|
How do phishers do this?
I just received the following e-mail:
[ QUOTE ] You have added [email protected] as a new email address for your Chase Manhattan Web account. If you did not authorize this change or if you need assistance with your account, please contact Chase Manhattan customer service at: https://chaseonline.chase.com/chaseo...so_co_home.jsp Thank you for using Chase! The Chase Manhattan Bank Team Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Chase Manhattan account and choose the "Help" link in the header of any page. [/ QUOTE ] I know this is phishing and I wasn't dumb enough to click it. So then I did "right-click"->"properties" on the link, expecting to see some stupid URL, but it actually directs you to the page "https://chaseonline.chase.com/chaseonline/home/sso_co_home.jsp". Can someone explain to me how the phisher has what looks like a secure web site at a chase.com URL? Just looking at the URL, how would one know it's BS? I'm kind of ignorant on stuff like this. |
Re: How do phishers do this?
That's really neat. You can find out all the info about the scam just by clicking links on the page they sent... but apparently that page is the scam? This is really weird.
I'd like to understand how they do this too. yasher |
Re: How do phishers do this?
I've changed my opinion.
I'm 100% confident that is a legitimate e-mail. |
Re: How do phishers do this?
All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc.
|
Re: How do phishers do this?
if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]?
or are these websites just one-shot things, taken down as fast as they get put up? |
Re: How do phishers do this?
[ QUOTE ]
All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc. [/ QUOTE ] No... look at the url. chaseonline.chase.com. The main domain name is "chase.com" which is registered to the legitimate Chase Manhattan bank. The "chaseonline" is just a subdomain. It would be different if it were chase.chaseonline.com or something like that. |
Re: How do phishers do this?
[ QUOTE ]
All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc. [/ QUOTE ] Considering the chase website links to chaseonline.chase.com, I have to disagree with you |
Re: How do phishers do this?
[ QUOTE ]
if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]? or are these websites just one-shot things, taken down as fast as they get put up? [/ QUOTE ] You can't. The only one who can make chaseonline.chase.com or banana.chase.com is chase.com. You CANNOT register a domain with a "dot" in it. |
Re: How do phishers do this?
Well, depends. If you own chase.com, I can set up something like chase.chaseonline.com, I dont know the legalities, of course these theings always get shut down only because they are used for nefarious purposes. I know awhile back there was some rulings on sites like walmart.blowsgoats.com, but I forgot how they came out.
|
Re: How do phishers do this?
[ QUOTE ]
[ QUOTE ] All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc. [/ QUOTE ] Considering the chase website links to chaseonline.chase.com, I have to disagree with you [/ QUOTE ] You think its hard for the phishers to do this: Home of Chase Banks |
Re: How do phishers do this?
Warik, JoA:
This is what has me so confused. If you click the link, at the top of the page there's a link about scams. If you click the scams link, you can find a screenshot of the ORIGINAL page at chaseonline.chase.com, which is really really weird. The website blames a "trojan horse virus," for displaying that page, but that's BS; that page is obviously THERE... So what gives? Confused, yasher |
Re: How do phishers do this?
[ QUOTE ]
You think its hard for the phishers to do this: <a href="Chase.com" target="_blank">Home of Chase Banks</a> [/ QUOTE ] Dude, he looked at the link's properties to compare the actual URL to the displayed URL. They match. This was in the first post. |
Re: How do phishers do this?
guids,
You're missing the point. It actually directs you to a website at chaseonline.chase.com. Click the link. What you did is not what they did. Get it? yasher |
Re: How do phishers do this?
Yeah for some reason I totally fell for this at wells fargo about 8 months ago. I filled out a bunch of stuff and then 5 seconds after I hit enter I realized what a retard I was and called up wells and had them change everything for me. yay.
|
Re: How do phishers do this?
[ QUOTE ]
[ QUOTE ] if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]? or are these websites just one-shot things, taken down as fast as they get put up? [/ QUOTE ] You can't. The only one who can make chaseonline.chase.com or banana.chase.com is chase.com. You CANNOT register a domain with a "dot" in it. [/ QUOTE ] ya, this is right, i forgot abotu the dots. you could register chaseonlinesite.com if its not taken... |
Re: How do phishers do this?
The more i look into this, the more I think that the phishsers are just complete morons, and didnt know the phishing trick.
|
Re: How do phishers do this?
[ QUOTE ]
If you click the link, at the top of the page there's a link about scams. If you click the scams link, you can find a screenshot of the ORIGINAL page at chaseonline.chase.com, which is really really weird. [/ QUOTE ] Wrong. That's not a screenshot of the original page. There are quite a number of differences. Look closely. That, and another couple of important things: 1) The e-mail does not demand that he enter any information or risk suspension of his account (Chase warns that phishing e-mails usually say "if you don't fill out this info then we will close your account!" 2) The website is a legitimate SECURED SERVER page. Double click on the gold lock icon in the status bar and look at the security certificate. It's a security certificate issued by VeriSign to JPMorgan Chase. VeriSign does not issue these things to phishers... and you cannot fake it. The e-mail is legit. |
Re: How do phishers do this?
That link does looks completely legit.
It could be a man in the middle attack, where they have you compromised somewhere between your browser and the real site, so that to you it looks like you are making that request, but the network serves up the phisher's site instead. This is a danger with wireless in particular, since it is easy to impersonate a known, insecure network. There was also an attack last year that used Unicode characters that looked like other characters to make domain names that were different from real ones, but to the reader looked the same. Up to date browsers should be protected from this, but Firefox was vulnerable as late as last year. I looked at this link byte by byte, though, and it looks fine that way, too. |
Re: How do phishers do this?
http://img162.imageshack.us/img162/8098/lol3zu.jpg
guids, the more i look at it, the more i think its the exact opposite, and they're actually really, really good. OP, do you have an account with Chase? yasher |
Re: How do phishers do this?
[ QUOTE ]
if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]? or are these websites just one-shot things, taken down as fast as they get put up? [/ QUOTE ] Considering the fact that they are using these websites to commit wire fraud and identity theft, I don't think they're too worried about trademark infringement on top of that. |
Re: How do phishers do this?
No, they arent really really good. this is the legit site. It looks like they sent you an email out, and [censored] the url spoofing up. Its either they messed the email up or, this email is actually from chase.
|
Re: How do phishers do this?
jman,
my question was more about the ability to register the website with the people who make websites = IP addresses. domain name servers or whatever. ya know what im sayin? warik, well i agree that there are "quite a number of differences," but there are a shitload of similarities as well, which would lead me to be suspicious before i was trusting. that being said, i think your research is solid and the page is legit. yasher |
Re: How do phishers do this?
I think the best thing for OP to do here is to login to his Chase account via the www.chase.com site and see if "[email protected]" was really added as his new e-mail account.
|
Re: How do phishers do this?
All I know is that I don't even really use Paypal, but I've got to have 500+ email addresses listed on that bad boy.
|
Re: How do phishers do this?
[ QUOTE ]
jman, my question was more about the ability to register the website with the people who make websites = IP addresses. domain name servers or whatever. ya know what im sayin? warik, well i agree that there are "quite a number of differences," but there are a shitload of similarities as well, which would lead me to be suspicious before i was trusting. that being said, i think your research is solid and the page is legit. yasher [/ QUOTE ] Yasher, I doubt many of the domain registries police registration requests actively to prevent possibly infringing names. This is why it is a frequently litigated area for copyright and trademark infringement cases. |
Re: How do phishers do this?
[ QUOTE ]
well i agree that there are "quite a number of differences," but there are a shitload of similarities as well, which would lead me to be suspicious before i was trusting. [/ QUOTE ] Understood, but I could make an exact 100% clone of the actual chase.chaseonline.com site in 15 minutes and that wouldn't prove anything... well, except maybe the blatant retardation of a phisher who can't do the same to reduce the likelihood of suspicion. I'd be suspicious initially as well, usually because when I changed my e-mail with AMEX all they asked me to do was click on a link and not enter any personal info or login/pw. |
Re: How do phishers do this?
[ QUOTE ]
I think the best thing for OP to do here is to login to his Chase account via the www.chase.com site and see if "[email protected]" was really added as his new e-mail account. [/ QUOTE ] Ya, he wasnt. I was doing some reasearch, typed the email into google groups, and it is a phisher. I think you may have either messed the links up, or the phisher didnt spoof it right. Google groups posting |
Re: How do phishers do this?
[ QUOTE ]
No, they arent really really good. this is the legit site. It looks like they sent you an email out, and [censored] the url spoofing up. Its either they messed the email up or, this email is actually from chase. [/ QUOTE ]That's what it is. You should log on to your chase account normally (not following their link) and make sure that email address isn't actually added to your account. |
Re: How do phishers do this?
ok another thing these bastards can do is use non standard alphabetic characters that display on most people's computers as a character for the roman alphabet. for example instead of chase.com they register chàse.com and in the links maybe you don't tell the difference and with some characters/fonts it's very hard to tell, but if you click the link it goes to chàse.com which is a scam.
so to be extra special safe do two things - don't click the link, type the address of the web site and find your stuff from there - when you fill in this info there should always be a closed lock on your browser showing that it's secure, make sure it is, and you can click on it to view the security certificate, this isn't 100% because they can create some shill company called chase and get the cert, but if it says "r.j.'s exotic services" you'll at least know better |
Re: How do phishers do this?
This is a legitimate email and a legitimate site. asdfsdfiuyhsdjfh.chase.com is still owned and can only be accessed by chase.com. Now if it's chase.chasebank.com or something like that, then it's fake. Understand?
Edit: ok maybe not a legitmate email. Often these phisher emails will have genuine links in them to seem more authentic. Sounds like this one forgot the scam part. |
Re: How do phishers do this?
One sneaky thing I have seen them do is turn off your address bar using javascript, then have an image at the top of the page that looks EXACTLY like an IE address bar, with the correct address of course. Very very sneaky. And very obvious in Firefox.
|
Re: How do phishers do this?
yeah, IDN addresses. this one is legit though. it's very obvious if you try to change the font.
|
Re: How do phishers do this?
All,
I do have a chase account, but it is with a different e-mail account. I signed in to my account through www.chase.com and this e-mail was NOT added to my account. I was scared that it was a legit email until I put williams_farder into google and found some links indicating it's a phisher, including this This phisher is either really really smart or really really dumb. |
Re: How do phishers do this?
[ QUOTE ]
I know this is phishing and I wasn't dumb enough to click it. So then I did "right-click"->"properties" on the link, expecting to see some stupid URL, but it actually directs you to the page "https://chaseonline.chase.com/chaseonline/home/sso_co_home.jsp". Can someone explain to me how the phisher has what looks like a secure web site at a chase.com [/ QUOTE ] Would you mind very much to post ACTIVE links of every suspicious email you get. This way you can share the viri, keyloggers, spyware, and crap with anyone who is not as bright as you Skippy |
Re: How do phishers do this?
Here's another email I got from the exact same email address ([email protected]), on the same day, a whole 3 minutes after I got the first e-mail about williams_farder!
[ QUOTE ] Dear Chase Manhattan's Bank Client, This is your official notification from Chase Manhattan Bank that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous notifications have been sent to the Billing Contact assigned to this account. As the Primary Contact, you must renew the service(s) listed below or it will be deactivated and deleted SERVICE: Chase Manhattan Bank Online Banking MasterCard® SecureCode™ EXPIRATION: Feb 9 2006 https://chaseonline.chase.com/chaseo...so_co_home.jsp Sincerely, Chase Manhattan Bank Account Review Department. ================================================== ============== IMPORTANT CUSTOMER SUPPORT INFORMATION ================================================== ============== Need help? Use "Site Helper" or call customer service at 1.800.788.7000. Please do not "Reply" to this Alert. ©2005 Chase Manhattan Bank Financial Group. All rights reserved. [/ QUOTE ] The link in this email also goes to the chase.com web site, exactly how it says. This is definitely NOT from chase, but I'm still not sure if this guy can gather your information from that link, or if he is just an idiot who screwed up. |
Re: How do phishers do this?
Maybe he's setting you up to trust these emails, then he's gonna slip a fast one on you in a week by changing the URL just a teeny bit.
|
Re: How do phishers do this?
[ QUOTE ]
jman, my question was more about the ability to register the website with the people who make websites = IP addresses. domain name servers or whatever. ya know what im sayin? warik, well i agree that there are "quite a number of differences," but there are a shitload of similarities as well, which would lead me to be suspicious before i was trusting. that being said, i think your research is solid and the page is legit. yasher [/ QUOTE ] Ok Hopefully I can help you all here. Firstly, if you ever get a bank email, um CALL THE BANK, I once was called because someone "stole my credit card" I didnt believe it I ran them through a ringer, sure enough my CC was stolen (number anyway) but you always verify. Your computer Questions: If you own or register a domain name like www.youradumbass.com you have control over this. You tell the DNS holders (usually the registrar for smaller stuff) where you want people to go (the IP) and they post it and the worlds DNS servers now say "Ok www.youradumbass.com goes to 127.0.0.1) The only way to change where this points is to change it on the DNS server where its hosted. Or to take over the DNS hosting for the site which would mean you have to be a registrar (which is almost impossible to be) Here read this DNS explained Simply a hacker can't take over the case domain name easily. So Whats going on here? info on the trojan Edit to add this: you can also check the email it self and where it came, verify the , all email has a route it goes through make sure it came from a chase server. It's in the email properties |
Re: How do phishers do this?
More than likily they are exploiting a Cross Site Scripting Vulnernablity in chase.com.
Google Cross Site Scripting or XSS for more info... |
Re: How do phishers do this?
[email protected]
Underscores aren't legitimate characters in Gmail account names. Other than that I have no opinion. |
Re: How do phishers do this?
[ QUOTE ]
[email protected] Underscores aren't legitimate characters in Gmail account names. Other than that I have no opinion. [/ QUOTE ] I guess your not so useless after all |
| All times are GMT -4. The time now is 12:04 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.