register
-- Home
-- Phishing Archive
-- Report Phishing
-- Events
-- APWG News
-- Resources
-- Membership
-- APWG Member Site
-- Contact Us
-- JOIN THE APWG
 
LATEST NEWS IN THE FIGHT AGAINST PHISHING:		  
 
 
     
     
     
     
 

People's Bank - 'New Mail from People'
15-Nov-2004

Summary
Email title: 'New Mail from People'
Scam target: People's Bank customers
Email format: HTML email
Sender:

support-auto96@people.com
Sender spoofed? Yes
Scam call to action: 'Dear People member.
We ask you to confirm immediately of your parity the account to given e-mail'
Scam goal: Getting victim's debit card information
Call to action format: URL link
Visible link: www.people-onlinebank.net
Called link :

www.people-onlinebank.net
Phish website hosted on : 66.218.79.155
 
E-mail
 
As usual, phishing attempts at fresh target companies, whose customers are less used to this type of scam, are less sophisticated. This is another axample of such a situation:
 
 
The sender is spoofed and the email features a People's Bank logo, but the email itself is not too convincing and even has some misspellings (apart from the unmasked target URL, whick should be the main clue of phishiness here).
 
Web Site
Visible link: www.people-onlinebank.net
Called link :

www.people-onlinebank.net
Phish website hosted on : 66.218.79.155
 
The phish site follows the same style:
 
 

As you can see, there is no login screen whatsoever, the dite directly asks for your information. The phishy URL and the lack of secure session indication (standard procedure in personal data transfer to legitimate institutions) are highlighted above - they are the main technical clues of phishing.

The site uses the 'Luhn's formula' algorhytm to verify the legitimacy of the card numer entered. This is a publicly available algorhytm that is used broadly in e-commerce sites. Its main function is to serve as a first-step verification. The phish uses it to reject random bogus CC numbers - hence implying some credibility. Do not fall for that trick.

Otherwise (if it accepts the number - i.e. it is a real number or a bogus number complying with the Luhn formula) it will throw the following screen at you:

 
 
To recapitulate - the main conclusion that can be drawn from this case is that a broad educational effort on phishing is necessary to be aimed towards the general public. Otherwise, the the phishers will always find an uninformed group of another institution's customers to defraud upon.
 
Phish server WHOIS information:
WHOIS data (for IP 66.218.79.155)

Domain Name.......... people-onlinebank.net
Creation Date........ 2004-11-12
Registration Date.... 2004-11-12
Expiry Date.......... 2005-11-12
Organisation Name.... Toshio Horiba
Organisation Address. 233 N Maclay Ave #403
Organisation Address.
Organisation Address. San Fernando
Organisation Address. 91340
Organisation Address. CA
Organisation Address. UNITED STATES