HomeHome  CalendarCalendar  FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups  RegisterRegister  Log in  

Share | 
 

 Let's Go Phishing

View previous topic View next topic Go down 
AuthorMessage
_Howard
Admin
avatar

Posts : 7164
Join date : 2013-01-16
Age : 72
Location : California

PostSubject: Let's Go Phishing   Thu Sep 29, 2016 12:23 pm

God damned phishermen. Got a text message from one of them.

Quote :
<Bank name> Online - We have detected suspicious activity on your account. Please log in to restore access :
https:\\t.co\RsoN9YQ3MG
Note: I used the wrong slashes so that the text does not create a link.

The bank that was named is one in which I have parked some money.

I went to their website - on my computer - and everything was fine. They showed no alerts sent to me within the last month.

Naturally, I did not click on the link in the text message. The "t.co" is a Twitter link. I do not have a Twitter account.
The phone number from which the text was sent shows up as belonging to Delish Beauties in Saint Paul, Minnesota.

If they are going to phish, they need better bait.
Back to top Go down
View user profile
_Howard
Admin
avatar

Posts : 7164
Join date : 2013-01-16
Age : 72
Location : California

PostSubject: Re: Let's Go Phishing   Thu Sep 29, 2016 5:17 pm

Just for grins, I fired up the old XP box and tried this url in the browser.
No such page reported by Twitter. So what the hell are they trying to do with giving me an invalid URL?
As the phishing was on an iPhone, I wonder if there's something in Safari that would respond in some way to the address. It did seem kind of odd that there were upper- and lower-case characters in the address; URLs are not case-sensitive.


Back to top Go down
View user profile
richard09

avatar

Posts : 2367
Join date : 2013-01-16

PostSubject: Re: Let's Go Phishing   Thu Sep 29, 2016 7:05 pm

I think I have mentioned that I'm a bridge player. The other day, I sent a link to another player:
https://chrisryall.net/bridge/1nt-complex.htm

He emailed me back to say that the link doesn't work. I said that was strange, because it worked fine for me. He said I've tried it in Chrome and Safari and on my phone, and I get an error message like

404 Not Found
The requested file /bridge/1nt-complex.htm does not exist on this server

but the URL in the address bar is
https://avlinux.treewind.co.uk/bridge/1nt-complex.htm

Something (maybe anti-virus?) is changing the URL and then saying its not found. But the page is there at the real URL, and isn't infected. To make it a little stranger, my buddy says he tried Googing "Chris Ryall bridge", and even trying to access it from the search results he still got the error. I won't see him until Tuesday, to see this behavior with my own eyes.

Have you seen behavior like this?
Back to top Go down
View user profile
NoCoPilot

avatar

Posts : 10806
Join date : 2013-01-16
Age : 63
Location : Seattle

PostSubject: Re: Let's Go Phishing   Thu Sep 29, 2016 7:47 pm

Firefox with NoScript returns an error that the website is set up incorrectly:
Quote :
Your connection is not secure

The owner of chrisryall.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Back to top Go down
View user profile
_Howard
Admin
avatar

Posts : 7164
Join date : 2013-01-16
Age : 72
Location : California

PostSubject: Re: Let's Go Phishing   Fri Sep 30, 2016 8:22 am

That's very strange, Richard.

avlinux is a distro of Debian Linux.

treewind.co.uk is listed as a web hosting site.

How the change got made is perplexing.
Back to top Go down
View user profile
_Howard
Admin
avatar

Posts : 7164
Join date : 2013-01-16
Age : 72
Location : California

PostSubject: Re: Let's Go Phishing   Fri Sep 30, 2016 10:00 am

I did a trace route on https://chrisryall.net. The trace terminated at treewind.co.uk. So it appears that chrisryall.net is hosted by treewind.

If there was a problem with chrisryall.net at the time your friend tried to access it, then the error message was generated by treewind. So the URL of the error message makes sense. As to why your friend could not connect at the time is one of the mysteries of the internet.
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: Let's Go Phishing   

Back to top Go down
 
Let's Go Phishing
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
 :: Topics :: Science & Tech-
Jump to: