Avery Buffington wrote: > Odd First Bank Texas phish at > http://62.249.212.252/nwm_files/secure/www.firstbanktexas.com/secure.fun > dsxpress.com/start/FBATX/index.htm > > The odd part is that filling in the bogus login form results in a > javascript popup with a silly message of "Browser Error #2364: Resubmit > Http Post". Once you acknowledge the popup you are redirected to the > banks real login page: > > <s c r i p t> > > alert("Browser Error #2364: Resubmit Http Post") > top.location='https://secure.fundsxpress.com/start/FBATX' > </s c r i p t>
Whilst now not that common, this was an early "trick" scammers once used heavily to add "apparent authenticity" to their scam sites. Coupled with (then current) vulnerabilities/weaknesses in IE that allowed the Address field in the browser to be faked there was little "ordinary users" could be expected to recognize as bogus, beyond the "obvious" (to us) that their bank, etc should not be making such a request via Email in the first place. Regards, Nick FitzGerald _______________________________________________ phishing mailing list [email protected] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
