On Thu, Sep 25, 2003 at 09:49:45AM -0400, Rob Rogers wrote: > On Thu, Sep 25, 2003 at 06:30:32AM -0700, [EMAIL PROTECTED] wrote: > > when you feed a browser the given url, the citibank page comes up. but > > you also get a small page with a form that asks for your bank account > > number and PIN. > [snip] > > my question is -- how is this done? how does this URL: > > > > http://www.citibank.com:[EMAIL PROTECTED]/3/?IYTEw > > 4eVTtbH1w6CpDrT > > > > bring up citibank.com's webpage and then another page with the > > account/PIN grabber? i've never seen anything like this before.
Hit send too soon... the other thing I wanted to bring up is it's not uncommon to see this sort of URL encoded in hex after the part they want you to see. This one was confusing enough, but you'll often also see something like: http://www.citibank.com%2e%61%33%6b%73%64%2e%50%69%53%65%4d%2e%4e%65%54 which unencoded becomes http://www.citibank.com.a3ksd.PiSeM.NeT Just as in the url in your email, most people will see everything up to the first "unusual" character, and won't bother to look any further. By the way, this method of trying to steal personal info by trying to appear as coming from a legitimate company is called phishing. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
