7956
 
::Name Servers::
        ns1.spx2k.com
        nsfr1.us2k.net
 
::Dates & Status::
        Created Date   2005-02-10 07:48:01 EST
        Updated Date   2005-02-10 07:48:01 EST
        Valid Date     2006-02-10 07:48:01 EST
        Status         ACTIVE

Because requests for http://wamu4u.com/ return a server error, and because the phishing attack utilizes port 280, it seems quite possible that the legitimate owner of the site is unaware. However, it sure does seem like these attacks would be very easy to track down. Does anyone know what the big targets (banks, eBay, Paypal, etc.) are doing to address this growing concern? What can we, as web developers, do to help?

Read: Phishing

Previous Topic

Next Topic


	Web Artima.com