Comments on: Phishing Sites Getting More Advanced with SSL

By: madmax

madmax — Fri, 20 Apr 2007 14:28:44 +0000

hey Burn666

I just tried goin to tht fake Chase site

Turns out tht its been deleted!!

By: burn666

burn666 — Mon, 27 Feb 2006 03:51:21 +0000

Lol!

Ironically enough, just before reading this post i received an email ostensibly from JP Morgan for a bill payment… Gotta admit though, those phishers have really improved on their previously discernable minor errors in grammar, layout, and even product/services ‘lingo’.

Check it:

This is your official notification from Chase Bank that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Chase OnlineSM Contact assigned to this account. As the Primary Contact, you must renew (overview) the service(s) listed below or it will be deactivated and deleted.

SERVICE: Chase Bank Chase OnlineSM with Bill Payment. EXPIRATION: February 25, 2006

We recently reviewed your account, and suspect that your Chase OnlineSM Account may have been accessed by and unauthorized third party.

Protecting the security of your account and of the Chase Networks is our primary concern.

Oh the irony eh?

Was even curious enough to check out the site they had set up and it wasn’t half bad. Compare it for yourselves (login is obviously any username and password) here and contrast it with the actual Chase homepage.

Still, its a worrying trend…

By: karan

karan — Thu, 23 Feb 2006 12:59:43 +0000

As a parody….I read about this simple scam about a bank website being cloned. Users actually logged on to this site and punched in their personal details without any apprehensions about security and exposure.

These guys were later tracked when the bank allowed them to carry out a transaction using a stolen credit card number on e-bay. The guy was caught when he went to collect his nokia phone from the dealer.

I was surprised how a user could be so gullible – the site itself was a shoddy clone of the original site with glitches in the background colors and layout. There will always be takers for the bait (big or small) – no matter how much you try to educate and publicize. Goes to show – ignorance is not always bliss…

By: Darknet

Darknet — Wed, 22 Feb 2006 15:41:43 +0000

Yeah I have noticed a few in local languages at various business around the world, they are definately getting a LOT more refined and advanced than the olden days.

Last time was a saved version of hotmail login on a geocities site, and it still used to a fool a few people back in the day.

Now they have proper domains, often with rotating DNS entries so they can’t shut the sites down, proper SSL certificates, first 4 digits of your credit card number…Pretty scary.

By: Navaho Gunleg

Navaho Gunleg — Wed, 22 Feb 2006 11:19:18 +0000

Yeh they are getting nastier by the day, and support for languages is increasing too.

I always warn people that,
1) banks usually do not do this without a snail-mailing informing about it,
2) your bank doesn’t send those messages in English in the first place.

Well the latter is rather obsolete now. About a year ago I’ve noticed the phishing attempts in my Junk folder, in badly translated Dutch (probably using some online translation service).

Recently months I see them with better language. I guess that must be local people picking up on the same scam.

So they now clone a website, including an SSL certificate that seems convincing enough to trick most people.

If they would include real, complete, bank information from some leaked customer database, then things could get really scary…