Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« You've got a fax ... NOT! | Main | Another Round of Tricks »

September 03, 2010

Slop(py), Thief!

Everyone loves a tax refund, but one credit card thief isn't very clever (or good at the English language). He begins by identifying his From: address as 3D Secure, whatever that is. Here's the rest of the message:

Subject: Tax refund notification!

You have get a Tax Refund on your Visa or MasterCard.
Complete the formular, and get your Tax Refund.

(Your Refund Amount Is $620.50)

Complete Formular

The link leads to a highjacked Korean web site, whose BBS icon directory is hosting an HTML page consisting entirely of obfuscated JavaScript. When the script executes upon loading, it replaces itself with an HTML page with nothing more than the following form:

Phony Visa form

If anyone is foolish enough to fill out the form and click the button (instructions call it "Activate Now," but the button is labeled "Confirm Now"), the data is sent to a server program on yet a different Korean web site. Then it's only a matter of time before another crook buys the number and uses it for an online purchase or makes a fake magnetic strip to try out the number on a gas pump.

Posted on September 03, 2010 at 03:37 PM