Phishing warning from a credit provider...
-
Yes, that link was clickable.
No, it's not for that provider.
(And thanks to the GDPR, I cannot determine from
whois
whether or not they actually control it.)
-
@PJH Unless it's your email client auto-clickafying anything that looks like a link?
-
@dcon said in Phishing warning from a credit provider...:
@PJH Unless it's your email client auto-clickafying anything that looks like a link?
Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..
-
@PJH said in Phishing warning from a credit provider...:
I'll check the source..
Yup. It's missing some
­
's that would defeat it.Meanwhile..
$ curl -Li my-argos-card.net HTTP/1.1 302 Found server: nginx date: Mon, 15 Oct 2018 13:57:01 GMT content-length: 11 set-cookie: sid=30bbaf68-d082-11e8-8ea6-51c686a70740; path=/; domain=my-argos-card.net; HttpOnly cache-control: max-age=0, private, must-revalidate connection: close location: http://ww1.my-argos-card.net/?sub1=30bbaf68-d082-11e8-8ea6-51c686a70740 HTTP/1.1 200 OK Date: Mon, 15 Oct 2018 13:57:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Vary: Accept-Encoding Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M6FsMhzmk+PrDuue7KfxL4jPFKSR1y8q2vWhhkhYwnHT17WBss/gAE6kA3Lr7tSG5LDp40rrYuG7CuRb5KGtZA== Set-Cookie: tu=7aac23a540506cc241de262cfdbddd47; expires=Tue, 31-Dec-2019 23:00:00 GMT; Max-Age=38221378; path=/; domain=my-argos-card.net; httponly Last-Modified: Mon, 15 Oct 2018 13:57:02 GMT X-Cache-Miss-From: parking-859dc4f4d-x47vb Server: NginX Set-Cookie: NSC_tfep-83+63+5+01-91=ffffffff58cbef9845525d5f4f58455e445a4a423660;path=/;httponly <!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M6FsMhzmk+PrDuue7KfxL4jPFKSR1y8q2vWhhkhYwnHT17WBss/gAE6kA3Lr7tSG5LDp40rrYuG7CuRb5KGtZA==><head><meta charset="utf-8"><title>my-argos-card.net - This website is for sale! - my-argos-card Resources and Information.</title><noscript><meta http-equiv="refresh" content="0; url=http://ww1.my-argos-card.net/?sub1=30bbaf68-d082-11e8-8ea6-51c686a70740>njs=1"></noscript><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><meta name="description" content="This website is for sale! my-argos-card.net is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, my-argos-card.net has it all. We hope you find what you are searching for!"><link href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYxIDY0LjE0MDk0OSwgMjAxMC8xMi8wNy0xMDo1NzowMSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNS4xIFdpbmRvd3MiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6MzRFNEQ3NkJEMjRGMTFFMTk4RjA4NDhFNTEwRTcy[...]
This website is for sale!
They didn't even bother checking their example 'wrong' website.
-
@PJH said in Phishing warning from a credit provider...:
Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..
Aware of the possibility != responsible for the occurrence. (There are probably email clients that "helpfully" ignore HTML entities in the URL.)
-
@Unperverted-Vixen said in Phishing warning from a credit provider...:
@PJH said in Phishing warning from a credit provider...:
Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..
Aware of the possibility != responsible for the occurrence. (There are probably email clients that "helpfully" ignore HTML entities in the URL.)
Come now - there's some low-hanging fruit there that they could get, and didn't.
Like
- breaking up the URL with non-printable characters to frustrate auto-linkers (anything that accepts any such in a URL and still auto-links it (a) shouldn't and (b) shouldn't link a valid site)
- gaining control of any example 'bad' URL's
-
@PJH said in Phishing warning from a credit provider...:
@Unperverted-Vixen said in Phishing warning from a credit provider...:
@PJH said in Phishing warning from a credit provider...:
Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..
Aware of the possibility != responsible for the occurrence. (There are probably email clients that "helpfully" ignore HTML entities in the URL.)
Come now - there's some low-hanging fruit there that they could get, and didn't.
Like
- breaking up the URL with non-printable characters to frustrate auto-linkers (anything that accepts any such in a URL and still auto-links it (a) shouldn't and (b) shouldn't link a valid site)
- gaining control of any example 'bad' URL's
Or the easiest one of all:
- replace the URL with a screenshot of the URL
-
@ben_lubar said in Phishing warning from a credit provider...:
replace the URL with a screenshot of the URL
And have the users complain about the non-working link
-
@Luhmann
Also: bonus points for using a letter CDN to render it
-
@PJH said in Phishing warning from a credit provider...:
- gaining control of any example 'bad' URL's
That's the best option, there. Wasn't there a story on TDWTF a while back where someone made a fake phishing site and emailed all the employees with a link to it just to see who fell for it?
-
@The_Quiet_One said in Phishing warning from a credit provider...:
Wasn't there a story on TDWTF a while back where someone made a fake phishing site and emailed all the employees with a link to it just to see who fell for it?
Not sure about a story, but there's been a few posts/topics about it.
One of mine: https://what.thedailywtf.com/topic/20273/action-required/12