Mobile Web 2.0: Discover the future of mobile applications
Add Mobile Web 2.0 to any feed reader

Wednesday, July 19, 2006

PayPal Phishing

You thought phishing attacks were losing ground? Not at all! I've just received a phishing message, so I thought I'd check it out.


  1. The message pointed me to the following URL (I intentionally split it here):

    http://rds.yahoo.com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;
    _ylu=X3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3MDMw
    RzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP=113854
    4186/**http%3a//r-h-enterprises.com/.confirm/index.
    php?MfcISAPICommand=SignInFPP

    So much for trusting Yahoo, this looks like an open redirect.

  2. The landing page looks like a "standard" phishing page, imitating Paypal pages by including logos and links. A bit of background check (whois) on r-h-enterprises.com shows nothing suspicious, so the server was probably hacked and a hacker installed the phishing scripts.

  3. And now for the funny part... you can get a listing of the /.confirm directory on the site (there's no index file), and thus you can easily gain access to the "bag of phish" containing email addresses, passwords (are they the passwords for the email accounts? or for paypal? who knows...), and of course card numbers, pins, cvv codes, and the rest of the goodies. The card list is here: (again, a space was added)

    http://r-h-enterprises.com/.con firm/cards.txt

    So the phisher didn't bother to keep it private, they shared it to the entire world.

Conclusions:


  • NEVER enter your card number, PIN, or other sensitive information on any non-SSL enabled site. ALWAYS check the "lock" icon to make sure the SSL certificate is valid.

  • ALWAYS check the URL in the address bar to make sure you are visiting the right website.

  • ALWAYS use Firefox for browsing the web. It is less vulnerable to address bar hijacking attacks, and shows the address on a yellow background whenever you are visiting a secure site.

1 Comments:

At 11:37 PM, July 19, 2006, Blogger Zebra said...

I believe that Firefox 2.0 anti-phishing filters will be very handy.

 

Post a Comment

Links to this post:

Create a Link

<< Home