Understanding Phishing Scams…first hand!

Posted by Michael in Friday, September 29th 2006   
Topics: General, Security
Tags: , ,
1,054 views
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

This is my PSA (Public Service Announcement) for the week and it is about something pretty scary…Phishing Scams. Several years ago, I was a victim of identity theft. It was not a pleasant experience but it left me wiser and more cautious. It was done the old fashioned way of swiping some receipts and looking up some account information (local retailer). Now adays, identity theives have become much better in their “art.” I have first hand experience now…but I wasn’t a victim.

So, here is what happened, I received the following email:

Bank of America Phishing email
It looked much more legit than others that I have seen. There were no huge gramatical errors or spelling errors (although the writing was pretty bad). So, I figured that I would check to see if Bank of American had shut down the site yet. To my suprise, they hadn’t! Thus, it became my mission to document this as a warning for others.

So, using Safari (because I have no faith in using Internet Explorer for things like this because of ActiveX installers and such), I went to the site and documented it. It looks identical to the current Bank of America site, and all of the links (with the exception of the login section in the upper left) were valid. Here is what it looked like:

Bank of America Phishing screen #1

Take a look at the url and the domain [http://debitcc.bankofamerica.uo-s.com/secure/ ]. Doing a WHOIS on that domain gets me this:

Registrant:
Marcis Graudins
Rigas iela 9-19
Ligatne, Cesu raj LV-4108
Latvia

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: UO-S.COM
Created on: 22-May-06
Expires on: 22-May-07
Last Updated on: 16-Jun-06

Administrative Contact:
Graudins, Marcis marcis.graudins@gmail.com
Skolas iela 9-19
Ligatne, Cesu raj LV-4108
Latvia
37126261435

Technical Contact:
Graudins, Marcis marcis.graudins@gmail.com
Skolas iela 9-19
Ligatne, Cesu raj LV-4108
Latvia
37126261435

Domain servers in listed order:
DNS2.CHARGERTEK.COM
DNS3.CHARGERTEK.COM

Hmmm. I don’t think that Bank of America is located in LATVIA! So, I went on to put in some fake information in the login screen and got to the screen that captures ALL the critical “identity theft” information. Take a look at this screenshot (click to view):

Bank of America Phishing screen #2

Clicking submit sends all of your confidential information off to the scammer! See success screenshot below:

Bank of America Phishing screen #3

So, I just figured that I would post this so that you know to be sure to never click through links sent in emails but rather go directly through your web browser. Be careful!!! I have reported this to Bank of America…so the site will hopefully be taken down soon.

Start Slide Show with PicLens Lite PicLens

Related Post

Spread the word

Bookmark to delicious

Stumble the post

Add to your technorati favourite

Subscribes to this post

Ping THIS!

3 users responded to this post

Michael said in October 11th, 2006 at 3:59 pm    

It looks like the domain has been taken down! So, one less “danger” out on the web!

Marcis said in December 30th, 2006 at 10:15 am    

Listen, I would like to know what IP was there at the moment. As I am the domain owner I didn’t knew who was using it as at that time I was moving in UK. Any information would be needed as the Domain provider deleted my domain aswell.

Thanks.

Michael said in January 3rd, 2007 at 5:59 pm    

Not sure if the user above is truly the “Marcis” who appeared in the WHOIS…and I’m not too sure I understand the nature of the post. I don’t know what that the IP was when that site was up. If I encounter one again, that is probably a good thing to grab. If your site was highjacked by someone for this phishing scam, I’m sorry to hear that.

1 Pingback & Trackback On This Post
Leave Your Comments Below

« MORE Apple Support madness!!!
Cobras are 4-0! »