Phishing and being phished!

•

0 likes•403 views

The document discusses how the author was targeted by a phishing attempt from their bank asking them to update their security information. Out of curiosity, the author inspected the phishing website source code. They found that the website was an exact copy of the real bank website. Upon further investigation, they discovered that the phishing form submitted users' information to a Gmail address, showing it was a scam to steal people's account details. The author was able to deceive the phishers by inspecting the source code to uncover how the scam operated and where the stolen information was really being sent.

Technology

Phishing and being phished!
By webDEViL

Early morning I was checking my mail as usual. I get a message from my bank that I need to update
because of some new security measures.

Well since the mail landed in my inbox and not my spam folder I had to check it out. For fun!

I click on Personal (and do remember that I am not going to put in any information in any form).

Ok, cool! the site is the same, since the code is a pure copy and paste from the original site. Now, some
would fall for this, giving all their info and getting screwed.

I wanted to understand how and probably who is doing this. So I use one of my super powers, source
code revealing skills. Let us take a look at what is behind this.

Initially when we opened the file, the attachment, we are moved to…

Then after clicking on “personal”; comes the form. Let’s see where the data is going, let’s search for
“action” in the html source code.

So post.php is being used to submit the data and you are then shown “showRegret()” ;)

What is there in post.php?

Ah, your info is being mailed to a gmail address. Oh lord! I would have thought this was more
complicated, but hell.

But then I realize that are some more things “$to”, what is that? I decide to have a look at java.js

A bit of obfuscation for the $to parameter. We’ll just add a print command to see what that really is,

Print $send = rippychippy@gmail.com

Cool, another email address to which the information is being sent. Was the phisher owned, I think so!

Anyways, don’t fall for such stuff. ;)

Viewers also liked

Security Issues in Android Custom Rom - Whitepaper

n|u - The Open Security Community

nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code

n|u - The Open Security Community

An analysis of a facebook spam exploited through browser add-ons - Whitepaper

n|u - The Open Security Community

Cracking Salted Hashes

n|u - The Open Security Community

nullcon 2011 - Penetration Testing a Biometric System

n|u - The Open Security Community

Cracking CTFs - Sysbypass CTF Walkthrough

n|u - The Open Security Community

Club hack 2011 precon ctf walkthrough

n|u - The Open Security Community

Web Application Finger Printing - Methods/Techniques and Prevention

n|u - The Open Security Community

nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation

n|u - The Open Security Community

Project Jugaad

n|u - The Open Security Community

Humla workshop on Android Security Testing by Sai Sathya narayan Venkatraman, MWR Infosecurity This workshop gives you hands on experience in identifying and exploiting the latest categories of vulnerabilities against modern Android applications based on real world examples. You’ll use the latest testing tools to assess, unravel and exploit applications, and learn about vulnerability classes unique to Android. You will learn:- -To analyze applications from an attacker’s perspective. - Basic understanding of the latest attack vectors against Android applications - To perform black box security assessments against real world applications using the latest and widely used tools more info here http://www.meetup.com/Null-Singapore-The-Open-Security-Community/events/229931768/

Humla workshop on Android Security Testing - null Singapore

n|u - The Open Security Community

OSSIM Overview

n|u - The Open Security Community

Legiment Techniques of IDS/IPS Evasion

n|u - The Open Security Community

Identifying XSS Vulnerabilities

n|u - The Open Security Community

Attacking VPN's

n|u - The Open Security Community

Newbytes NullHyd

n|u - The Open Security Community

Viewers also liked (16)

Security Issues in Android Custom Rom - Whitepaper

nullcon 2011 - Reversing MicroSoft patches to reveal vulnerable code

An analysis of a facebook spam exploited through browser add-ons - Whitepaper

Cracking Salted Hashes

nullcon 2011 - Penetration Testing a Biometric System

Cracking CTFs - Sysbypass CTF Walkthrough

Club hack 2011 precon ctf walkthrough

Web Application Finger Printing - Methods/Techniques and Prevention

nullcon 2011 - Automatic Program Analysis using Dynamic Binary Instrumentation

Project Jugaad

Humla workshop on Android Security Testing - null Singapore

OSSIM Overview

Legiment Techniques of IDS/IPS Evasion

Identifying XSS Vulnerabilities

Attacking VPN's

Newbytes NullHyd

Recently uploaded

The Future of Platform Engineering

Jemma Hussein Allen

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

Knowledge engineering: from people to machines and back

Elena Simperl

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!

Elevating Tactical DDD Patterns Through Object Calisthenics

Dorra BARTAGUIZ

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»

QADay

Recently uploaded (20)

The Future of Platform Engineering

UiPath Test Automation using UiPath Test Suite series, part 3

Assuring Contact Center Experiences for Your Customers With ThousandEyes

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

The Art of the Pitch: WordPress Relationships and Sales

"Impact of front-end architecture on development cost", Viktor Turskyi

Knowledge engineering: from people to machines and back

Essentials of Automations: Optimizing FME Workflows with Parameters

When stars align: studies in data quality, knowledge graphs, and machine lear...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

FIDO Alliance Osaka Seminar: Overview.pdf

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Quantum Computing: Current Landscape and the Future Role of APIs

How world-class product teams are winning in the AI era by CEO and Founder, P...

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Elevating Tactical DDD Patterns Through Object Calisthenics

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»

Phishing and being phished!

1. Phishing and being phished! By webDEViL Early morning I was checking my mail as usual. I get a message from my bank that I need to update because of some new security measures. Well since the mail landed in my inbox and not my spam folder I had to check it out. For fun!

2. I click on Personal (and do remember that I am not going to put in any information in any form). Ok, cool! the site is the same, since the code is a pure copy and paste from the original site. Now, some would fall for this, giving all their info and getting screwed. I wanted to understand how and probably who is doing this. So I use one of my super powers, source code revealing skills. Let us take a look at what is behind this.

3. Initially when we opened the file, the attachment, we are moved to… Then after clicking on “personal”; comes the form. Let’s see where the data is going, let’s search for “action” in the html source code. So post.php is being used to submit the data and you are then shown “showRegret()” ;) What is there in post.php? Ah, your info is being mailed to a gmail address. Oh lord! I would have thought this was more complicated, but hell. But then I realize that are some more things “$to”, what is that? I decide to have a look at java.js

4. A bit of obfuscation for the $to parameter. We’ll just add a print command to see what that really is, Print $send = rippychippy@gmail.com Cool, another email address to which the information is being sent. Was the phisher owned, I think so! Anyways, don’t fall for such stuff. ;)

Phishing and being phished!

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (16)

More from n|u - The Open Security Community

More from n|u - The Open Security Community (20)

Recently uploaded

Recently uploaded (20)

Phishing and being phished!