Tag Archives: phishing

Blog, latest

Twitter Phishing Site

2 Comments

The newest phishing scam showed up today – maybe it’s been around a while?

First you get the Direct Message – this one forwarded to my email:

20091128_twitter_phish_email

The link in the DM/email takes you to a  site that is a perfect replica of the (old) Twitter logon screen.

But wait.

ALWAYS check the URL before you type in your username/password.

20091128_twitter_phish_webscreen

They even bothered to include the Twitter favicon, but the url is…

20091128_url_favicon

And here’s who owns THAT URL, via a public Whois search…

Registrant Contact:
   jiang wen bin
   jiang wen bin jiang wen bin lixing688@gmail.com
   +86.0517757813719 fax: +86.0517757813719
   jin hua chang jiang lu 125 hao5zhuang 603
   jin hua ZJ 345634
   CN

Administrative Contact:
   jiang jiang lixing688@gmail.com
   +86.02163883527 fax: +86.02163883527
   jinghua Changjiang east street 1255603
   jing hua SH 345634
   CN

Technical Contact:
   jiang wen bin jiang wen bin lixing688@gmail.com
   +86.0517757813719 fax: +86.0517757813719
   jin hua chang jiang lu 125 hao5zhuang 603
   jin hua ZJ 345634
   CN

Billing Contact:
   jiang wen bin jiang wen bin lixing688@gmail.com
   +86.0517757813719 fax: +86.0517757813719
   jin hua chang jiang lu 125 hao5zhuang 603
   jin hua ZJ 345634
   CN

DNS:
ns1.4everdns.com
ns2.4everdns.com
Media

HSBC and MasterCard Battle Phishing with Phishing Technique

Here’s a little internet security quiz for you.

You’re planning a trip and are using the internet to reserve a lovely B&B in Scotland. You’ve filled out reservation information and now are going to use your credit card to pay.

You fill in your card number, expiry date, the 3 or 4 digit security number on the back/front of the card, your name, home address etc.

You press “SUBMIT”

After pressing submit, a window pops up, taking you to a different site, where you’re asked to fill in some of the same information you’ve just given, plus your date of birth.

You should:

a) cancel the transaction immediately
b) never put in the additional information being requested
c) copy down the address in the window and call your bank immediately
d) all of the above – you’re being phished.

If you answered a,b,c, or D, you’re correct.

Unless of course you have a Mastercard account.

Because, for some bizarre reason, this is exactly the technique Mastercard has begun using to try to bring ‘more security’ to your online transactions.

And it’s bound to fail miserably.

The scenario I described above is exactly what happened today. The popup looked like this:

Now, pop-ups are bad enough and always put me off.

But this one comes from a domain I don’t know (its not my bank or mastercard.com) and it uses the same kind of language I always see in those spam emails. You know, “free service”, “get it now” to make things more secure – oh, and guess what – you can’t complete your transaction without doing so…

We immediately bailed on the transaction fearing we’d been phished.

In a way, we had been – except it wasn’t a bad guy – it was Mastercard

OMG. Whoever talked them into this new online security move apparently doesn’t actually use the internet.

To make matters worse, even if you were going to institute such a lame scheme, you’d think Mastercard would tell their customers via their monthly statement that this was coming. You know, a heads up ?

Didn’t happen.

After spending 20 minutes on the phone with our bank, HSBC, we were reassured that this is legit.

I should point out that if you go to securecode.com you will be redirected to Mastercard. However, if you try the URL that was in the popup – a subdomain – you get a very un-Mastercard looking error screen (click it for a larger version)

This plan is doomed to fail. Mastercard’s new securecode system sends off alarm bells for even the most seasoned internet shopper.

Ironically, Mastercard may in fact reduce internet fraud by reducing internet transactions – their new system will cause people to cancel their transaction for fear they’re being duped.