House o' Shame: Amtrak
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Feb 15 01:21:44 EST 2008
"Perry E. Metzger" <perry at piermont.com> writes:
>Steve Bellovin documents on his blog a recent attempt by Amtrak to teach its
>customers to be phishing victims:
>
>http://www.cs.columbia.edu/~smb/blog/2008-02/2008-02-13.html
>From the blog:
The next problem, though, is that the message asks people to log in by
clicking a link in the message:
Go to Amtrak.com now and update your profile
http://amtrak.bfi0.com/.....
It's not just Amtrak that do that, CapitalOne also send out phishing email
directing users to bfi0.com.
Lesson for phishers: If you want your phish to seem more legit, outsource it
to Bigfoot Interactive, which seems to lead back to Epsilon Agency Services,
who specialise in... well, phishing, but for the good guys. I bet the Russian
Business Network could do it for less though :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list