Poisoning the Lake : comments [A Bug's Life]

Err, don't the fake sites just have their own copies of the images?

Probably they sometimes do. But the majority of the ones I see use the real site for as much as they possibly can - so link throughs, images, anything except the single fraudulent link that they hope won't get noticed.

[link] [parent] [reply]

Some phishes include the privacy policy link because they're having a laugh!

[link] [parent] [reply]

Once you click through, I expect they do, but the HTML emails rely on links to the real site. Or is this the problem, that the bank couldn't tell whether a mail client accessing the image was doing so through an official bank communication or through a phishing email? Meh.

[link] [parent] [reply]

Oh, I see. I tend not to see linked images in emails so that part of the question hadn't occurred to me.

Here's an example of the HTTP request my mailer makes when it does download embedded images:

GET http://www.apple.com/euro/enews/images/spacer.gif HTTP/1.1
Host: www.apple.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.14eol) Gecko/20080724 Thunderbird/1.5.0.14eol
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive

The only thing there that comes from the message is the image URL; a fraudster could just copy that and there'd be no way to tell what the content of the rest of the email was.

[link] [parent] [reply]

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21 1	22	23	24	25	26	27
28	29	30

A Bug's Life

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

September