際際滷

際際滷Share a Scribd company logo

Phishing and being phished!

Download as DOCX, PDF
n|u - The Open Security Community
n|u - The Open Security Community

The document describes how the author received a phishing email claiming to be from their bank asking them to update security details. Out of curiosity, they clicked on the link and found it led to a copy of the actual bank website asking for personal information. By inspecting the source code, they discovered the form submitted the details to a gmail address, showing it was a phishing attempt. The author was able to deobfuscate additional details and identify more gmail addresses the scam was sending the stolen information to. The summary warns readers not to provide personal information from such emails.

1 of 4
Phishing and being phished!<br />By webDEViL<br />Early morning I was checking my mail as usual. I get a message from my bank that I need to update because of some new security measures.<br />Well since the mail landed in my inbox and not my spam folder I had to check it out. For fun!<br />I click on Personal (and do remember that I am not going to put in any information in any form).<br />Ok, cool! the site is the same, since the code is a pure copy and paste from the original site. Now, some would fall for this, giving all their info and getting screwed.<br />I wanted to understand how and probably who is doing this. So I use one of my super powers, source code revealing skills. Let us take a look at what is behind this.<br />Initially when we opened the file, the attachment, we are moved to<br />Then after clicking on personal; comes the form. Lets see where the data is going, lets search for action in the html source code.<br />So post.php is being used to submit the data and you are then shown showRegret() ;)<br />What is there in post.php?<br />Ah, your info is being mailed to a gmail address. Oh lord! I would have thought this was more complicated, but hell.<br />But then I realize that are some more things $to, what is that? I decide to have a look at java.js<br />A bit of obfuscation for the $to parameter. Well just add a print command to see what that really is,<br />Print $send = rippychippy@gmail.com<br />Cool, another email address to which the information is being sent. Was the phisher owned, I think so!<br />Anyways, dont fall for such stuff. ;)<br />
Phishing and being phished!
Phishing and being phished!
Phishing and being phished!

More Related Content

Phishing and being phished!

  • 1. Phishing and being phished!<br />By webDEViL<br />Early morning I was checking my mail as usual. I get a message from my bank that I need to update because of some new security measures.<br />Well since the mail landed in my inbox and not my spam folder I had to check it out. For fun!<br />I click on Personal (and do remember that I am not going to put in any information in any form).<br />Ok, cool! the site is the same, since the code is a pure copy and paste from the original site. Now, some would fall for this, giving all their info and getting screwed.<br />I wanted to understand how and probably who is doing this. So I use one of my super powers, source code revealing skills. Let us take a look at what is behind this.<br />Initially when we opened the file, the attachment, we are moved to<br />Then after clicking on personal; comes the form. Lets see where the data is going, lets search for action in the html source code.<br />So post.php is being used to submit the data and you are then shown showRegret() ;)<br />What is there in post.php?<br />Ah, your info is being mailed to a gmail address. Oh lord! I would have thought this was more complicated, but hell.<br />But then I realize that are some more things $to, what is that? I decide to have a look at java.js<br />A bit of obfuscation for the $to parameter. Well just add a print command to see what that really is,<br />Print $send = rippychippy@gmail.com<br />Cool, another email address to which the information is being sent. Was the phisher owned, I think so!<br />Anyways, dont fall for such stuff. ;)<br />