Yahoo Redirection Used in Phishing Email
Today, I got a phishing email using a Yahoo redirection. People who claim redirection isn’t a problem read on. Indeed, the URL also uses Dword encoding to further make the URL obfuscated. Here’s the URL:
Notice the Dword there? 1115019674 That translates to 66.117.217.154:
OrgName: Fuse Internet Access
OrgID: FIAI
Address: 209 W. Seventh St.
Address: MS 121-550
City: Cincinnati
StateProv: OH
PostalCode: 45202
Country: US
How someone could ever figure out what that URL was without clicking on it who wasn’t already familiar with phishing schemes, I’ll never know. Phishing is partly social engineering, and my trust in Yahoo is what makes me think, “Sure, I believe that Yahoo could theoretically have some arrangement with other companies to redirect traffic.” The fact that mega companies with known brands have these holes makes this a big problem.
July 29th, 2006 at 6:37 pm
Don’t be Reeled in by Phishers…
Have you ever heard the word Phishing and wondered what the heck people were talking about? Phishing, as defined by Wikipedia, is a form of criminal activity using social engineering techniques. In simple terms, Phishing means someone fraudulently repr…
January 29th, 2009 at 5:54 pm
FUSE INTERNET ACCESS
I have just recieved an injection attempt from an IP corresponding to this company (three attempts in a row, actually);
72.49.116.87
I suspect other IPs in the statistics are from the same source, though havent tested yet.
What about this lill codin in the query string (of course they did not get any access at all, and they never will):
1)_and_1=convert(int,(select_top_1_table_name_fro_information_schema.tables))–sp_password
I have changed it a bit - but should be clear enought. They are trying to guess a password?
Further information;
Seems like a robot, because:
No acceptEnc chosen (usually it is gZip)
User agent: Mozilla/4.0 (not valid, I guess, missing browser name)
But what is this company anyway? they are woth blocking the whole range?