[Full-disclosure] Analysis: Postbank.nl Phishing Scam

From: Vincent van Scherpenseel (mailinglists_at_vanscherpenseel.nl)
Date: 06/06/05

  • Next message: James Patterson Wicks: "RE: [Full-disclosure] Cisco pix 501 - 5.5 PPTP VPN"
    To: full-disclosure@lists.grok.org.uk
    Date: Mon, 6 Jun 2005 15:48:21 +0200
    
    

    Hi there,

    I've just finished writing a technical analysis on the Postbank.nl phishing
    scam hitting Dutch e-bankers as from last Saturday. This was fortunately
    really big in the Dutch media so the amount of victims may have been limited.

    I found some interesting things in the scam: the victim was redirected 4 times
    (including through Google and MSN) before arriving at his/her final location,
    the use of URL obfuscating to social engineer the user into clicking 'the
    link below' and the inclusion of a stylesheet over a HTTPs connection to
    resemble an authentic bank to Joe Average.

    You can read the analysis at: http://www.syn-ack.org/papers/postbank.html .

    I would love to receive any feedback on it, either positive or negative, as
    long as arguments are supplied.

     - Vincent 'rastakid' van Scherpenseel
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/


  • Next message: James Patterson Wicks: "RE: [Full-disclosure] Cisco pix 501 - 5.5 PPTP VPN"