Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

A new phishing trick…

March 30th 2006 in Uncategorized

Do you trust a bank that can be hacked like this?
http://www.itnews.com.au/newsstory.aspx?CIaNID=31268


Phishers hacked into three legitimate Florida bank sites, being Capital City Bank, Wakulla Bank and Premier Bank and then planted a script that redirected victims from the real banks’ sites to a phishing site.


We’ve always advised users to type their Bank’s URL into the address and never click on links.  To this I have added always checking the status bar and addressbar (http://www.microsoft.com/windows/ie/community/columns/saferbrowsing.mspx) and using the IE phishing filter, and before that SpoofStick.


The banks says that they detected and resolved the issue “within an hour” but that is beside the point.  I wonder how many customers were affected during that time… then, on top of that, there is the risk of malware, trojans and other hostile activities that may be hosted by the phishing sites. 


High trust sites such as online banking sites simply *must* be as secure as they can be.   On this occasions the systems were running IIS and so far I have found no information about whether a known vulnerability was used to hack into the servers, or something else.


People, be careful, always.  Watch your status bar and watch your address bar (which, in IE7, are both always exposed unless consciously disabled by the user).  Enable IE7’s phishing filter or get the MSN Toolbar if you can’t run IE7 which also includes a phishing filter.  And practice safe hex:

http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx


Comments are closed.

“INTERNET service providers could face massive fines if they do not comply with new rules set down by the communications watchdog.
The Australian Communications and Media Authority (ACMA) today registered the world’s first legislative code of practice for internet and email service providers.
…[U]nder the new code, ISPs will have to offer spam filtering options to subscribers […]

Previous Entry

Between disobedient Excel sheets with a VLOOKUP that didn’t work, and chatting with friends who have been quiet too long I have got little work done… so, if the night is fried anyways, and there’s no way my already-late column will be submitted tonight, let’s go out with a bang….
I’ve subscribed to this site for […]

Next Entry

Archives