«
»

geek

Phishing with Interac

04.17.05 | Comment?

Surprisingly good phishing scam posing as an Interac Money Transfer…

Replacing the string after “pID” in the URL that “Marybeth” sends us results in a seemingly infinite number of laptop payments for $975…. and all you have to do is login to your Online Banking system with your bank. Oddly, any combination of login and password will log you in to your “bank’s” web site… Gosh, I wonder what’s up there?

I tried the link for “I bank with another institution, and I get an error that my session has expired; this message comes from the REAL Interac payment page, and since I didn’t have a session with them, that makes sense. You’d think a phisher would at least put up a form there to ask for banking information… Even the option for French is bogus… I mean, is this guy even trying? First impressions were pretty good, but all you have to do is pay attention. gateway.certapay.com vs. gateway-certapay.com was a nice touch, but no follow-through; lazy crooks.

MARYBETH HEDD has sent you an INTERAC Email Money Transfer.

Amount: $961.00 (CAD)

Sender’s Message: Payment for laptop.

Expiry Date: 2005-04-20

Action Required:
To deposit your money, click here:

http://gateway-certapay.com/RP.do/?pID=Sli6g20jkm8%3D

Trouble with the link? Copy the link and paste it into your web browser address bar. Please make sure all the characters after the “pID=” are present.

Need help?

https://www.certapay.com/ca/oon/en/help

I’m sure that the address information for “Tim Rushlow” below is bogus, but here it is anyhow;

Domain Name: gateway-certapay.com
Registrar: AAAQ.COM
Whois Server: whois.aaaq.com
Referral URL: http://www.aaaq.com
Name Server: a.dns.hostway.net
Name Server: b.dns.hostway.net
Status: ACTIVE
Updated Date 2005-04-11
Creation Date: 2005-04-11
Expiration Date: 2006-04-11

Administrative Contact:
Aubrey Page tim_rushlow@email.com
5207 W. Meadowridge Road

Sherman, TX 75092
US
19038922325 Fax:

Technical Contact:
Administrator DNS administrator@siteprotect.com
1 N State Street
12th Floor
Chicago, IL 60602
US
+1.3122362132 Fax: +1.3122361958

have your say

Add your comment below, or trackback from your own site. Subscribe to these comments.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

:

:


«
»