Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Another false Citibank e-mail...a new phishing?
From: "Bill Royds" <full-disclosure () royds net>
Date: Sat, 20 Mar 2004 15:03:16 -0500

Phishing mails don't have any need to use the %01 exploit if they can get
gullible people to click on a link in an email message that just has a plain
IP address as this one does.
That IP address has reverse lookup to
218-36-71-193.rev.krline.net
which has whois information
Registrant:
KrLine (KRLINE2-DOM)
   #203, Shinhan bldg, 902-55
   Togok-dong, Kangnamgu
   Seoul 135-270
   KR

   Domain Name: KRLINE.NET

   Administrative Contact, Technical Contact:
      KrLine Internet Service Inc.  (DM3184-ORG)  domain () KRLINE NET
      #203, Shinhan bldg, 802-55
      Seoul, Seoul
      KR
      82-2-3461-3282 fax: 82-2-572-3471

   Record expires on 01-Oct-2006.
   Record created on 01-Oct-1999.
   Database last updated on 20-Mar-2004 14:59:12 EST.

   Domain servers in listed order:

   NS1.KRLINE.NET               211.47.128.1
   NS2.KRLINE.NET               211.47.128.2
========================================

Why do you think Citibank would use an ISP in Korea to check accounts? It is
an obvious phishing expedition.
The only thing new is that is using SSL for the connection to the scamp web
site to allow people to feel that it is somehow secure.


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Elia Florio
Sent: March 20, 2004 2:24 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Another false Citibank e-mail...a new phishing?

I receveid this bad-spoofed-Citibank e-mail,
which points to a PHP page which ask 
for credit card number..........and stole it!!!
Is it the next phishing e-mail ? 

The link points to http://218.36.71.193:443/citi/

It does not use "%01" exploit to show a spoofed-URL in the Explorer bar.

EF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]