How do phishers do this?

C.R.E.A.M. · #1 02-23-2006, 10:11 PM

I just received the following e-mail:
[ QUOTE ]
You have added [email protected] as a new email
address for your Chase Manhattan Web account.

If you did not authorize this change or if you need assistance with your
account, please contact Chase Manhattan customer service at:

https://chaseonline.chase.com/chaseo...so_co_home.jsp

Thank you for using Chase!

The Chase Manhattan Bank Team

Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your Chase Manhattan account and choose the "Help"
link in the header of any page.

[/ QUOTE ]

I know this is phishing and I wasn't dumb enough to click it. So then I did "right-click"->"properties" on the link, expecting to see some stupid URL, but it actually directs you to the page "https://chaseonline.chase.com/chaseonline/home/sso_co_home.jsp". Can someone explain to me how the phisher has what looks like a secure web site at a chase.com URL? Just looking at the URL, how would one know it's BS? I'm kind of ignorant on stuff like this.

yasher · #2 02-23-2006, 10:24 PM

That's really neat. You can find out all the info about the scam just by clicking links on the page they sent... but apparently that page is the scam? This is really weird.

I'd like to understand how they do this too.

yasher

Warik · #3 02-23-2006, 10:26 PM

I've changed my opinion.

I'm 100% confident that is a legitimate e-mail.

guids · #4 02-23-2006, 10:28 PM

All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc.

yasher · #5 02-23-2006, 10:30 PM

if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]?

or are these websites just one-shot things, taken down as fast as they get put up?

Warik · #6 02-23-2006, 10:31 PM

[ QUOTE ]
All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc.

[/ QUOTE ]

No... look at the url. chaseonline.chase.com. The main domain name is "chase.com" which is registered to the legitimate Chase Manhattan bank. The "chaseonline" is just a subdomain.

It would be different if it were chase.chaseonline.com or something like that.

Jack of Arcades · #7 02-23-2006, 10:31 PM

[ QUOTE ]
All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc.

[/ QUOTE ]

Considering the chase website links to chaseonline.chase.com, I have to disagree with you

Warik · #8 02-23-2006, 10:32 PM

[ QUOTE ]
if i own www.chase.com, you can set up chaseonline.chase.com and not be infringing on my [censored]?

or are these websites just one-shot things, taken down as fast as they get put up?

[/ QUOTE ]

You can't. The only one who can make chaseonline.chase.com or banana.chase.com is chase.com. You CANNOT register a domain with a "dot" in it.

guids · #9 02-23-2006, 10:32 PM

Well, depends. If you own chase.com, I can set up something like chase.chaseonline.com, I dont know the legalities, of course these theings always get shut down only because they are used for nefarious purposes. I know awhile back there was some rulings on sites like walmart.blowsgoats.com, but I forgot how they came out.

guids · #10 02-23-2006, 10:34 PM

[ QUOTE ]
[ QUOTE ]
All they do, is setup a domain chaseonline.chase.com and then send out a bunch of emails. You can pretty much do this with any variation of chase, or any bank for that matter. Bank.of.america.com, etc.

[/ QUOTE ]

Considering the chase website links to chaseonline.chase.com, I have to disagree with you

[/ QUOTE ]

You think its hard for the phishers to do this: Home of Chase Banks