Phishers Build Deceptive Links with DNS Wildcards

1sockchuck writes "In the continuing evolution of the phisher, the latest scams are crafting deceptive email links that include a bank's URL, but send victims to a phishing spoof site. The phishers are combining wildcard DNS, URL encoding and redirection services to construct the URLs. Netcraft has examples of emails that presented barclays.co.uk in the URL but sent clicks to a spoofed page at a server in Moscow. A DNS cache poisoning attack over the weekend also highlights the potential use of DNS tricks in 'pharming' (phishing using redirection rather than bait emails)."

Help on the horizon for Windows users!

[EmptyBuffalo]

Wow! Talk about a great opportunity to educate the masses - now we've just gotta pharm the www.microsoft.com/help website to www.slashdot.com!!! ;)

That's it

[Anonymous Crowhead]

Time to scrap this whole "DNS" thing. I don't know what it is, but it sounds dangerous.

Who has money any more?

[bigtallmofo]

After sending all my money to various Nigerian organizations, I wish I had some money for someone to siphon in a phishing scam!

Re:That's it

[ScrewMaster]

It stands for "Defensive Nuclear Strike". What that has to do with the Internet and email fraud I don't know.

Re:FYI:

[EmptyBuffalo]

This I know, but if you try to type _anything_.ORG in Windows you're likely to get a General Protection Fault so they'd have to use the .com derivative (feel the love). The .com was actually intentional, but I didn't explain myself in the post for the sake of comic timing. "www." isn't included in slashdot.org either, but I put it in there too, also for the sake of what I thought most people would consider the joke.

Re:Help on the horizon for Windows users!

[LMCBoy]

Slashdot.org...it's DOT COM!
</homestar>

Re:Help on the horizon for Windows users!

[dedazo]

No, no. Use http://it.slashdot.org/ [slashdot.org] so they can appreciate the subtle graphic prowess of the open source community.

In other news..

[pherthyl]

The recommended solution to this problem is to bypass DNS and type in all IP addresses by hand.

I can sell you attractive hand made table of domain to IP mappings for the top 25 sites on the internet for just $5!

Re:dns? links?

[Hoch]

Did you change your host file to get work done, only to end up memorizing the slashdot ip? Happens to the best of us.

Re:Paypal got it right

[jdreed1024]

That should have said www.<my credit card company>.com. Stupid HTML.

Re:In other news..

[earthbound kid]

The recommended solution to this problem is to bypass DNS and type in all IP addresses by hand.

I can sell you attractive hand made table of domain to IP mappings for the top 25 sites on the internet for just $5!

Oh shoot, I hope IPv6 doesn't catch on soon, or I'll get carpal tunnel for sure.

Re:Phishing? Pharming?

[rob_au]

phucked (v. tr.): To be taken advantage, betrayed, cheated or victimised by a phishing scam.

Re:Its very simple...

[gordon_schumway]

I wonder how that affects https connection. Even if they steal the DNS, they shouldn't be able to get their certificate.

Well, verisign.com could be poisoned, too, you know...

Re:Just don't read emails from the bank-Digital Fa

[rs79]

"How do you tell bad bits of html from good bits?"

Check the evil bit [faqs.org] in the TCP/IP header.

Slashdotting "name" change?

[AndroidCat]

"Looks like our site has been 66.35.250.150'ed!"

Re:Just don't read emails from the bank

[mph]

Advice that doesn't make sense is worse than useless.

Here's the directions from a can of Campbell's Soup from my cupboard:

• 1. Lift tab to rim.
• 2. Pull back slowly.
• Do not use if tab is lifted.

D'oh!