Deep Sea Phishing
Posted by Phil Aaronson at 5:17 PM
I just got this email tonight, and its one of the more obvious phishing scams. I wanted to send it along, in case you haven't seen one before:
... Subject: Security Measures ! ...
We are performing system maintenance, wich may interfere with access to your Online Services. Due to these technical updates your online account has been deactivate. SunTrust recommend you to reactivate your online account. Go to Internet Banking 0000,0000,8080 by clicking this link, verify your identity as a customer of SunTrust and your online account access will be reactivate by our system...
If you clicked on the link in the message (Go to https://...) it doesn't take you to a suntrust.com site, it takes you to an unmarked IP address. They may or may not hide this on IE (there's a security hole in IE that lets you overwrite the URL in your browser). I'm not using IE. Just for fun I logged in as "screwthis" and banged on the keyboard for a password and it prompts me for my credit card and pin number. Obviously DO NOT submit a real credit card/pin number.
One of the very first programs I ever wrote in high school was along these lines. My 15 yo delinquent self wrote a program for the old PDP 11/70 that emulated the login process. It was in essence a phishing scam. I would launch it from a common game account on every terminal in the computer lab as we left class, prepping it for the next class. As people logged in, it would write their usernames and password to a hidden file in the games account, and the user would then be logged in and just think, oops, I must have logged into games. I kinda wonder what my 16 yo self growing up now would do with the internet as my playground. I remember quizzing Stephanie, then Steve on how to get the VT100 terminal to be in password mode, and not write out what you were typing.
High school computer science students come in two flavors. There are the games writers and then there are the security hackers. I was more of a security hacker. Chemists come in two flavors as well. There are the guys who want to make bombs, and there are the guys who want to make drugs. Young women in these fields are fortunately a little more mature.
... Subject: Security Measures ! ...
We are performing system maintenance, wich may interfere with access to your Online Services. Due to these technical updates your online account has been deactivate. SunTrust recommend you to reactivate your online account. Go to Internet Banking 0000,0000,8080 by clicking this link, verify your identity as a customer of SunTrust and your online account access will be reactivate by our system...
If you clicked on the link in the message (Go to https://...) it doesn't take you to a suntrust.com site, it takes you to an unmarked IP address. They may or may not hide this on IE (there's a security hole in IE that lets you overwrite the URL in your browser). I'm not using IE. Just for fun I logged in as "screwthis" and banged on the keyboard for a password and it prompts me for my credit card and pin number. Obviously DO NOT submit a real credit card/pin number.
One of the very first programs I ever wrote in high school was along these lines. My 15 yo delinquent self wrote a program for the old PDP 11/70 that emulated the login process. It was in essence a phishing scam. I would launch it from a common game account on every terminal in the computer lab as we left class, prepping it for the next class. As people logged in, it would write their usernames and password to a hidden file in the games account, and the user would then be logged in and just think, oops, I must have logged into games. I kinda wonder what my 16 yo self growing up now would do with the internet as my playground. I remember quizzing Stephanie, then Steve on how to get the VT100 terminal to be in password mode, and not write out what you were typing.
High school computer science students come in two flavors. There are the games writers and then there are the security hackers. I was more of a security hacker. Chemists come in two flavors as well. There are the guys who want to make bombs, and there are the guys who want to make drugs. Young women in these fields are fortunately a little more mature.
0 Comments:
Post a Comment
<< Home