[nsp-sec] Phishing a security list
William Allen Simpson
william.allen.simpson at gmail.com
Wed Oct 28 03:25:59 EDT 2009
They really, really want you to run javascript (I don't by default).
http://adletbest.com/w.php?frm=t
form action="http://adletbest.com/w.php" method="post" onsubmit="return validate()"
AS | IP | AS Name
14778 | 98.136.92.79 | INKTOMI-LAWSON - Inktomi Corporation
-------- Original Message --------
Subject: Dear customer
Date: 27 Oct 2009 23:09:46 -0500
From: Bank of America<service at bofas.com>
To: tech-security at netbsd.org
Dear Bank of America member,
We are sorry to inform you that your Bank of America Online
Account has been suspended. A high number of failed login
attempts have been recorded on your online account. As a security
measure we had to temporarily suspend your account.
To restore your account we have attached a form to this email.
Please download the form and follow the instructions on your
screen.
NOTE: The form needs to be opened in a modern, javascript
enabled, browser (ex: Internet Explorer 8, Firefox 3, Safari 3,
Opera 9).
We apologize for any inconvenience this may have caused.
Sincerely, the Bank of America security team.
© Copyright 2009 Bank of America Financial Group. All rights
reserved.
Bank of America. All rights reserved.
More information about the nsp-security
mailing list