On Monday 05 July 2004 12:15, Feher Tamas might have typed: > <b>Dear Citibank Customer</b>, > <p> We recently noticed one or more attempts to log in to > your Citibank<br=
> <p><i>The login attempt was made from:<br> > IP address: 173.97.087.24<br> > ISP Host: cache-89.proxyserver.cis.com</i></p> > <p> By now, we used many techniques to verify the accuracy > whom you are dealing with. The system is called CitiSafe > and it's<br> > the most secure Citibank wallet so far.</p> That's a pretty nice bit of dumb-user engineering. Couple of spelling mistakes in the actual phishing pages (wget + less = wonderful), but otherwise quite well crafted. I'd swear I even see a browser URL overlay or similar to give the impression of a different site to the real one. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
