RE: A pretty neat Chase Phish
- From: "Robin" <rminsley@xxxxxxxxxxx>
- Date: Mon, 13 Mar 2006 15:11:18 -0500
Some notable distinctions are:
1. yes, it does say it is an HTTPS address, however,
2. there is no security certificate in the bottom right corner.
3. there is no security certificate information in the properties tab for
this page.
4. the URL does NOT start with www.chase.com
5. the browser even shows the IP rather than Chase.com
6. if you do a whois lookup on the IP at ARIN you'll see its registered in
Latin American/Caribbean registry
7. if you use neotrace pro you'll see that the IP is in Santa Fe De Bogota
8. the are errors on the page.....
Just my two cents..........
Robin Noyes
-----Original Message-----
From: Bob [mailto:Bob@xxxxxxxxx]
Sent: Saturday, March 11, 2006 7:20 PM
To: incidents@xxxxxxxxxxxxxxxxx
Subject: A pretty neat Chase Phish
This in one of the PHISHES I caught yesterday.
It is still active as of this email
It purports to be Chase Bank and wants me to validate my information,
how clever.
But this is a VERY SOPHISTICATED PHISH --- it looks real and even
simulates an HTTPS address
It does appear different in different browsers, looks most authentic in
IE, Firefox looks pretty bad and non-convincing.
http://www.google.com/url?q=http://200.75.49.126/webpai/webpai/images/chase_
com/index.html
- Follow-Ups:
- Re: A pretty neat Chase Phish
- From: Bob
- Re: A pretty neat Chase Phish
- References:
- A pretty neat Chase Phish
- From: Bob
- A pretty neat Chase Phish
- Prev by Date: Re: Scans for telnetd on DNS servers.
- Next by Date: Re: A pretty neat Chase Phish
- Previous by thread: A pretty neat Chase Phish
- Next by thread: Re: A pretty neat Chase Phish
- Index(es):
Relevant Pages
|
