[Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should NotFollow

Thomson, Ross ross.thomson at capgemini.com
Fri Mar 31 09:17:54 BST 2006 

I have seen one phishing site which did exactly that-

It tried to login to the real site with the credentials you supplied;  if it
returned a successful login, the userid/password was logged. If it returned
a 'access denied' the userid/password was not logged.


________________________________________________
Ross Thomson | Capgemini | Southbank
Anti-Virus Content Management | Outsourcing
Int: 700 3621 | Ext: + 44 (0)870 904 3621
ross.thomson at capgemini.com | www.capgemini.com
95-97 Wandsworth Road, London. SW8 2HG

Join the Collaborative Business Experience
________________________________________________


-----Original Message-----
From: full-disclosure-bounces at lists.grok.org.uk
[mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Jasper
Bryant-Greene
Sent: 31 March 2006 09:11
To: Marcos Agüero
Cc: full-disclosure at lists.grok.org.uk
Subject: Re: [Full-disclosure] [HV-PAPER] Anti-Phishing Tips You Should
NotFollow

Marcos Agüero wrote:
> Michal Zalewski escribió:
>> On Fri, 31 Mar 2006 michaelslists at gmail.com wrote:
>>
>>> If the website then presents you with the "Logon failed" page, you
>>> are possibly on a legitimate website, so you may proceed with
>>> logging in using your correct credentials. If it gets you right
>>> through - it is definitely a phishing attempt.
>> Note to self: design my next phishing website to always display
>> "logon failed".
> Just as most of the phishing sites already do.

Really? I thought they somehow magically knew enough about you to sign you
in properly and display all the correct details ;)

Seriously though, it wouldn't be that hard to forward the POST on to the
real bank website, would it?

--
Jasper Bryant-Greene
General Manager
Album Limited

http://www.album.co.nz/     0800 4 ALBUM
jasper at album.co.nz          021 708 334

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.

Full-Disclosure is hosted and sponsored by Secunia.