[ale] OT: online banking hack

Jay Finch retief at larp.com
Mon May 12 20:36:44 EDT 2003


Additionally, Wachovia (My bank) had a message about similar stuff 
happening to folkw who were told to "Log into Wachovia's Online banking" 
server.

I think the banks are taking this seriously. :~)

Cheers!
Jay

At 02:34 AM 5/13/2003 +0200, you wrote:
>This looks like a similar technique used by a few blackhats in Germany
>about four years ago. They were able to hijack domains of several banks (I
>still think Domain resgistration and control uses poor authenitication -
>at least use GPG sigs, or certs, etc for better security).  The traffic
>was redirected to a different site that looked identical to the bank's and
>the user was prompted for any interesting information to the blackhat.
>After the information was harvested, an arbitary error message was given
>and then redirected to the "real" online banking site. The unaware user
>ignores the message and enters the information again ...VOLLA...it works
>now :)
>
>1. How many actually make sure that IP address matches the correct Domain
>Name when we enter a URL?
>
>2. This was an example of exploiting the weakest link in security, namely
>us Humans..:-)
>
>Regards,
>
>--Raju.
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Jim, you might want to escalate this and send the message (with headers,
> >  etc) on to the FBI.gov and DHS.gov sites.  Maybe I'm being paranoid
> > here, but these days, a company like the Bank of America would be an
> > extremely tempting target for terrorists and the like.  If for no other
> > reason than that it contains the name "America" (and Bank) - two of the
> > things that terrorist freaks seem to have a distaste for.  If I'm not
> > mistaken most of the airlines that were used on Sept. 11th were
> > "American" Airlines.  Anyway, the point is that I think that you should
> > forward the information on to DHS.gov / FBI.gov.  In fact, I'd like to
> > request that you do so as a favor for me.
> >
> > Best Regards,
> > CB
> >
> >
> > Jim Philips wrote:
> >
> > |Today I got an e-mail from Bank of America requesting that I go to
> > their |server and log on to online banking. The e-mail provided a link I
> > could use |for calling up the logon page. The problem is that I don't
> > have an account |with Bank of America. The link showed up in the e-mail
> > as https, but  when you
> > |click on it, you get an http page with only an IP address. This is a
> > naked |attempt to fool people into giving up their logins and passwords
> > for online |banking. I called Bank of America and forwarded the e-mail
> > (which was  caught
> > |and flagged by Spamassassin). Apparently, a whole batch of these went
> > out |today about 1 o'clock.
> > |_______________________________________________
> > |Ale mailing list
> > |Ale at ale.org
> > |http://www.ale.org/mailman/listinfo/ale
> > |
> > |
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.1 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQE+wDDSTKCy0t3zQgURAjelAJ9oHgI2icTgVYwMf5R9le39dfTVxwCg28g7
> > yPyQXxsezd3+X5NZRcEDgXI=
> > =MEOB
> > -----END PGP SIGNATURE-----
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
>
>
>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list