[115155] in cryptography@c2.net mail archive
Re: House o' Shame: Amtrak
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Feb 15 13:46:01 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, perry@piermont.com
In-Reply-To: <87myq3b0nt.fsf@snark.cb.piermont.com>
Date: Fri, 15 Feb 2008 19:21:44 +1300
"Perry E. Metzger" <perry@piermont.com> writes:
>Steve Bellovin documents on his blog a recent attempt by Amtrak to teach its
>customers to be phishing victims:
>
>http://www.cs.columbia.edu/~smb/blog/2008-02/2008-02-13.html
>From the blog:
The next problem, though, is that the message asks people to log in by
clicking a link in the message:
Go to Amtrak.com now and update your profile
http://amtrak.bfi0.com/.....
It's not just Amtrak that do that, CapitalOne also send out phishing email
directing users to bfi0.com.
Lesson for phishers: If you want your phish to seem more legit, outsource it
to Bigfoot Interactive, which seems to lead back to Epsilon Agency Services,
who specialise in... well, phishing, but for the good guys. I bet the Russian
Business Network could do it for less though :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
