Bruce Garrett Cartoon
The Cartoon Gallery

A Coming Out Story
A Coming Out Story

My Photo Galleries
New and Improved!

Past Web Logs
The Story So Far archives

My Amazon.Com Wish List

My Myspace Profile

Bruce Garrett's Profile
Bruce Garrett's Facebook profile


Blogs I Read!
Alicublog

Wayne Besen

Beyond Ex-Gay
(A Survivor's Community)

Box Turtle Bulletin

Chrome Tuna

Daily Kos

Mike Daisy's Blog

The Disney Blog

Envisioning The American Dream

Eschaton

Ex-Gay Watch

Hullabaloo

Joe. My. God

Peterson Toscano

Progress City USA

Slacktivist

SLOG

Fear the wrath of Sparky!

Wil Wheaton



Gone But Not Forgotten

Howard Cruse Central

The Rittenhouse Review

Steve Gilliard's News Blog

Steve Gilliard's Blogspot Site



Great Cartoon Sites!

Tripping Over You
Tripping Over You

XKCD

Commando Cody Monthly

Scandinavia And The World

Dope Rider

The World Of Kirk Anderson

Ann Telnaes' Cartoon Site

Bors Blog

John K

Penny Arcade




Other News & Commentary

Lead Stories

Amtrak In The Heartland

Corridor Capital

Railway Age

Maryland Weather Blog

Foot's Forecast

All Facts & Opinions

Baltimore Crime

Cursor

HinesSight

Page One Q
(GLBT News)


Michelangelo Signorile

The Smirking Chimp

Talking Points Memo

Truth Wins Out

The Raw Story

Slashdot




International News & Views

BBC

NIS News Bulletin (Dutch)

Mexico Daily

The Local (Sweden)




News & Views from Germany

Spiegel Online

The Local

Deutsche Welle

Young Germany




Fun Stuff

It's not news. It's FARK

Plan 59

Pleasant Family Shopping

Discount Stores of the 60s

Retrospace

Photos of the Forgotten

Boom-Pop!

Comics With Problems

HMK Mystery Streams




Mercedes Love!

Mercedes-Benz USA

Mercedes-Benz TV

Mercedes-Benz Owners Club of America

MBCA - Greater Washington Section

BenzInsider

Mercedes-Benz Blog

BenzWorld Forum

December 10th, 2006

Phishers…

…I’d like to strangle them all.

So I get Yet Another bogus email from Bank of America in my mailbox a little while ago, and as I will do for kicks and grins and laughs, I open it up using the View Source function in my mail client (Mozilla Thunderbird), and look for the deceptive link…

Your primary e-mail address for Bank of America Online Banking has been changed.  Want to confirm this email is from Bank of America? Log in to Online Banking, select Manage Alerts and Alerts History to view all alerts sent from Bank of America. Your Alerts History is updated every 2 hours.

Use the link below to go to you online account:

The email is, naturally, full of all sorts of links to the actual Bank of America website, from which it gets the actual Bank of America logos and such.  But the Manage Your Account link, again naturally, goes elsewhere.  This is how phishers operate.  So just for kicks and grims I go look it up…

…and what I discover is that this particular phisher isn’t operating from some hit and run domain, but from a Belgian Artist’s website, a lady named Nell Dominique apparently, because I can’t read the French her website is written in.  So I dig a little more.  I wget the page the phish mail is linked to…

All that page is, is a simple re-direct to another page.  That other page lives on the website of the Securities Investors Association of Singapore.  So they’ve been hacked too.  And the page the hacker(s) have inserted there seems to be a copy of the actual Bank of America login page.  I can’t tell at a glance where they’ve made their devious little substitutions, but at a quick guess it seems like they’re running some servlets on the SIAS web site they’ve hacked, that substitute for the servlets that would be running on the BOA website, were that the actual BOA website, and not somebody else’s web site.  But that’s just a guess.  I don’t have time to dig that deeply into that code.

So…  Some unsuspecting person opens up this email that seems to have come from their bank.  It says their email has been changed.  They panic and think that someone is trying to break into their online account.  They click the handy link, and get routed to the website of a Belgian artist, then to a Singapore investment website, which serves them up a page that sure looks like it’s the Bank of America web page, except it isn’t.  They enter their account name and password and then (I think, I haven’t really studied the code there carefully), a servlet wakes up and sends that information to God Knows Where.

If anyone reading this knows a little French, can you please tell the poor soul at nelldominique.be that her website has been hacked.  There’s a page, "boa.html" in her html root that she needs to get rid of.  I’ve already notified the folks at SIAS about their little uninvited guest, and I reckon I’ll tell Bank of America what’s going on too, although by now they probably already know.

[Update…] As of December 12 the Phisher link on Nell’s page was gone.  So her web admin either discovered it, or someone clued them in.  Now if the cops could just get their hands on the lout who put it there…

Leave a Reply

Visit The Woodward Class of '72 Reunion Website For Fun And Memories, WoodwardClassOf72.com


What I'm Currently Reading...




What I'm Currently Watching...




What I'm Currently Listening To...




Comic Book I've Read Recently...



web
stats

This page and all original content copyright © 2024 by Bruce Garrett. All rights reserved. Send questions, comments and hysterical outbursts to: bruce@brucegarrett.com

This blog is powered by WordPress and is hosted at Winters Web Works, who also did some custom design work (Thanks!). Some embedded content was created with the help of The Gimp. I proof with Google Chrome on either Windows, Linux or MacOS depending on which machine I happen to be running at the time.