• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Phishing Sites Getting More Advanced with SSL

February 22, 2006

Views: 5,335

[ad]

Phishing is a difficult enough form of fraud to avoid for most computer users, but when some of the biggest names in the financial industry fail to do their part to detect and eliminate these online scams, consumers often are placed in an untenable situation.

Case in point: A source recently forwarded a link to one of the “best” phishing attacks I’ve ever seen. This one — targeting the tiny Mountain America credit union in Salt Lake City, Utah — arrives in an HTML-based e-mail telling recipients that their Mountain America credit union card was automatically enrolled in the Verified by Visa program, a legitimate security program offered by Visa that is supposed to provide “reassurance that only you can use your Visa card online.”

The fake MountainAmerica.net Web site

The e-mail includes the first five digits of the “enrolled card,” but those five digits are found on all Mountain America bank cards, so that portion of the scam is likely to be highly convincing for some recipients. The message directs readers to click on a link and activate their new Verified by Visa membership.

Beware, make sure your non tech-savvy friends & relatives are aware of how tricky these scammers are getting.

Someone YOU know could be falling for this soon.

Sources: Slashdot – Washington Post

Share2
Tweet
Share
Buffer
WhatsApp
Email
2 Shares

Filed Under: Phishing Tagged With: Phishing, scams



Reader Interactions

Comments

  1. Navaho Gunleg says

    February 22, 2006 at 11:19 am

    Yeh they are getting nastier by the day, and support for languages is increasing too.

    I always warn people that,
    1) banks usually do not do this without a snail-mailing informing about it,
    2) your bank doesn’t send those messages in English in the first place.

    Well the latter is rather obsolete now. About a year ago I’ve noticed the phishing attempts in my Junk folder, in badly translated Dutch (probably using some online translation service).

    Recently months I see them with better language. I guess that must be local people picking up on the same scam.

    So they now clone a website, including an SSL certificate that seems convincing enough to trick most people.

    If they would include real, complete, bank information from some leaked customer database, then things could get really scary…

  2. Darknet says

    February 22, 2006 at 3:41 pm

    Yeah I have noticed a few in local languages at various business around the world, they are definately getting a LOT more refined and advanced than the olden days.

    Last time was a saved version of hotmail login on a geocities site, and it still used to a fool a few people back in the day.

    Now they have proper domains, often with rotating DNS entries so they can’t shut the sites down, proper SSL certificates, first 4 digits of your credit card number…Pretty scary.

  3. karan says

    February 23, 2006 at 12:59 pm

    As a parody….I read about this simple scam about a bank website being cloned. Users actually logged on to this site and punched in their personal details without any apprehensions about security and exposure.

    These guys were later tracked when the bank allowed them to carry out a transaction using a stolen credit card number on e-bay. The guy was caught when he went to collect his nokia phone from the dealer.

    I was surprised how a user could be so gullible – the site itself was a shoddy clone of the original site with glitches in the background colors and layout. There will always be takers for the bait (big or small) – no matter how much you try to educate and publicize. Goes to show – ignorance is not always bliss…

  4. burn666 says

    February 27, 2006 at 3:51 am

    Lol!

    Ironically enough, just before reading this post i received an email ostensibly from JP Morgan for a bill payment… Gotta admit though, those phishers have really improved on their previously discernable minor errors in grammar, layout, and even product/services ‘lingo’.

    Check it:

    This is your official notification from Chase Bank that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Chase OnlineSM Contact assigned to this account. As the Primary Contact, you must renew (overview) the service(s) listed below or it will be deactivated and deleted.

    SERVICE: Chase Bank Chase OnlineSM with Bill Payment. EXPIRATION: February 25, 2006

    We recently reviewed your account, and suspect that your Chase OnlineSM Account may have been accessed by and unauthorized third party.

    Protecting the security of your account and of the Chase Networks is our primary concern.

    Oh the irony eh? ;)

    Was even curious enough to check out the site they had set up and it wasn’t half bad. Compare it for yourselves (login is obviously any username and password) here and contrast it with the actual Chase homepage.

    Still, its a worrying trend…

  5. madmax says

    April 20, 2007 at 2:28 pm

    hey Burn666

    I just tried goin to tht fake Chase site

    Turns out tht its been deleted!!

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,181,675)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,348)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,350)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,679)
  • Password List Download Best Word List – Most Common Passwords (931,825)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,455)
  • Hack Tools/Exploits (672,588)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,848)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy