Monday, August 28, 2006

Google Utilized in Phishing Exploits

Maybe the title is a little bit of link bait but it's also accurate as I received a WellsFargo phishing email today with a redirect link through Google.

Some of you may remember how I've complained a time or two about being abused via various Google proxy servers and sure enough they have something else that's vulnerable to being used by abusers.

The link to the phishing site used Google to redirect victims:

http://www.google.com/url?sa=t&ct=res&cd=7
&url=http%3Awebtracpro.valleyvistamortgage.com/wellsfargo/Update.html
How's that for Google's war on anti-phishing?

Yes, I know that's a cheap shot but they really need to fix some vulnerabilities over there and maybe after enough cheap shots someone will pay attention, who knows.

Onward with our phishing expedition!

Here's a screenshot of the email sent by the Wells Fargo "Safehaebor Department" which is amusing that they didn't even bother spell checking their phish but most people are illiterate and wouldn't notice such details.



Here's a screenshot of the actual "Update Sistem" (typo in the title) phishing page itself on the compromised server:



And the form sends the data to some place in The Czech Republic:
http://mailform.cz/
The only amazing part is that I notified the people with the compromised server a couple of hours ago and the phish site is still live as I write this, supposedly after their IT dept. was going to handle it ASAP.

So there you have it, another exciting episode of Gone Phishing.

Until next time...

3 comments:

John Andrews SEO said...

Wow. Wells Fargo. The same bank that collects fingerprints from account openers, has cameras *everywhere* in branches including one aimed straight at you as you wait in line with your mug displayed on a 19' LCD panel right in front of you. Let me guess, Security is Job #1? Was that Wells Fargo masthead hotlinked Bill?

WillMacc said...

I get those all the time. I like clicking the link and playing along with their game just to put little messages in the password spot.. :)
eBay, PayPal, Well Fargo, and a ton more... They have gotten a little smarter about their scams though. Now, they cover the url bar with their own fake url bar.

I know ALL the banks I use have their logins nested 3 feet deep from the root on some bogus site or an IP address....
Don't all banks do that????

Anonymous said...

Heh, this was predicted widely when the redirect was publicized.