|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Discovering and Stopping Phishing/Scam Attacks
From: Rainer Duffner (rainer
ultra-secure.de)
Date: Thu Apr 28 2005 - 14:01:33 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dave Greer wrote:
>Here is a scenario -
>
>Victim connects to Fake.com
>Fake.com prompts for username/password
>Fake.com connects to Real.com, enters username/password, recieves Third Field
>Fake.com presents Third Field to Victim
>Victim enters Third Field
>
>That seems like a reasonable scenario
>
>
>
There have already been ebay-fakes that did this.
You couldn't enter fake credentials into their scam-site - it verified
if login/password worked.
cheers,
Rainer
--
===================================================
~ Rainer Duffner - rainerultra-secure.de ~
~ Freising - Munich - Germany ~
~ Unix - Linux - BSD - OpenSource - Security ~
~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~
===================================================
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]