Re: [Declude.JunkMail] New Phishing Scheme
Sure. I'd be interested in taking a look. Darin. - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Saturday, March 12, 2005 11:35 PM Subject: Re: [Declude.JunkMail] New Phishing Scheme This one's different. I'll send you the details OL. -d - Original Message - From: Darin Cox To: Declude.JunkMail@declude.com Sent: Saturday, March 12, 2005 8:24 PM Subject: Re: [Declude.JunkMail] New Phishing Scheme Yep...it's been around a while... we first saw it July of last year with a US Bank phishing attempt. It only affected IE... and only when no other toolbars were installed. Firefox was not vulnerable to it. It was quite surprising, as it uses DHTML to place a div over the URL window if the window is at the default offset from the main window... surprising that IE allowed that... Darin. - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Saturday, March 12, 2005 5:27 PM Subject: [Declude.JunkMail] New Phishing Scheme Hi, All- Somebody has figured out how to use _javascript_ to make a link look correct on the page, and in the status window when you mouse over the link, while actually sending you to a phish site. So it is no longer sufficient to check the status window, you actually have to look at the page source to figure out whether a link goes where it says. Maybe some of you have already seen this technique, but it's the first time I have seen it in my inbox. I was waiting for this to happen, and I'm a little surprised that I haven't seen it before. It's actually pretty simple to do. Since there are probably lurkers here, I'll be happy to share the code OL with people I know if you want to see how it's done. If the weight of opinion here is to share the code openly, I will be happy do so. -Dave Doherty Skywaves, Inc. 301-652-8822 x209
Re: [Declude.JunkMail] New Phishing Scheme
This one's different. I'll send you the details OL. -d - Original Message - From: Darin Cox To: Declude.JunkMail@declude.com Sent: Saturday, March 12, 2005 8:24 PM Subject: Re: [Declude.JunkMail] New Phishing Scheme Yep...it's been around a while... we first saw it July of last year with a US Bank phishing attempt. It only affected IE... and only when no other toolbars were installed. Firefox was not vulnerable to it. It was quite surprising, as it uses DHTML to place a div over the URL window if the window is at the default offset from the main window... surprising that IE allowed that... Darin. - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Saturday, March 12, 2005 5:27 PM Subject: [Declude.JunkMail] New Phishing Scheme Hi, All- Somebody has figured out how to use _javascript_ to make a link look correct on the page, and in the status window when you mouse over the link, while actually sending you to a phish site. So it is no longer sufficient to check the status window, you actually have to look at the page source to figure out whether a link goes where it says. Maybe some of you have already seen this technique, but it's the first time I have seen it in my inbox. I was waiting for this to happen, and I'm a little surprised that I haven't seen it before. It's actually pretty simple to do. Since there are probably lurkers here, I'll be happy to share the code OL with people I know if you want to see how it's done. If the weight of opinion here is to share the code openly, I will be happy do so. -Dave Doherty Skywaves, Inc. 301-652-8822 x209
Re: [Declude.JunkMail] New Phishing Scheme
Yep...it's been around a while... we first saw it July of last year with a US Bank phishing attempt. It only affected IE... and only when no other toolbars were installed. Firefox was not vulnerable to it. It was quite surprising, as it uses DHTML to place a div over the URL window if the window is at the default offset from the main window... surprising that IE allowed that... Darin. - Original Message - From: Dave Doherty To: Declude.JunkMail@declude.com Sent: Saturday, March 12, 2005 5:27 PM Subject: [Declude.JunkMail] New Phishing Scheme Hi, All- Somebody has figured out how to use _javascript_ to make a link look correct on the page, and in the status window when you mouse over the link, while actually sending you to a phish site. So it is no longer sufficient to check the status window, you actually have to look at the page source to figure out whether a link goes where it says. Maybe some of you have already seen this technique, but it's the first time I have seen it in my inbox. I was waiting for this to happen, and I'm a little surprised that I haven't seen it before. It's actually pretty simple to do. Since there are probably lurkers here, I'll be happy to share the code OL with people I know if you want to see how it's done. If the weight of opinion here is to share the code openly, I will be happy do so. -Dave Doherty Skywaves, Inc. 301-652-8822 x209
[Declude.JunkMail] New Phishing Scheme
Hi, All- Somebody has figured out how to use _javascript_ to make a link look correct on the page, and in the status window when you mouse over the link, while actually sending you to a phish site. So it is no longer sufficient to check the status window, you actually have to look at the page source to figure out whether a link goes where it says. Maybe some of you have already seen this technique, but it's the first time I have seen it in my inbox. I was waiting for this to happen, and I'm a little surprised that I haven't seen it before. It's actually pretty simple to do. Since there are probably lurkers here, I'll be happy to share the code OL with people I know if you want to see how it's done. If the weight of opinion here is to share the code openly, I will be happy do so. -Dave Doherty Skywaves, Inc. 301-652-8822 x209
Re: [Declude.JunkMail] New Phishing scheme
Something new: This one actually have descent grammer and speling. :-) - Original Message - From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: Sent: Monday, February 14, 2005 11:21 AM Subject: [Declude.JunkMail] New Phishing scheme Claiming to be charter one bank. I have not seen this kind of angle before. John Tolmachoff Engineer/Consultant/Owner eServices For You --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] New Phishing scheme
Claiming to be charter one bank. I have not seen this kind of angle before. John Tolmachoff Engineer/Consultant/Owner eServices For You Protecting the Confidentiality of Our Customers' Information Effective February 2005 Charter One Privacy Protection: Our Commitment to You. Dear Client, At Charter One, we recognize the sensitive nature of your financial inform= ation, and take appropriate precautions to protect your privacy. When you = entrust us with this information, you can be certain it will be used only = within our strict guidelines. Charter One, along with most other financial institutions who do business = in the United States, is required to provide our customers with a document= illustrating the types of customer information we collect and the circums= tances under which we may share it. This brochure describes those practice= s for all members of the Charter One corporate family. For a complete list= ing of the firms in the Charter One Banks, Inc. corporate family, please v= isit us online at www.charterone.com We hope you will read through all the details of Charter One's official po= sition on privacy. Importantly, we want you to understand that Charter One uses information r= esponsibly to: * Provide you with the services you've requested. * Offer you other financial products and services. * Make doing business with Charter One more convenient for you. *** IMPORTANT: The information we collect is used to help us deliver the s= ervices you've requested, easily and efficiently. It may also permit us to= design and offer specific products and services that we believe will be u= seful to you and other customers. If you could please take 5-10 minutes out of your online experience and re= new your records you will not run into any future problems with the online= service. Please follow the link below to verify your account information: http://www.chung-yo.com.tw/modules/xgallery/cache/charter/?p= age=3D1">http://www.charterone.com/policy/verification.asp?page=3D1 Thank you for your time and consideration in this matter. PRINT VERSION AVAILABLE UPON REQUEST Charter One Bank, Inc. Attn: Customer Privacy Coordinator MC: 001-01-A -- Charter One will not trade, rent or sell your personal information to anyo= ne. We will not provide account or personal information to on- Charter One= companies for the purpose of independent telemarketing or direct mail mar= keting of any non-financial products or services. Only in extremely limite= d circumstances, outlined below, do we share your information with other f= inancial services firms for marketing purposes. This policy statement takes the place of any previous privacy policies iss= ued by Charter One Bank, Inc., or any of its subsidiaries. If, in addition= to federal law, you are protected by specific state or local regulations = concerning information sharing, Charter One will fully comply with those r= egulations as well. - Charter One Bank Member FDIC (c) 2005 Charter One Bank, Inc. Revised: 02/01/2005 3207636685831246272--
