Domain based phishing scams?

llegent · 07-20-2006, 04:45 PM

Hello, wonder if anyone come across phising activities on fraudulent sites which are displaying "recognizable" domain names? Beofre this, numerical IP address were use for phishing activities, now it seems that those people are moving toward using domain names in their spoof activities.

As a surfer, it appear less suspicious if a site is displaying a recognizable domain name versus numerical IP address. Well, when we do see numerical IP display in browser, we will definitely be much alert. But what about domain name?? Would you be less alert and not suspicious if you were to reach a site that display a domain in your broswer??

zach · 07-20-2006, 05:07 PM

Yes, but I think that anyone would be. If it weren't for GMail displaying phising warnings, I would probably have given my paypal password out countless times.

IDNs are a major source of phishing scams like this.

triumph · 07-22-2006, 03:57 AM

I know one time I almost got tricked by one of those bank schemes because they sent me one that was actually my bank at the time. However I have a long habit of glancing at urls when I hover and I caught it in time.

zach · 07-22-2006, 11:50 AM

Lucky!

But sometimes you can't see any difference because they look exactly the same (like when they mix scripts with the same characters). I think that the Google toolbar displays a notification if this is the case.

andreww38 · 07-28-2006, 09:31 AM

if in doubt, you can always view page source?

kokotai · 08-19-2006, 01:37 AM

I get notices once in a while that look like they are from pay pal. I reported them right way but it was really convicing.

Slashmire · 08-20-2006, 03:54 AM

I just don't fall in it; since forever, we've been told that no one will ask for password confirmation and all. Plus, if you just look at the status bar of where the links are from and go...you should be fine.

Paula62 · 08-20-2006, 09:01 PM

I have gotten several of those bank notices recently, very real sounding. My trick is to always go to the bank website itself (or paypal). If the problem really exists, then it would be either posted on the webpage or you would get a notice when you try to log in to your own account. So I ignore any links int eh email and go straight to the website.