IWD Designed Get Firefox!

This is a Britblog This is an English Britblog

Some things I agree with
(or not as the case may be)

EFF: No Broadcast Flag No Watermarks

Sunday, August 31
c2it that I get scammed, kthx (BEWARE, MALICIOUS HOAX ALERT)

There's a particularly stupid hoax going around at the moment, but quite a dangerous one nonetheless, as it's been designed to look and feel almost exactly like the real legit site (except for a few choice spelling errors and bad grammar usage every so often, which is always the dead giveaway. BUT READ ON...)


Purporting to be from c2it (a legit electronic funds transfer service run by Citibank, the World's largest bank group), the form arrives inside an email and claims that someone has sent you money... In my case:

"C2it.com service would like to inform you, that you received money transfer from Andreas (andreas666@earthlink.net). Amount is $217. In order to receive that amount from c2it.com you have to register your ATM card to prove you are our customer.

Your e-mail is not registred [sic] with us, you need to setup account with us and verify your identity. Please fill this form to be enrolled to c2it.com service."

Now then, what makes this convincing (apart from the IMMEDIATE suspicion that an email asking for your credit card details should arise) is that this email uses all the existing c2it.com layout and imagery, looks like someone's gotten an email from c2it.com legitimately and they've nicked all of the HTML from the email source.


The form that sends all your info off points to //211.193.190.42:65085/cgi-bin/c2it.php... Obviously NOT a c2it.com domain. If you go to 211.193.190.42:65085 you get "Index of 211.193.190.42". The SamSpade tools report that the IP address is based in Korea at the "Asia Pacific Network Information Centre" in Australia. Have a dig about with the tools for yourself using the IP address: //www.samspade.org/t/?a=211.193.190.42.


Erm... That's not right. And surely a SECURE service should use a secure HTTPs connection...


Now, obviously this ain't legit. However, what I am proposing is that everyone click on the link below, which I generated by filling out the form in the email with random crap values, and spamming their database with it just to piss them off. I'm also going to report this email to c2it, unless they already know about it, as they can help solve the problem by adding text to the images that are linked to in the email and putting something like HOAX EMAIL in there instead :D ... That's quite effective.



If you want to see what the email looks like, click here for a screenshot of:

    • 1) What the email looks like in your email client
    • 2) What the email headers look like in Outlook
    • 3) What the HTML looks like (image)
    • 4) The actual HTML of the email (.txt format)

... Just so you know what to look out for. :)


So if you get this email, go delete it straight away, tell all your friends about this page so they can avoid the credit card fraud trap, and then go click that link and spam the hell out of their database. USERS UNITE! :D


Dragged out of Christopher's memory and pasted
into his blog at 8/31/2003 09:23:00 PM. Roughly.
Blog ID: 106236139744831301· | Permalink


Links!
Mobile/low-bandwidth version
 

Back the Bid at london2012.com  
The Internet is Shit. Pure genius!
Get Skype! Free VoIP goodness.
Link to me:
Kerblam! by Christopher.
Kerblam! by Christopher.


Blogroll...



Top UK Blogs
Top of the British Blogs