1. Home
  2. Categories
  3. Side Bar WTF
  4. Phishing warning from a credit provider...

Phishing warning from a credit provider...

  • PJH
    Discourse touched me in a no-no place

    0_1539610672247_Screenshot from 2018-10-15 14-37-21.png

    Yes, that link was clickable.

    No, it's not for that provider.

    (And thanks to the GDPR, I cannot determine from whois whether or not they actually control it.)

    18 dcon 1 Reply
  • dcon

    @PJH Unless it's your email client auto-clickafying anything that looks like a link?

    7 PJH 1 Reply
  • PJH
    Discourse touched me in a no-no place

    @dcon said in Phishing warning from a credit provider...:

    @PJH Unless it's your email client auto-clickafying anything that looks like a link?

    Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..

    6 PJH Unperverted Vixen 2 Replies
  • PJH
    Discourse touched me in a no-no place

    @PJH said in Phishing warning from a credit provider...:

    I'll check the source..

    0_1539611773959_Screenshot from 2018-10-15 14-55-52.png

    Yup. It's missing some ­'s that would defeat it.

    Meanwhile..

    $ curl -Li  my-argos-card.net
HTTP/1.1 302 Found
server: nginx
date: Mon, 15 Oct 2018 13:57:01 GMT
content-length: 11
set-cookie: sid=30bbaf68-d082-11e8-8ea6-51c686a70740; path=/; domain=my-argos-card.net; HttpOnly
cache-control: max-age=0, private, must-revalidate
connection: close
location: http://ww1.my-argos-card.net/?sub1=30bbaf68-d082-11e8-8ea6-51c686a70740

HTTP/1.1 200 OK
Date: Mon, 15 Oct 2018 13:57:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M6FsMhzmk+PrDuue7KfxL4jPFKSR1y8q2vWhhkhYwnHT17WBss/gAE6kA3Lr7tSG5LDp40rrYuG7CuRb5KGtZA==
Set-Cookie: tu=7aac23a540506cc241de262cfdbddd47; expires=Tue, 31-Dec-2019 23:00:00 GMT; Max-Age=38221378; path=/; domain=my-argos-card.net; httponly
Last-Modified: Mon, 15 Oct 2018 13:57:02 GMT
X-Cache-Miss-From: parking-859dc4f4d-x47vb
Server: NginX
Set-Cookie: NSC_tfep-83+63+5+01-91=ffffffff58cbef9845525d5f4f58455e445a4a423660;path=/;httponly

<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M6FsMhzmk+PrDuue7KfxL4jPFKSR1y8q2vWhhkhYwnHT17WBss/gAE6kA3Lr7tSG5LDp40rrYuG7CuRb5KGtZA==><head><meta charset="utf-8"><title>my-argos-card.net&nbsp;-&nbspThis website is for sale!&nbsp;-&nbspmy-argos-card Resources and Information.</title><noscript><meta http-equiv="refresh" content="0; url=http://ww1.my-argos-card.net/?sub1=30bbaf68-d082-11e8-8ea6-51c686a70740&gtnjs=1"></noscript><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><meta name="description" content="This website is for sale! my-argos-card.net is your first and best source for all of the information you’re looking for. From general topics to more of what you would expect to find here, my-argos-card.net has it all. We hope you find what you are searching for!"><link href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYxIDY0LjE0MDk0OSwgMjAxMC8xMi8wNy0xMDo1NzowMSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNS4xIFdpbmRvd3MiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6MzRFNEQ3NkJEMjRGMTFFMTk4RjA4NDhFNTEwRTcy[...]

    This website is for sale!

    They didn't even bother checking their example 'wrong' website.

    7
  • Unperverted Vixen
    And then the murders began.

    @PJH said in Phishing warning from a credit provider...:

    Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..

    Aware of the possibility != responsible for the occurrence. (There are probably email clients that "helpfully" ignore HTML entities in the URL.)

    3 PJH 1 Reply
  • PJH
    Discourse touched me in a no-no place

    @Unperverted-Vixen said in Phishing warning from a credit provider...:

    @PJH said in Phishing warning from a credit provider...:

    Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..

    Aware of the possibility != responsible for the occurrence. (There are probably email clients that "helpfully" ignore HTML entities in the URL.)

    Come now - there's some low-hanging fruit there that they could get, and didn't.

    Like

    • breaking up the URL with non-printable characters to frustrate auto-linkers (anything that accepts any such in a URL and still auto-links it (a) shouldn't and (b) shouldn't link a valid site)
    • gaining control of any example 'bad' URL's
    7 ben_lubar The_Quiet_One 2 Replies
  • ben_lubar

    @PJH said in Phishing warning from a credit provider...:

    @Unperverted-Vixen said in Phishing warning from a credit provider...:

    @PJH said in Phishing warning from a credit provider...:

    Possibly - but then again, shouldn't they be aware of that possibility? I'll check the source..

    Aware of the possibility != responsible for the occurrence. (There are probably email clients that "helpfully" ignore HTML entities in the URL.)

    Come now - there's some low-hanging fruit there that they could get, and didn't.

    Like

    • breaking up the URL with non-printable characters to frustrate auto-linkers (anything that accepts any such in a URL and still auto-links it (a) shouldn't and (b) shouldn't link a valid site)
    • gaining control of any example 'bad' URL's

    Or the easiest one of all:

    • replace the URL with a screenshot of the URL
    5 Luhmann 1 Reply
  • Luhmann
    BINNED

    @ben_lubar said in Phishing warning from a credit provider...:

    replace the URL with a screenshot of the URL

    And have the users complain about the non-working link

    11 Luhmann 1 Reply
  • Luhmann
    BINNED

    @Luhmann
    Also: bonus points for using a letter CDN to render it

    10
  • The_Quiet_One
    🚽 Regular

    @PJH said in Phishing warning from a credit provider...:

    • gaining control of any example 'bad' URL's

    That's the best option, there. Wasn't there a story on TDWTF a while back where someone made a fake phishing site and emailed all the employees with a link to it just to see who fell for it?

    2 PJH 1 Reply
  • PJH
    Discourse touched me in a no-no place

    @The_Quiet_One said in Phishing warning from a credit provider...:

    Wasn't there a story on TDWTF a while back where someone made a fake phishing site and emailed all the employees with a link to it just to see who fell for it?

    Not sure about a story, but there's been a few posts/topics about it.

    One of mine: https://what.thedailywtf.com/topic/20273/action-required/12

    2
Log in to reply