Phishing

  • UserId: 1
  • Title: Phishing
  • Url: phishing
  • Summary: Phishing
  • Search:
  • DateCreated:
  • DateModified:
  • Published: 1
  • Pageable: 1

I feel like Sherlock after doing all this - at least I know I've got something to fall back on if computers fade away...

logo

I received an e-mail a day or two ago, which was supposedly from Chase, who after some research on my behalf, appear to be an online bank based in the US. Instantly I smelt a rat, well maybe a fart if I'd let one rip - I don't bank with Chase. And so my investigation began...

First up, we have source A, the original e-mail received from 'Chase'. As you can see, I've added some pink brush strokes in Photoshop to highlight the 'dodgy' areas:

* UID - which probably stands for Unique Identifier, or useless idiot details. I don't have a UID for Chase, in fact I've never heard of them.

* Customer - nope. Again, not me.

* Locked - I never use it, so do I care if you've locked my imaginary account? No.

* Account - I don't friggin' have one!

* jmorlan@ccsf.org - strange. I could have sworn your domain was completely different to that.

So, with source A analysed, I moved onto source B - the official chase site.

Looks very professional, and the logo matches the e-mail. Maybe they got me mixed up with someone else?

That's where source C kicks in. Their 'login' page, which was linked to within the e-mail (twice!) doesn't look at all like their website. Maybe they hired a different webmaster for that particular day? Hardly.

They've been quite clever with it all though, as the links on the login page take you to Chase's own web-pages. But to top it all off, we have source D.

This gave it away totally. To the unsuspecting victims, the address looks legit. But to the more observant out there, you'll notice that it is in fact a sub-domain called 'chaseonline.chase.com' on the domain 'jpchase-respond.com'. Odd - I thought they were chase.com???

With the new lead in hand, I pointed my browser at whois where I discovered source E.

Looking through the results, it's plain to see that Terri Galloway owns the domain, and he doesn't appear to be linked in anyway to Chase themselves.

If you're bored, send Terri an e-mail by click here. Tell him he should get a real job.

And that, readers, is how you tell if an e-mail from a bank is legitmate or not. Chase are combatting fraud, more information can be found here.

If the FBI wish to employ me, then hit Contact on the sidebar to the right, where you'll find a few e-mail addresses that I regularly use.

Categories that this Post has been filed under

  • Web - The Web, XHTML/CSS/ASP/.NET/SQL/PHP etc.

Tags that this Post has been tagged with

Comments

i sent him a email.

"Your a dick."

Adamskiiweweee


Any suppposed bank email is total shite, delete it. No-one would contact you seriously by email. If people are daft enough to reply to that well then....hmm ££££ has just appeared above my head....Im off to make an email.

Adamskiiweweee


Hmm, maybe that should have been; you're a dick. oh well he is american, what does he know.

Adamskiiweweee


we get lots of people who come into the bank with emails printed off that are from 'hsbc' and the spelling is bad and it is so obvious they are fake. luckily our customers are not stupid and bring the emails in to forward on to our fraud team.

queenofthecarebears


It's very easy to pull off it seems. Just the banks are lucky that the stupid fools who create the phishing scams are from the Middle-East somewhere, and thus their spelling isn't great...

On a side-note - I was reading through my web-hosts' forum yesterday, to find that a number of sites/accounts that they host had been hacked. All the hacked pages had messages along the line of "down with Israel and America". It's a bit childish to unleash their anger on unsuspecting victims via the web... It's probably a motive behind the Phishing scams - in which case, Mr Bush is to blame.

(I would have put G***** Bush, but I reckon the FBI are running searches 24/7 on the 'net for Bush material. I wonder how many muffs they get???)

Matt


how do you know if they have been hacked? have i been hacked?

queenofthecarebears


They 'hack' into your website, via a loop-hole in security usually. They then proceed to alter content or code on your site. You then see this altered content/code and thus you realise you've been hacked. Simple.

Matt


Add a Comment