Posts Tagged ‘phishing’

Phishermen with Better Bait

April 8, 2008

Most of the phishing emails I see are obviously fakes. Many don’t bother to spoof the sender address, clearly link to third-party sites (eg. http://www.yourbank.com.46dyu.ru/verify/) and/or use terrible grammar and spelling. While it’s always a give-away when I’m not actually a customer of the purported bank, a few emails certainly make me look twice before I work out their trick.

Here’s one allegedly from St. George bank in Australia.

Have a look at their official website: http://www.stgeorge.com.au/

Then this email:

While some of the grammar is slightly amiss, this email is a step above the bulk of what I’ve seen. Their trick, while not new, is that the text, http://ibank.stgeorge.com.au/verify, is HTML linked to a phishing site at http://www.stgcorge.com/verify, much like I can have http://ibank.stgeorge.com.au/verify link to Google or anywhere else. Only in the case of this email, on a cursory glance, “stgcorge” could easily be read as “stgeorge”.