phishing attempt: hey bank, don't help, OK?

Monday, 19 November 2007 04:02 pm
da: (bit)
[personal profile] da
I received a phishing email at work from my bank (TD) which used a url-redirector at THE REAL BANK'S WEBSITE to get to the fake site.

That is: www.tdcanadatrust·com/servlet/infosite.servlet.OutBoundServlet?RequestedPage=phishing·url/urgent_verifying/update.inf

Thunderbird didn't think it was phishing. The destination URL originally went to a copy of the bank's site; two hours later, it was deactivated by the host, and Firefox warns it is a phishing attempt.

The bank hasn't deactivated the redirector. I'm curious how long it will stay active. They should be pretty embarrassed; this isn't rocket-science, and there's no reason you should be able to pull crap like this.
Tags:
  • Add Memory
  • Share This Entry
Threaded | Flat

Date: Monday, 19 November 2007 09:47 pm (UTC)
From: [identity profile] sachmet.livejournal.com
It's hardly even a new attack vector (http://catless.ncl.ac.uk/Risks/23.73.html#subj7).

Idiots.

Date: Monday, 19 November 2007 09:52 pm (UTC)
chezmax: (Default)
From: [personal profile] chezmax
Did you write them, or call them?

Date: Monday, 19 November 2007 09:53 pm (UTC)
chezmax: (Default)
From: [personal profile] chezmax
The redirector appears to be gone now...

Date: Monday, 19 November 2007 10:05 pm (UTC)
From: [identity profile] secretsoflife.livejournal.com
seems to be fixed now.

Date: Monday, 19 November 2007 10:15 pm (UTC)
From: [identity profile] mynatt.livejournal.com
god, that's horrible! what idiots.

Date: Friday, 23 November 2007 10:08 pm (UTC)
From: [identity profile] da-lj.livejournal.com
Latest:


Thank you for contacting TD Canada Trust regarding the recent EasyWeb
security concern. As the person responsible to resolve this matter, I
apologize for the delayed response, however, I want to assure you we take
this matter extremely seriously. We have completed our investigation and
we have dedicated the appropriate resources to resolve it.

At TD Canada Trust, we take security very seriously and work vigilantly to
protect our systems and customer information. The EasyWeb Security
Guarantee is there to assist our customers in the unlikely event account
losses occur as a result of unauthorized online banking activity.

Daniel, thank you again for bringing this matter to our attention. We
value your feedback and appreciate the time you have taken to contact us.
If you have any further questions or concerns, please contact me directly.


Peter Prescott
Manager, Channel Operations
e.Bank, Internet Banking
TD Canada Trust

Date: Monday, 26 November 2007 01:28 am (UTC)
From: [identity profile] secretsoflife.livejournal.com
it's still broken :(

!Hello!

Date: Friday, 22 February 2008 06:57 pm (UTC)
From: (Anonymous)
Good
site.
  • Add Memory
  • Share This Entry
Threaded | Flat

Profile

da: A smiling human with short hair, head tilted a bit to the right. It's black and white with a neutral background. You can't tell if the white in the hair is due to lighting, or maybe it's white hair! (Default)
da
My Webpage

December 2024

S M T W T F S
12 34567
891011121314
15161718192021
22232425262728
293031    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Wednesday, 7 January 2026 04:02 pm
Powered by Dreamwidth Studios