Skip to content

Tag: Phishing

Chrome worries

Posted in Software

I, like many others, have been playing around with the Chrome browser for a couple of days now and I feel there is one element of the browser that needs to be addressed to avoid possible future issues.

For those that haven't used the browser yet, there is a feature in Chrome that allows you to add shortcuts to your Desktop/start menu/quick launch bar. It's a nice way to add links to applications and favourite websites into your operating system desktop.

It all sound rather good and looks great when you click these shortcuts it pops up a Chrome browser window and displays your stored favourite. The only problem is the window that appears is stripped of all interface tools including the URL “omni” bar.

Not a problem you may think, but considering that continual phishing attempts occur on a frequent basis, is this shortcut a path to dangerous destinations?
The Chrome browse will highlight the main website of a url when used in full mode, but this feature isn't even visable if opened from a shortcut, plus there appears to be no way to force it to appear.

Now the shortcuts that are added are effectively only application shortcuts that open a browser window:

Example:
“chrome.exe” –app=http://www.mybank.com/

With increasingly more creative cyber-villains around at the moment, is there a chance that a nasty virus could alter this shortcut, pointing it at a lovely bank clone website?
Or even worse call home for a continually changing phishing website URL making them harder to track, block and blacklist.

To further add to the problem there is no indicator on these shortcut browser windows to show you are on a website that is encrypted!

The lack of a url (omni) bar and an encryption indicator means there is no way of telling if you are infact pointing at a real or fake website.

Hopefully these issues will be squashed as the Beta moves forward, but it's certainly one to ensure gets fixed.

Gone Phishing

Posted in General

I receive a number of spam emails per day (around 7 – 10), thankfully SpamAssasin flags nearly all (96%) of these messages, so I rarely have to see them. As I was expecting an email this morning I took a quick look at my Junk folder in Thunderbird, just to ensure that the email hadn't been marked as spam. There was no sign of it.

I quickly scanned the messages sitting in that isolated folder to see what type of crap was being filtered on a daily basis. Any Phishing attempts that I receive, I tend to attach to an email to the Anti-Phishing working group. But today I'm honoured I find the worst crafted Phishing email that I have seen in a long time.
It read as follows:

[blockquote]Subject: HSBC – WARNING
Date: Fri, 2 Nov 2007 13:20:35 -0400
From: HSBC

Dear valued Halifax® member: Due to concerns, for the safety and integrity of the Halifax
account we have issued this warning message.

It has come to our attention that your Halifax® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website.

If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension.
Please update your records on or before janvier 16, 2007.

Once you have updated your account records your Halifax account service will not be interrupted and will continue as normal.
To update your Halifax® records click on the following link:
http://www.halifax.co.uk/
Thank You. Halifax® UPDATE TEAM[/blockquote]

First point, as any person of moderate intelligence can see, is the use of 1 company in the title and a different company in body of the message.

Secondly is the 'Dear valued Halifax member', firstly it would be customer and secondly since I'm a great 'member' how have they managed to forget my name? No attempt to butcher my email address for a name to use, very poor.

The hyperlink to update you records wasn't hidden or manipulated to appear like a correct address, nope, it just pointed at some page over at www.swindon-speedway.co.uk.

And in last place is the French word for January that's been so wonderfully added into the template.