Showing How Rock Phish Works

Started by Thorin, August 13, 2010, 11:18:31 AM

Previous topic - Next topic

Thorin

Follow the link to see a video by a couple of security experts as they show phishing sites that were up and live, even though the root domain appeared to be blocked.

Like the one guy says, people accidentally go to these phishing sites usually by clicking a link in an email.  The link looks legit, so they click it rather than typing the URL in themselves.

http://www.f-secure.com/weblog/archives/Rockphish_Demo.swf

source: http://www.f-secure.com/weblog/archives/00001168.html
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Mr. Analog

I try to tell people to look at the link in the status bar when they hover over links.

Mind you, if I get an e-mail from someone I "trust" then generally I don't check, which is the most dangerous vector and one of the reasons I don't like getting FWD e-mails :)
By Grabthar's Hammer

Lazybones

There has been a surge of phishing attempts on my gmail account.. They keep sending me FAKE WOW cataclysm BETA invites, WOW account reset notices, and StarCaft II / battlenet notices..

SEVERAL have made it into my inbox, just mousing over the links shows the domain is fake but a smart fake like blizzard-accountteam.com or wowaccounts.com etc...

No way you can train typical users well enough to avoid all of these.

Mr. Analog

Quote from: Lazybones on August 13, 2010, 12:21:10 PM
No way you can train typical users well enough to avoid all of these.
That's the truth right there.
By Grabthar's Hammer