|
Michael Mosbey sent us a link to a website that attempts to scare people into purchasing a credit report. The website, pictured below, reminds the visitor of the relatively recent Epsilon data breach. The goal is to persuade the person into proceeding to another site that is being promoted. This looks like a technique to make money through affiliate marketing. Fraudulent URL: www. financialalertssystem. com/5/t/14.php?engsec=10&target=example.com (don't go there)
To urge the person to act right away, the website uses a bit of JavaScript to dynamically generate the date during which the offer is available. This allows the website to always present the current date, regardless of when the page is accessed. The page is written to assist the attacker in targeting multiple domains. It accepts the targeted organization's name as the "target" parameter. For the screenshot above, we used "example.com", so the page stated "Important Information for Example.com Customers." The page also presents the following (entertaining) disclaimer:
-- Lenny Zeltser Lenny Zeltser leads a security consulting team and teaches how to analyze and combat malware. He is active on Twitter and writes a daily security blog.
|
Lenny 216 Posts May 26th 2011 |
| Thread locked Subscribe |
May 26th 2011 1 decade ago |
|
It's Verisign Secured, says so right there. Of course it must be safe!
|
Anonymous |
| Quote |
May 26th 2011 1 decade ago |
|
also worth noting that it refers to credit score and credit report interchangeably(last sentence and the click button).
|
Anonymous |
| Quote |
May 27th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
