« "Rick Yang" sued by FTC and California | Main | Toxic-blog hype »
April 14, 2005
Phishers exploiting CapitalOne.com bug
What's in your wallet? Phishing scam artists believe they can find out, thanks to a security bug at the Capital One web site.
It's the latest version of an "open re-director" trick that's recently been used to exploit similar weaknesses at Ebay.com and ZDnet.com.
The sneaky technique works like this. A message arrives containing a hyperlink that appears to send recipients to the Capital One site so they can provide their account details. But the link actually uses a redirection feature at CapitalOne.com to whisk users off to a copycat phishing site.
Here's a phishing spam using the trick that showed up earlier this week on a mailing list for the Debian operating system.
For a harmless demonstration, click this URL and it will redirect you from the Capital One site to the FBI web site:
http://www.capitalone.com/redirect.html?dest=http://www.fbi.gov
CapitalOne even uses the re-director on its own login page. (Put your cursor on the orange "login" buttons and watch what URL appears in the browser status bar.)
As we've mentioned before, phishing scammers apparently hope the technique will serve two purposes. First, it will sneak their messages past URL blacklists. Second, it will "social engineer" spam recipients into thinking the message is actually from Capital One.
Posted by brian at April 14, 2005 9:49 AM
Comments
IT GOT ME,TOO
Posted by: JACK at September 25, 2005 3:58 PM
My wife are tired o0f your sending thru the US mail youtr credit card app. Please drop our names from your mailing list,a.s.a.p. We also hate your stupid TV. add. Our poor dog even hides from then. Thank you. James & Virginia Janney 703 Nevad Street Toledo Ohio 43605-2615. J.Janney
Posted by: James & Virginia Janney at October 26, 2005 1:04 PM