« Wednesday | Main | A Christian Perspective on Separation of Church and State »
March 16, 2006
EMAIL Hell - Evil Spammers Catch a Domain Name Break
We got a new phishing EMAIL today from an evil spammer pretending to be Chase Manhattan Bank. The EMAIL starts with the following warning
We recently have determined that different computers have logged in to your Chase account, and multiple password failures were present before the logons. We strongly advice CHANGE YOUR PASSWORD.
The EMAIL continues with the usual threats of dire consequences and offers a button to click that will send you on your way to fixing your compromised password.
Chase Manhattan is a ripe target because they actually send legitimate EMAILs to their customers; however, as Chase itself states on its fraud prevention page, the legitimate ones never contain threats.
What makes this new scam dangerous is that the address to which you are sent looks almost legitimate:
http://www.updatechaseonline.com/colappmgr/colportal/prospect.php?_nfpb=change_form
The domain name updatechaseonline.com is perfectly reasonable, and it is not disguised with any of the usual fancy tricks involving subdomains. It is, however, still a bogus domain.
Chase has no need to create any alternate domains. If they wanted to create a special URL for updating passwords, it would be a subdomain like updateonline.chase.com, because subdomains are cheaper and easier to manage.
The point is, there is one and only one domain name you can trust-- chase.com. If Chase Manhattan Bank feels the need to create a new domain for password updates, then they are too stupid to be allowed to use the Internet and you should move your money at once.
So don't be fooled! The techniques for disguising domain names keep changing, but it's still the same old trick.
Respectfully submitted,
Ferdinand T. Cat
# At Thu 1:18 AM | Permalink | Trackback URI | Comments (0) | More EMAIL Hell
Leave a comment
Leave a comment