VPNの脆弱性に関する不安が広がっています。ZPAの60日間無料トライアルを利用して、VPNからの移行のメリットをお確かめください。

Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
セキュリティリサーチ

Amusing Craigslist Phishing

image
JULIEN SOBRIER
8月 17, 2011 - 2 分で読了
The best way to double check that the page you are visiting is a legitimate page and not a phishing site, is to verify the domain name in the address bar (obviously, this does not work in case of DNS hijacking). Phishers have used a variety of techniques to make the URL look legitimate, like using http://login:[email protected] with a login name that looks like a legitimate domain.

I was amused when I saw a Craigslist phishing campaign last Friday. The phishing page ironically warns users about fake Craigslist pages. It tells people to always double check the URL before entering their credentials.
 
Image
Craigslist phishing page claims to educate users on ... phishing sites!

If you didn't notice on the screenshot (click on the image to see it in its original size), the phishing page tells users to check the domain name at the end of the URL instead of the beginning.

Indeed, the phishing page that I spotted used a URL ending with what looks like a legitimate domain name: hxxp://69.175.106.6/~feacosa1/nozit/accounts.craigslist.org/.

The phisher is hiding the phishing page behind two other domains: URL shortener(s) redirect to different pages on free hosting sites which then redirect to the phishing page. It is a "smart" redirection in the sense that real users are redirected to the phishing page whereas URL shorteners are served with a regular page that looks legitimate. Even if the URL shorteners use a denylist to prevent abuse, they cannot apply it on the real final destination.

 
Image
Spam page to hide the phishing page from security tools
Here are some of the domains used for the redirection:
  • npzut81.125mb.com
  • fdabbe61.batcave.net
  • pziut318.batcave.net
  • nipxuto11.125mb.com
  • hpasut81.tekcities.com

This brought to my attention the fact that in addition to telling my friends to always check the URL and the domain name, I should also remind them where the domain actually is!

-- Julien
form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

dots pattern

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。