Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Phone Phishing | Main | Using CAN-SPAM Against Consumers »

September 18, 2006

Scary Stuff

Unfortunately, plenty of legitimate Web sites get hijacked by phishers. The crooks find a way into the system and either set up new accounts or simply create a new subdirectory, in which the lookalike Web site is planted.

Most of the hijacked sites, however, are not places you'd expect high security. They're typically sites set up by small shops or organizations with a passion for their subject matter, but their creators are not security experts.

But today I received a phishing message whose link led to a hijacked site belonging to a Kansas bank. The crook had created a semi-hidden subdirectory (a name beginning with a period, which doesn't show up on default directory listings). The bank offers online banking, as well, but I don't know if that portion of the site has been compromised. More troubling, however, is that they don't seem to think the hijacking is anything worth taking care of anytime soon. Six hours after I reported the situation, the phishing page is still running.

I'm glad I don't have an account there, and I hope you don't either.

Posted on September 18, 2006 at 09:05 PM