Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phishers Build Deceptive Links with DNS Wildcards

Posted by ryuzaki0 on from the pointy-pointy-then-annointy dept.

1sockchuck writes "In the continuing evolution of the phisher, the latest scams are crafting deceptive email links that include a bank's URL, but send victims to a phishing spoof site. The phishers are combining wildcard DNS, URL encoding and redirection services to construct the URLs. Netcraft has examples of emails that presented barclays.co.uk in the URL but sent clicks to a spoofed page at a server in Moscow. A DNS cache poisoning attack over the weekend also highlights the potential use of DNS tricks in 'pharming' (phishing using redirection rather than bait emails)."

4 of 245 comments (clear)

  1. Re:Just don't read emails from the bank by log2.0 · · Score: 4, Insightful

    I know for sure that everytime I log into my netbank, it warns me about "Do not give your password to anyone, even us...blah blah blah"

    I think most banks do what you are saying its just that there are so many STUPID people out there who fall for these OBVIOUS (to us at least) scams.

    It is very frustrating that people fall for things like this and those dodgy African "lottery" wins that you didn't even enter.

    --
    Can your karma go above being Excellent?
  2. It takes some evangelizing by erick99 · · Score: 4, Insightful

    I tell anybody who will listen - If you want to log in to your bank, then go to your banks URL yourself, manually, without the aid of a click-thru in an email or another website. Type in yourself. I doubt I am redundant enough but I try. We should be able to get to the point that nobody would ever click on an URL in an email to get to their bank or anything else on the web that has some connection to their money or wealth or whatever.

    --
    http://www.busyweather.com/
  3. Re:Just don't read emails from the bank-Digital Fa by The+Amazing+Fish+Boy · · Score: 5, Insightful

    Hello,

    This is an autmated letter from Bank of America. We need you to confirm your information. Please log in here by copying and pasting the link below:

    http://bankofamerica.com|index.cfm|sid=1 00201952820932.slashdot.org/article.pl?sid=05/03/0 8/0052235&tid=95

    Thank you for your time,
    Bank of America.

  4. Related methods by photon317 · · Score: 4, Insightful


    It would be trivial for the spyware which is rampant on the average user's wintel PC to alter their network settings to point the user at custom DNS servers run by the spyware companies. These could act as dns caching proxies for the most part, but then selectively fail to resolve sites the spyware companies don't want you to see, selectively redirect your queries to the webservers they do want you to see, and in the hands of the nefarious, spoof your bank site too. Until the massive gaping holes in the average user's wintel PC are closed, complex infrastructure exploits are really a waste of time. It's so much easier just to seize their PC and have your way with it.

    --
    11*43+456^2