Wednesday, March 22, 2006

Phishing Scams Still Catch Tiddlers


I receieved a number of emails, purportedly from Chase Online today. It was obvious to me that this was a . Since I use Thunderbird as my email client, I could see the URL as I hovered over the link, and yes, it was some third party IP address (129.11.111.203).

(UPDATE (10:09AM): ping -a 129.11.111.203 gives me the server hostname as http://bmbsun12.leeds.ac.uk/. So its hosted on a server at Leeds University in the UK)

Since I was curious, I went to this address (not the full link) and found that the geniuses behind the scam had left the directory services on in their Apache Server. This meant I could see all their files. Including one that gets filled in as idiots actually fall for it.

As of this time (6:30AM) there were four idiots, so if you are a Chase Online customer, check for your user name here:

user: gregregre
ip: 86.123.230.195
------------------------
user: moxu
ip: 172.174.212.99
------------------------
user: 54568384
ip: 207.200.116.5
------------------------
user: PontiacP
ip: 64.12.116.5
------------------------

UPDATE 8:52AM

There are now some more idiots and some people who can see the obvious:

user: trutzlutz
ip: 205.188.116.130
------------------------
user: uncle
ip: 205.188.116.130
------------------------
user: trutzlutz
ip: 205.188.116.130
------------------------
user: BarriLBumgarner
ip: 64.12.116.5
------------------------
user: pathannafan
ip: 152.163.100.5
------------------------
user: WLOPEZ73
ip: 152.163.100.5
------------------------
user: doyouthinkmestupid
pass: faggots
ip: 80.192.1.55
------------------------
user: PhishingIdiots
pass: screwYou
ip: 208.251.94.251
------------------------

Some people have simple single word passowrds (double idiots) and even just 4 numbers, which I bet is there pin.

But there's more. Once you have 'logged in' it requests your social security number and then prompts you to enter your credit card info (for security verification).

I really hope noone is going that far. If they do, they deserve all they get.

Oh, and now (9:16AM) I got another email from the same people, using the same host for an scam.

0 Comments:

Post a Comment

<< Home