tmccann11
Who, Me?
Premium
join:2001-06-10
Bayonne, NJ
clubs:
1 edit | Got Me Good
Damn, I just might have fallen for that considering the fact that I get tons of mail from like best buy and staples.
F$%$%$ng Microsoft.
Tom
FP |
|
Xzibit
Wtf Mate?
Premium
join:2002-04-19
Santa Clara, CA
clubs: |  Oh damn...
Damn, got me  |
|
KyleC
Nikon Guy
Premium
join:2001-12-13
Dallas, TX
3 edits | Holy Crap
I have gotten fake paypal sites like this, trying to get me in enter my info, i knew it was fake, cause paypal never sends email out requesting info. |
|
CenTex2
join:2003-04-16
Marlin, TX | Oh bloody HELL!
Here we go again.... |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
| reply to tmccann11
IE vulnerability - Now more than ever ...
That's another good reason to be sure you type no sensitive information on any web page that does not have the secured lock and a valid security certificate.
Too many "legitimate" sites have the input fields on a page without the lock and cert, then redirect to https only after the user has entered sensitive data and pressed enter to send it. Too many more have certs that don't match the sites or are expired.
EG
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred." -- The Mahabharata. |
|
Headbanger
join:2001-12-28
Charleston, SC | This is scary
I can see that people will fall for this and not ever know. |
|
tmccann11
Who, Me?
Premium
join:2001-06-10
Bayonne, NJ
clubs:
| reply to KyleC
Re: Holy Crap
But what if (insert favorite store here) emailed you stating that they were having a one day sale with 50% off any one item, and had an html page embedded in the email that looked legit enough. You follow it, and go through the whole process, and you think you placed an order....and gotcha.
I know the scenario may be unlikely for most of us, but there are alot of people that would fall for it in a heart beat, and could you really blame them?
JM2C
Tom
--
My baby: Asus A7N8X-Deluxe, XP2500+, 1GB Kingston Value Ram, 2 80GB WD 7200 8MB, Sound Blaster Audigy, Powercolor Radeon 9800 Pro, NEC DVD+/- RW,Lite-on 52x CDR, Antec SB1040II |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
| dammm..
this is too scary....
btw. using and old version of OPERA, you get a popup warning, and the whole address shows on the address bar..
there is no excuse for microsoft to have the address display the way it does... by trying to make stuff easier, they make windows so insecure, that it is a public menace. I guess you can get away with sloppy code when you are a near-monopoly. |
|
cmhbob
Did...Did I Do That?
Premium
join:2001-03-13
Grove City, OH
clubs: | One way to be more careful
In IE, make sure "Show friendly URLs" is not checked. Then just watch your status bar to see where you're really going.
|
|
wheelzoff
join:2001-02-14
Irving, TX
clubs:
1 edit | The status bar is my best friend.
--
"The Stars Win The Stanley Cup, The Stars Win The Stanley Cup", Ralph Strangis. |
|
lalaas
join:2002-01-01
Oak Park, MI
| Other phish being caught
I caught a phish like this pretending to be Comcast, and asking for all kinds of info, even down to PIN number & CVV # on the back of your credit card - bank phone #, etc. Really crafty, and I wonder how many people got scammed by them. I posted it here in the CC forum (IIRC) and notified comcast. Within an hour the site had disappeared. |
|
FLea973
Premium
join:2001-02-27
Morristown, NJ
clubs:
| 1 way to spot it -
At least I saw a way to spot it on the demo site - hover over a link on the spoofed site and look at the status bar. It displays the full path of that link:
"http://www.symantec.com @www.dslreports.com/front/symantec/www.symantec.com/gotcha.html"
Unfortunately what is displayed in the status bar can also be controlled through Java scripts - so yet another reason to disable java. |
|
statecop
Premium
join:2002-09-16
Beverly Hills, CA | Not good!
This is bad! |
|
reub2000
Premium
join:2001-12-28
Evanston, IL | What's new about "@"?
Stuff like »realsite.com@fakesite.com/page.html has been done for a long time. What's new? |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
|  Safe here. :-)
Didn't fool my 2002 version of Netscape v4.8 at all.  It's old, but was updated in 2002 so it's not that old.
Regards,
Doctor Olds |
|
SanJoseNerd
Premium
join:2002-07-24
San Jose, CA
1 edit | Wow
After following the link to the Phish page, I went up to the IE address bar and typed in ht tp://www.symantec.com (extra space here so DSLR won't convert to a link) ... and it still went to the Phish page.
Once you're there, typing in the URL just to "double check" that you are where you think you are, doesn't work. Wow. |
|
The Way Out
join:2003-01-20
| Don't trust the Lock icon either!
Want to see something scary? Try this link:
https://www.paypal.com
It says PayPal in the URL, but it's not paypal! You'll notice that it still displays the "Lock" in the bottom right hand corner, too. Be afraid. :| |
|
ArchAngel21x
MacFan Pro
Premium
join:2001-10-28
Lincoln, NE
 ·Internet Nebraska
| Not So Fast
Just look at the status bar. |
|
justin
Australian
join:1999-05-28
Brooklyn, NY
Host:
IPv6
Business Connectiv..
Home/Office setup ..
Console/Handheld g..
Console Tech
| reply to FLea973
Re: 1 way to spot it -
That is true - the status bar (if enabled) will show the full link if you pause and look at it. However, the domain name (easy to spot www.dslreports.com) could easily be a number, or a plain IP.
Then, the beginning of the URL and the END of the URL both look ok... only the middle and @ symbol look odd (in the status bar).
The people targetted for fraud are not likely to be folks who know why the status bar is even there, let alone how to use it |
|
justin
Australian
join:1999-05-28
Brooklyn, NY | reply to reub2000
Re: What's new about "@"?
What is new is what shows in the location bar AFTER you reach the "fake site". |
|
