Vincent van Scherpenseel
2005-06-06 13:48:21 UTC
Hi there,
I've just finished writing a technical analysis on the Postbank.nl phishing
scam hitting Dutch e-bankers as from last Saturday. This was fortunately
really big in the Dutch media so the amount of victims may have been limited.
I found some interesting things in the scam: the victim was redirected 4 times
(including through Google and MSN) before arriving at his/her final location,
the use of URL obfuscating to social engineer the user into clicking 'the
link below' and the inclusion of a stylesheet over a HTTPs connection to
resemble an authentic bank to Joe Average.
You can read the analysis at: http://www.syn-ack.org/papers/postbank.html .
I would love to receive any feedback on it, either positive or negative, as
long as arguments are supplied.
- Vincent 'rastakid' van Scherpenseel
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I've just finished writing a technical analysis on the Postbank.nl phishing
scam hitting Dutch e-bankers as from last Saturday. This was fortunately
really big in the Dutch media so the amount of victims may have been limited.
I found some interesting things in the scam: the victim was redirected 4 times
(including through Google and MSN) before arriving at his/her final location,
the use of URL obfuscating to social engineer the user into clicking 'the
link below' and the inclusion of a stylesheet over a HTTPs connection to
resemble an authentic bank to Joe Average.
You can read the analysis at: http://www.syn-ack.org/papers/postbank.html .
I would love to receive any feedback on it, either positive or negative, as
long as arguments are supplied.
- Vincent 'rastakid' van Scherpenseel
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/