How do phishers do this?

[yasher]

Warik, JoA:

This is what has me so confused.

If you click the link, at the top of the page there's a link about scams. If you click the scams link, you can find a screenshot of the ORIGINAL page at chaseonline.chase.com, which is really really weird.

The website blames a "trojan horse virus," for displaying that page, but that's BS; that page is obviously THERE...

So what gives?

Confused,
yasher

[Warik]

[ QUOTE ]
You think its hard for the phishers to do this: <a href="Chase.com" target="_blank">Home of Chase Banks</a>

[/ QUOTE ]

Dude, he looked at the link's properties to compare the actual URL to the displayed URL. They match. This was in the first post.

[yasher]

guids,

You're missing the point. It actually directs you to a website at chaseonline.chase.com. Click the link. What you did is not what they did.

Get it?

yasher

[Sponger.]

Yeah for some reason I totally fell for this at wells fargo about 8 months ago. I filled out a bunch of stuff and then 5 seconds after I hit enter I realized what a retard I was and called up wells and had them change everything for me. yay.

[guids]

[ QUOTE ]
[ QUOTE ]
if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]?

or are these websites just one-shot things, taken down as fast as they get put up?

[/ QUOTE ]

You can't. The only one who can make chaseonline.chase.com or banana.chase.com is chase.com. You CANNOT register a domain with a "dot" in it.

[/ QUOTE ]

ya, this is right, i forgot abotu the dots. you could register chaseonlinesite.com if its not taken...

[guids]

The more i look into this, the more I think that the phishsers are just complete morons, and didnt know the phishing trick.

[Warik]

[ QUOTE ]
If you click the link, at the top of the page there's a link about scams. If you click the scams link, you can find a screenshot of the ORIGINAL page at chaseonline.chase.com, which is really really weird.

[/ QUOTE ]

Wrong. That's not a screenshot of the original page. There are quite a number of differences. Look closely.

That, and another couple of important things:

1) The e-mail does not demand that he enter any information or risk suspension of his account (Chase warns that phishing e-mails usually say "if you don't fill out this info then we will close your account!"

2) The website is a legitimate SECURED SERVER page. Double click on the gold lock icon in the status bar and look at the security certificate. It's a security certificate issued by VeriSign to JPMorgan Chase. VeriSign does not issue these things to phishers... and you cannot fake it.

The e-mail is legit.

[StevieG]

That link does looks completely legit.

It could be a man in the middle attack, where they have you compromised somewhere between your browser and the real site, so that to you it looks like you are making that request, but the network serves up the phisher's site instead. This is a danger with wireless in particular, since it is easy to impersonate a known, insecure network.

There was also an attack last year that used Unicode characters that looked like other characters to make domain names that were different from real ones, but to the reader looked the same. Up to date browsers should be protected from this, but Firefox was vulnerable as late as last year. I looked at this link byte by byte, though, and it looks fine that way, too.

[yasher]

guids,

the more i look at it, the more i think its the exact opposite, and they're actually really, really good.

OP,

do you have an account with Chase?

yasher

[jman220]

[ QUOTE ]
if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]?

or are these websites just one-shot things, taken down as fast as they get put up?

[/ QUOTE ]

Considering the fact that they are using these websites to commit wire fraud and identity theft, I don't think they're too worried about trademark infringement on top of that.