Monday, August 28, 2006

Google Utilized in Phishing Exploits

Maybe the title is a little bit of link bait but it's also accurate as I received a WellsFargo phishing email today with a redirect link through Google.

Some of you may remember how I've complained a time or two about being abused via various Google proxy servers and sure enough they have something else that's vulnerable to being used by abusers.

The link to the phishing site used Google to redirect victims:

http://www.google.com/url?sa=t&ct=res&cd=7
&url=http%3Awebtracpro.valleyvistamortgage.com/wellsfargo/Update.html
How's that for Google's war on anti-phishing?

Yes, I know that's a cheap shot but they really need to fix some vulnerabilities over there and maybe after enough cheap shots someone will pay attention, who knows.

Onward with our phishing expedition!

Here's a screenshot of the email sent by the Wells Fargo "Safehaebor Department" which is amusing that they didn't even bother spell checking their phish but most people are illiterate and wouldn't notice such details.



Here's a screenshot of the actual "Update Sistem" (typo in the title) phishing page itself on the compromised server:



And the form sends the data to some place in The Czech Republic:
http://mailform.cz/
The only amazing part is that I notified the people with the compromised server a couple of hours ago and the phish site is still live as I write this, supposedly after their IT dept. was going to handle it ASAP.

So there you have it, another exciting episode of Gone Phishing.

Until next time...