https://yourfakebank.support -- TLD confusion starts!
Pretty much ever since the new top level domain (TLD) ".biz" went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN's latest folly and money-grab went live. It looks like a number of the "new" top level domains, like ".support", ".club", etc have now come online. And again, it seems like only the crooks are buying.
We are currently investigating a wave of phishing emails that try to lure the user to a copy of the Bank of America website. The main difference, of course, is that any login credentials entered do not end up with Bank of America, but rather with some crooks, who then help themselves to the savings.
Phishing emails per se are nothing new. But it appears that URLs like the one shown in the phishing email above have a higher success rate with users. I suspect this is due to the fact that the shown URL "looks different", but actually matches the linked URL, so the old common "wisdom" of hovering the mouse pointer over the link to look for links pointing to odd places .. won't help here.
But wait, there's more! Since the crooks in this case own the domain, and obviously trivially can pass the so-called "domain control validation" employed by some CA's, they actually managed to obtain a real, valid SSL certificate!
Quoting from the Certificate Authority's web site:
Comodo Free SSL is a fully functional Digital Certificate, recognized and trusted by 99.9% of browsers. Your visitors will see the golden padlock and won't see security warnings. What will you get:
- Ninety day free SSL Certificate (other CAs offer 30 days maximum.)
- Issued online in minutes with no paperwork or delays
- Highest strength 2048 bit signatures / 256 bit encryption
- Signed from the same trusted root as our paid certificates
- Recognized by all major browsers and devices
They don't mention why they think any of this is a good idea.
Addition of SSL to the phish means that another "scam indicator" that we once taught our users is also no longer valid. When a user clicks on the link in the phishing email, the browser will actually show the "padlock" icon of a "secure site". See the screenshot below.
If you have seen other recent banking phishes that use new top level domains and/or valid SSL certificates, please let us know via the contact form, or the comments below!
Comments
Anonymous
Sep 17th 2014
1 decade ago
We need to do a better job of teaching our users how to recognize and avoid the multitude of threats that target us online, our inboxes, smartphones.... I've created a site that tries to do that: TheDailyScam.
We invite your feedback of our effort.
Anonymous
Sep 17th 2014
1 decade ago
Dear ChaseOnline SM Customer:
We're writing to let you know that you have not enroll for automatic updates,to get immediate alert,if your account was accessed from unknown device or unsual activities.
To register for updates, log on to. CASE-23021 HERE -->hxxp://www. infobike. es/libraries/1.php [spaces added]
Please don't reply directly to this automatically-generated e-mail message.
Sincerely,
Online Banking Team
Please don't reply directly to this automatically-generated e-mail message.
Sincerely,
Online Banking Team
I have reported that to chase abuse team.
Anonymous
Sep 17th 2014
1 decade ago
The country TLDs are different, those are fine (.UK, .CA, .CH, etc.). But the .biz, .support, .pro, .me, etc. are IMO annoyances and worse, security risks for exactly the reasons outlined in this diary.
IMO TLDs should be limited to:
- country specific TLDs (.UK, .CH, etc.)
- .com
- .net
- .org
- .gov
- .edu
- .adult (for all adult sites so that it's much simpler to create filters for children, etc. - but that's a separate and very complex subject for another discussion)
The others are mostly spam and only lead to confusion and security risks.
Anonymous
Sep 17th 2014
1 decade ago
Anonymous
Sep 18th 2014
1 decade ago
I see the freedom of TLD's as progress (less limitations, more possibilities) and
prevention of progress is never a good strategy for security.
We need to adapt to these new possibilities and specifically the banks, etc.
need to take a more active role on how to securely and intuitively provide their
digital services to the customer. There is ample room for improvement.
Anonymous
Sep 22nd 2014
1 decade ago