phishing database

Discussion in 'Community' started by 3rdpath, Oct 17, 2004.

  1. 3rdpath macrumors 68000

    3rdpath

    Joined:
    Jan 7, 2002
    Location:
    2nd star on the right and straight till morning
    #1
    since i've seen a number of threads dealing with phishing scams, i thought it might be a nice community service to start a phish database to post all the scam e-mails and info requests we receive.

    this is a citibank one i recently received. the web site is actually pretty realistic with a number of forwards to the real site.

    citibank scam

    compare to the real citibank site:authentic citibank

    if the mods feel this is redundant or unneccesary, please delete.
     
  2. Blackheart macrumors 6502a

    Blackheart

    Joined:
    Mar 13, 2004
    Location:
    Seattle
    #2
    Are you sure that's a scam? That web address is the same as citibank's login web address
     
  3. agreenster macrumors 68000

    agreenster

    Joined:
    Dec 6, 2001
    Location:
    Walt Disney Animation Studios
    #3
    My guess is the https: at the beginning of the address...

    It's supposed to be http:

    Sneaky bastards
     
  4. wrc fan macrumors 65816

    wrc fan

    Joined:
    Jan 19, 2003
    Location:
    In a world where LPs are made like pancakes
    #4
    Hopefully you're joking, cause https just means it's secure (as in encrypted) so other's can't sniff it while it's in transit.
     
  5. angelneo macrumors 68000

    Joined:
    Jun 13, 2004
    Location:
    afk
    #5
    I think they are linked to different ip address. Not sure how they did it. Do they still belong to the same domain? Anyone can enlighten me?
     
  6. wrc fan macrumors 65816

    wrc fan

    Joined:
    Jan 19, 2003
    Location:
    In a world where LPs are made like pancakes
    #6
    They might have hacked into citibank's dns records
     
  7. RandomDeadHead macrumors 6502

    Joined:
    Feb 8, 2003
    Location:
    fennario
    #7
    Was I the only person who thought this was going to be about music?
     
  8. pseudobrit macrumors 68040

    pseudobrit

    Joined:
    Jul 23, 2002
    Location:
    Jobs' Spare Liver Jar
    #8
    It's spoofed using a javascript redirect.
     
  9. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #9
    That is not a spoof. The top level domain of both is citibank.com, web.da-us.citibank.com is just the secure server (hense https) address that handles internet banking or whatever.

    See for yourself, go to citibank.com, and from the "Sign on" drop down on the right hand side select "Bank Accounts", it takes you to their secure login page hosted on their secure server - web.da-us.citibank.com.

    It's also VeriSign certified.
     
  10. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #10
    It seems legit to me.

    Of course, we could do a scientific test. Anybody want to volunteer to enter their account information and credit card number and see if unauthorized charges appear the next day?
     
  11. iMeowbot macrumors G3

    iMeowbot

    Joined:
    Aug 30, 2003
    #11
    There is a bit if a flaw in Mail.app, it doesn't show you the real URL you might be clicking in its status bar or elsewhere, so that it is easy to produce deceptive links like http://www.apple.com/macosx/tiger/. It's important to look at the raw source (or Ctrl-click and copy link to clipboard) to see what the real link is.
     
  12. comictimes macrumors 6502a

    comictimes

    Joined:
    Jun 20, 2004
    Location:
    Berkeley, California
    #12
    Don't worry, you aren't alone. Boy do I feel silly...
     
  13. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #13
    If I had an account I would be perfectly happy to do so, there's nothing wrong with it what-so-ever.
     
  14. angelneo macrumors 68000

    Joined:
    Jun 13, 2004
    Location:
    afk
    #14
    Alternatively, we could just contact citibank with the url.
    Anyone free to send an email to citibank?
     
  15. radhak macrumors regular

    Joined:
    Aug 28, 2003
    Location:
    NJ, USA
    #15
    ebay phish

    The most recent I received form eBay was pretty impressive. I have pasted it below, but the original was better with the accompanying logo et al.
    instant give-away : any password works!
    =================

    Hello eBay User, place or change your account information on file
    warning eBay needs a correct information from you.
    eBay requires correct credit card information in full each month on accounts with balances of $1.00 or greater and if your account becomes past due. We are unable to verify or authenticate your credit/debit card information on file with us. You have been pre-indefinitely suspended from eBay because credit cards information incorrect (credit card number, pin, expdate or cvv2 code). If you feel you have been suspended in error or want to appeal this decision by providing additional information, we offer you the ability to place or change the information you submit to us.

    Important: In order to continue buying and selling, you must have a valid account information on file at eBay. Please update information in your eBay account now by click here and entering the new information yourself in your account. Or click to this link below :

    http://tiengxua.com/aw-cgi/login.ph...editCard&siteid=0SignIn&ssPageName=h:h:sin:US

    Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us. Due to the suspension of this account, please be advised you are prohibited from using eBay in any way. This includes the registering of a new account.

    An email regarding this was sent to you at myemail.

    Regards,

    eBay SafeHarbor Teamclick here click here
     
  16. Abstract macrumors Penryn

    Abstract

    Joined:
    Dec 27, 2002
    Location:
    Location Location Location
    #16
    Yeah, I thought there was going to be a download site for some of their music. If I thought any of their music was as great, I would have been upset!
     
  17. Gee macrumors 65816

    Joined:
    Feb 27, 2004
    Location:
    London, UK
    #17
    Hmmm. I had one of those emails as well, and I don't have a Citibank account. So either Citibank, the real, legit bank, have lost their customer database and are just randomly emailing people on the off-chance they may have an account, or it's a scam.
     
  18. GeckoHD macrumors member

    Joined:
    Jul 14, 2004
  19. 3rdpath thread starter macrumors 68000

    3rdpath

    Joined:
    Jan 7, 2002
    Location:
    2nd star on the right and straight till morning
    #19
    re:citibank

    i checked with citibank when i first received "their" email and they confirmed that it wasn't real.

    two things in the original notice seemed strange:

    1) the notice said they would suspend my card if i didn't respond in "the nearest time"....( whatever the heck that means ).

    2) there was an incorrectly structured sentence that didn't read quite right. it reminded me of all those junk emails about the inherited millions in africa or wherever...


    all i can go by is what citibank says.

    carry on...
     
  20. Gee macrumors 65816

    Joined:
    Feb 27, 2004
    Location:
    London, UK
    #20
    The URL may or may not be real. The email is still a scam....
     
  21. pseudobrit macrumors 68040

    pseudobrit

    Joined:
    Jul 23, 2002
    Location:
    Jobs' Spare Liver Jar
    #21
    Are you sure about that?

    I wouldn't click through on that e-mail, regardless of what the address bar was telling me.
     
  22. 3rdpath thread starter macrumors 68000

    3rdpath

    Joined:
    Jan 7, 2002
    Location:
    2nd star on the right and straight till morning
    #22
    nice links pseudo! mystery solved.
     
  23. Doctor Q Administrator

    Doctor Q

    Staff Member

    Joined:
    Sep 19, 2002
    Location:
    Los Angeles
    #23
    That fake-URL bar trick is so clever that they deserve all of your money!
     
  24. Abstract macrumors Penryn

    Abstract

    Joined:
    Dec 27, 2002
    Location:
    Location Location Location
    #24
    Okay, so it's a scam. However, the email sounds so dodgy that I wouldn't do it anyway.
     
  25. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #25
    How little I knew :eek: :eek: :eek: :eek: :eek: :eek: :eek:
     

Share This Page