"PH"BI (FBI) phishing
The good folks over at the Internt Storm Center (ISC) report in their Daily Incident Handler's Diary today:
"PH"BI (FBI) phishing
One contributor submitted information on a hack involving a php flame module ending in a phishing scam. According to the submission he was notified that a co-worker "was looking at a notice claiming to be from the FBI that they were monitoring this range of IP addresses for suspicious activity regarding financial transactions" and sure enough at the end of the phish you were asked "that you re-enter your payment data to help them track the fraudsters." The site was reported to dish up the phish intermittently "as you could hit reload 10 times before it appears again". According to the contributor "The correct URL always appeared unchanged in the browser's address bar, but the content I was looking at was nowhere in the actual documentroot directory for that domain." The contributor asked for some assistance, and any contributor who cares to toss out recommendations on security issues related to "any configuration settings that would disallow modules from being loaded" will be thanked and I'll pass them on to the person who reported this "PH"BI (FBI) phish.
0 Comments:
Post a Comment
<< Home