|
Posted by a_monk on March 16, 2007, 9:09 am
If you were Registered and logged in, you could reply and use other advanced thread options > >Lately I received a number (phishing) mails from a bank asking for
> >confirmation. In the message, there was a URL:
>
> They were not from the bank. They pretended to be from the bank.
>
> >https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F21=IB&F22=...
>
> That was probably a genuine link to Royal Bank of Canada (which owns
> the domain "royalbank.com".
>
> >However, when I moved my mouse pointer to the beginning on the URL, at
> >the bottom of the screen, it showed the following instead.
> >http://163.23.70.201/http/www1.royalbank.com/cgi-bin/rbaccess/F21=IB&...
>
> That was the phish url.
>
> In html, you can use
>
> <A href="http://domain/link/to/follow">Data to display</A>
>
> The scammer sets the link to follow to his domain, but the display
> information to be the actual bank link.
>
> >First of all, the link seems not using SSL (http instead of https).
> >Secondly, when I pinged 163.23.70.201, there was no response.
>
> It's in Taiwan. Maybe it was down, or maybe it was blocking ping.
>
> >I hesitate to click on the https:// link.
>
> It is usually safe as long as you don't enter any data, and don't
> accept any download files. But there isn't any point in clicking
> unless you are investigating the phish.
>
> >Could someone help me understand what is it all about? Any info is
> >much appreciated.
>
> If they can trick you into entering data such as account number and
> network password for your bank account, then they can use that to
> steal money from your account.
Many many thanks for the detailed explanation.
Warmest regards,
A Monk
| 
XML site map