Bank of the west notice (sigh)



Well, how long ago was I talking about phishing attacks? Just a few posts back it seems and in my inbox this evening was the above subject line. It’s almost funny, since I don’t actually HAVE an account with Bank of the West, but since I was feeling a bit curious I thought I’d pick it apart, see where it came from and where the site was hosted.

It turns out that if you can view the source of a message you can see the destination of the links contained in that message, so where it had a hyperlink to Bank of the West, in the source was a reference like this http://www.bankofthewest…blahblah So, I took a look at the following address http://sitehostingscam.com/admin/…/BOW/ kind of bypassing their entry page and got a directory listing. I worked my way up and found an IT company in Australia.

My guess is that it’s a php exploit that they’ve fallen victim to, but I don’t know (the admin page appears to be a login for some sort of CMS system.) I sent an email to their webmaster and abuse addresses hoping that someone will see it. I gave the link that the email contained and sent along the phishy message, telling them that their server was being used to host the scam. After exploring a bit more, I came across a directory where their pages had been logging each IP address that requested the page and inside a file for the IP was either account numbers in some cases or abusive comments for the phishers in other cases. (Looks like there are quite a few folks that see it for what it is.)

I sent a second message along to the abuse/webmaster addresses because it appears that there were a few folks that did put in what could be account number information. I have no way of knowing that, but hopefully the IT folks will lock things down in quick order and find the source of the problem.

Related Posts

Blog Traffic Exchange Related Posts
  • NEW exploit for the WMF vulnerability Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was "made by the......
  • AIM worm in the wild There was an article in the last few days about Instant messengers being a tempting new vector for viral infections... Well.... Incidents.org has information on a new AIM worm seen in the wild. It doesn't travel via a security hole, but uses the good old standby of social engineering to......
  • Seller Beware... This is a cautionary tale about bank fraud for anyone that sells things. (online or otherwise). A man sold a car online, the buyer sent a check for several thousand more than the buying price. He claimed it was to cover extra shipping costs and for the seller to just......
Blog Traffic Exchange Related Websites
  • Why Certificates of Deposit Are A Good Idea Today's article is written by guest blogger Jim of Bargaineering. If you've saved up a few dollars and aren't sure if you should put them in the stock market or stick them in your mattress, let me give you another suggestion: put your funds into a certificate of deposit (CD).......
  • Learning How to Finance Your Future Most of us think about retirement and panic. It can be tough trying to figure out how we’re going to survive and plan for our futures when we’re just trying to make ends meet right now. If you’re strapped for cash at the end of every month, chances are you......
  • Online Banks: Real People's Thoughts We had a bad experience with Bank of America for our joint account, so my husband and I decided to switch banks. We first look at the banks where we hold our individual accounts. He uses Wachovia and I use a local credit union. We first look at the......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site