*WARNING* well done phish email

Discussion in 'NZ Computing' started by Dave - Dave.net.nz, Sep 29, 2005.

  1. For bank direct this time, although they've done it really well..
    the URL is as follows.

    http://www.bankdlrect.co.nz/index_secure.asp/
    note the lower case "L" instead of an "i"

    The site is well done in copy aswell, they've spent some time playing
    with this.

    Logon(of course fake details were used) even gives a really good
    approved page
    --
    http://dave.net.nz <- My personal site.
     
    Dave - Dave.net.nz, Sep 29, 2005
    #1
    1. Advertising

  2. Dave - Dave.net.nz wrote:
    > For bank direct this time, although they've done it really well..
    > the URL is as follows.
    >
    > http://www.bankdlrect.co.nz/index_secure.asp/
    > note the lower case "L" instead of an "i"
    >
    > The site is well done in copy aswell, they've spent some time playing
    > with this.
    >
    > Logon(of course fake details were used) even gives a really good
    > approved page


    heh, link killed... thanks to NZNOG.

    --
    http://dave.net.nz <- My personal site.
     
    Dave - Dave.net.nz, Sep 29, 2005
    #2
    1. Advertising

  3. Dave - Dave.net.nz

    ardz Guest

    "Dave - Dave.net.nz" <> wrote in message
    news:...
    > For bank direct this time, although they've done it really well..
    > the URL is as follows.
    >
    > http://www.bankdlrect.co.nz/index_secure.asp/
    > note the lower case "L" instead of an "i"
    >
    > The site is well done in copy aswell, they've spent some time playing
    > with this.
    >
    > Logon(of course fake details were used) even gives a really good
    > approved page
    > --
    > http://dave.net.nz <- My personal site.



    Yeah got that this morning as well. I didnt actually notice the lower case
    L... Good spotting..... tricky B**stards.
     
    ardz, Sep 29, 2005
    #3
  4. Dave - Dave.net.nz

    Guest

    The only flaw in their plan was that I'm not a Bank Direct customer.

    The URL is down now, but as for getting it to look so similar, I
    imagine they just copy/paste the code from the actual site?

    That was the case in the last phishing site I looked at (a TradeMe
    copy).

    It wouldn't surprise me if they were just hot linking to the images on
    the actually server as well.

    WHOIS lookup:

    Heh, he just bought the domain a week ago, and surprise surprise that
    it's an American (assuming this to be true).

    One sort of wonders if Discount Domains should bare some responsibility
    for registering such a dodgy domain (I actually use them myself)? I
    guess it's not their role to act as censor, but I wonder if they would
    at least cancel it if you asked them. If nothing else, it's copyright
    infringement. :)

    query_datetime: 2005-09-30T08:33:52+12:00
    domain_name: bankdlrect.co.nz
    query_status: 200 Active
    domain_dateregistered: 2005-09-23T12:04:12+12:00
    domain_datebilleduntil: 2006-09-23T12:04:12+12:00
    domain_datelastmodified: 2005-09-23T12:08:07+12:00
    domain_delegaterequested: yes
    %
    registrar_name: DiscountDomains.co.nz
    registrar_address1: P O Box 25-129
    registrar_city: Christchurch
    registrar_country: NZ (NEW ZEALAND)
    registrar_phone: +64 3 961 9554
    registrar_fax: +64 3 961 9553
    registrar_email:
    %
    registrant_contact_name: RODNEY GUISTWITE
    registrant_contact_address1: 9740 CONIFER LANE
    registrant_contact_city: MURRELLS INLET
    registrant_contact_country: US (UNITED STATES)
    registrant_contact_phone: +84 3 6501641
    registrant_contact_email:
     
    , Sep 30, 2005
    #4
  5. wrote:
    > The only flaw in their plan was that I'm not a Bank Direct customer.


    me either... well, not anymore, left a few years back.

    > One sort of wonders if Discount Domains should bare some responsibility
    > for registering such a dodgy domain (I actually use them myself)? I
    > guess it's not their role to act as censor, but I wonder if they would
    > at least cancel it if you asked them. If nothing else, it's copyright
    > infringement. :)


    they did cancel it.

    --
    http://dave.net.nz <- My personal site.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #5
  6. Dave - Dave.net.nz

    Guest

    wrote:
    >The URL is down now

    ....
    >but I wonder if they would
    > at least cancel it if you asked them


    Dave - Dave.net.nz wrote:
    >they did cancel it.


    Man, that was dumb of me!
     
    , Sep 30, 2005
    #6
  7. Dave - Dave.net.nz

    Squirrel Guest

    On Fri, 30 Sep 2005 09:12:44 +1200, "Dave - Dave.net.nz"
    <> wrote:

    >For bank direct this time, although they've done it really well..
    >the URL is as follows.
    >
    >http://www.bankdlrect.co.nz/index_secure.asp/
    >note the lower case "L" instead of an "i"
    >
    >The site is well done in copy aswell, they've spent some time playing
    >with this.
    >
    >Logon(of course fake details were used) even gives a really good
    >approved page


    Got this and noiced same, yet if you click on contact us it returns to
    correct spelling

    Squirrel


    And remember be nice to straights, it takes two of them to make one of you

    Boy George
     
    Squirrel, Sep 30, 2005
    #7
  8. Dave - Dave.net.nz

    Squirrel Guest

    On Fri, 30 Sep 2005 11:55:41 +1200, "Dave - Dave.net.nz"
    <> wrote:

    > wrote:
    >> The only flaw in their plan was that I'm not a Bank Direct customer.

    >
    >me either... well, not anymore, left a few years back.
    >
    >> One sort of wonders if Discount Domains should bare some responsibility
    >> for registering such a dodgy domain (I actually use them myself)? I
    >> guess it's not their role to act as censor, but I wonder if they would
    >> at least cancel it if you asked them. If nothing else, it's copyright
    >> infringement. :)

    >
    >they did cancel it.


    never even signed up

    Squirrel


    And remember be nice to straights, it takes two of them to make one of you

    Boy George
     
    Squirrel, Sep 30, 2005
    #8
  9. Squirrel wrote:
    >>>The only flaw in their plan was that I'm not a Bank Direct customer.


    >>me either... well, not anymore, left a few years back.




    >>>One sort of wonders if Discount Domains should bare some responsibility
    >>>for registering such a dodgy domain (I actually use them myself)? I
    >>>guess it's not their role to act as censor, but I wonder if they would
    >>>at least cancel it if you asked them. If nothing else, it's copyright
    >>>infringement. :)


    >>they did cancel it.


    > never even signed up


    well, they were the registrar...

    reply from them earlier.
    _____________________________________________________
    Dear Dave,

    Thank you for your email.

    We have been aware of the phishing attack being carried out through the
    domain name bankdlrect.co.nz.

    NOTE: This domain name is NOT hosted in anyway with
    www.discountdomains.co.nz - we provide no services on the domain name
    whatsoever.

    This domain name is simply one of the thousands that have been
    registered with discountdomains.co.nz, that use a third party hosting
    provider.

    However, the domain name has now been suspended:

    version: 1.23.0
    query_datetime: 2005-09-30T10:35:31+12:00
    domain_name: bankdlrect.co.nz
    query_status: 210 PendingRelease
    domain_dateregistered: 2005-09-23T12:04:12+12:00
    domain_datebilleduntil: 2006-09-23T12:04:12+12:00
    domain_datelastmodified: 2005-09-30T09:30:45+12:00
    domain_datecancelled: 2005-09-30T09:30:45+12:00
    domain_delegaterequested: yes

    If you have any further concerns, please let me know.

    Regards,

    SAM
    _______________________________________________________

    --
    http://dave.net.nz <- My personal site.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #9
  10. Dave - Dave.net.nz

    Shane Guest

    On Fri, 30 Sep 2005 13:47:13 +1200, Dave - Dave.net.nz wrote:

    > SAM
    > _______________________________________________________


    Dear SAM,
    why the flying f*ck did you allow such an obvious phishing domain to be
    registered in the first place? Do you not check the domain names? Do you
    not care as long as you get paid?
    For these and other rants...


    Shane :)
    (no I didnt send that )

    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
     
    Shane, Sep 30, 2005
    #10
  11. Shane wrote:
    > why the flying f*ck did you allow such an obvious phishing domain to be
    > registered in the first place? Do you not check the domain names? Do you
    > not care as long as you get paid?
    > For these and other rants...


    I'm sure that each company with an automated domain registering system
    pays a person to sit there and read each and every one of the
    registrations... yeah right.

    --
    http://dave.net.nz <- My personal site.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #11
  12. Dave - Dave.net.nz

    Shane Guest

    On Fri, 30 Sep 2005 14:21:45 +1200, Dave - Dave.net.nz wrote:

    > Shane wrote:
    >> why the flying f*ck did you allow such an obvious phishing domain to be
    >> registered in the first place? Do you not check the domain names? Do
    >> you not care as long as you get paid?
    >> For these and other rants...

    >
    > I'm sure that each company with an automated domain registering system
    > pays a person to sit there and read each and every one of the
    > registrations... yeah right.


    Im willing to bet that the same company has someone checking to make sure
    the cheques are paid, and made out for the right amount

    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
     
    Shane, Sep 30, 2005
    #12
  13. Dave - Dave.net.nz

    Rob J Guest

    In article <-a-geek.net>,
    -a-geek.net says...
    > On Fri, 30 Sep 2005 13:47:13 +1200, Dave - Dave.net.nz wrote:
    >
    > > SAM
    > > _______________________________________________________

    >
    > Dear SAM,
    > why the flying f*ck did you allow such an obvious phishing domain to be
    > registered in the first place? Do you not check the domain names? Do you
    > not care as long as you get paid?
    > For these and other rants...


    Have you not heard of automated signup?

    No ISP has the ability to forsee what a domain is being registered for.
    It's not at all clear on the face of it what this domain would have been
    registered for at the time/.
     
    Rob J, Sep 30, 2005
    #13
  14. Dave - Dave.net.nz

    Shane Guest

    On Fri, 30 Sep 2005 15:05:25 +1200, Rob J wrote:

    > In article <-a-geek.net>,
    > -a-geek.net says...
    >> On Fri, 30 Sep 2005 13:47:13 +1200, Dave - Dave.net.nz wrote:
    >>
    >> > SAM
    >> > _______________________________________________________

    >>
    >> Dear SAM,
    >> why the flying f*ck did you allow such an obvious phishing domain to be
    >> registered in the first place? Do you not check the domain names? Do
    >> you not care as long as you get paid?
    >> For these and other rants...

    >
    > Have you not heard of automated signup?
    >
    > No ISP has the ability to forsee what a domain is being registered for.
    > It's not at all clear on the face of it what this domain would have been
    > registered for at the time/.


    I repeat
    Billing _must_ be connected to an account
    The domains _must_ also be connected to that account
    The domains _must_ be checked to ensure they arent held by somebody else

    forsee?
    they only need to check what it is, not what its for

    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
     
    Shane, Sep 30, 2005
    #14
  15. Shane wrote:
    >>>why the flying f*ck did you allow such an obvious phishing domain to be
    >>>registered in the first place? Do you not check the domain names? Do
    >>>you not care as long as you get paid?
    >>>For these and other rants...


    >>I'm sure that each company with an automated domain registering system
    >>pays a person to sit there and read each and every one of the
    >>registrations... yeah right.


    > Im willing to bet that the same company has someone checking to make sure
    > the cheques are paid, and made out for the right amount


    They're probably somewhat automated... I wonder how many domain name
    payments are paid using notes/cheque... willing to bet that a way higher
    percentage is done via internet banking, with reference numbers, so
    automated.

    --
    http://dave.net.nz <- My personal site.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #15
  16. Shane wrote:
    >>>why the flying f*ck did you allow such an obvious phishing domain to be
    >>>registered in the first place? Do you not check the domain names? Do
    >>>you not care as long as you get paid?
    >>>For these and other rants...


    >>Have you not heard of automated signup?
    >>No ISP has the ability to forsee what a domain is being registered for.
    >>It's not at all clear on the face of it what this domain would have been
    >>registered for at the time/.


    > I repeat
    > Billing _must_ be connected to an account
    > The domains _must_ also be connected to that account
    > The domains _must_ be checked to ensure they arent held by somebody else


    > forsee?
    > they only need to check what it is, not what its for


    but how do you know what it is...
    say I register the domain nattycokesuckers.com, who's to say I'm not
    going to use it legitimatly, or maybe I'll use it to catch people
    mis-typing nastycocksuckers.com

    It is hard to know what a domain is, without knowing it's purpose...
    "it's too hard" so it wont be done.

    --
    http://dave.net.nz <- My personal site.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #16
  17. Dave - Dave.net.nz

    Shane Guest

    On Fri, 30 Sep 2005 15:20:36 +1200, Dave - Dave.net.nz wrote:

    > Shane wrote:
    >>>>why the flying f*ck did you allow such an obvious phishing domain to be
    >>>>registered in the first place? Do you not check the domain names? Do
    >>>>you not care as long as you get paid? For these and other rants...

    >
    >>>I'm sure that each company with an automated domain registering system
    >>>pays a person to sit there and read each and every one of the
    >>>registrations... yeah right.

    >
    >> Im willing to bet that the same company has someone checking to make
    >> sure the cheques are paid, and made out for the right amount

    >
    > They're probably somewhat automated... I wonder how many domain name
    > payments are paid using notes/cheque... willing to bet that a way higher
    > percentage is done via internet banking, with reference numbers, so
    > automated.


    Yeah.. and on reflection clients probably buy bulk amounts without the ISP
    ever checking what they are...
    I'll take 400 domains please

    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
     
    Shane, Sep 30, 2005
    #17
  18. Dave - Dave.net.nz

    Shane Guest

    On Fri, 30 Sep 2005 15:25:58 +1200, Dave - Dave.net.nz wrote:

    > Shane wrote:
    >>>>why the flying f*ck did you allow such an obvious phishing domain to be
    >>>>registered in the first place? Do you not check the domain names? Do
    >>>>you not care as long as you get paid? For these and other rants...

    >
    >>>Have you not heard of automated signup? No ISP has the ability to forsee
    >>>what a domain is being registered for. It's not at all clear on the face
    >>>of it what this domain would have been registered for at the time/.

    >
    >> I repeat
    >> Billing _must_ be connected to an account The domains _must_ also be
    >> connected to that account The domains _must_ be checked to ensure they
    >> arent held by somebody else

    >
    >> forsee?
    >> they only need to check what it is, not what its for

    >
    > but how do you know what it is...
    > say I register the domain nattycokesuckers.com, who's to say I'm not going
    > to use it legitimatly, or maybe I'll use it to catch people mis-typing
    > nastycocksuckers.com
    >
    > It is hard to know what a domain is, without knowing it's purpose... "it's
    > too hard" so it wont be done.


    The obvious ones would be a nice place to start
    If I have a list of New Zealand Banking Industry domains, and related, if
    the new domains match within *say* 85% of those domains red flag them
    Its not going to catch *all* of the phishers, but it is a proactive start,
    afterall there are rules on profanity being used in domains isnt there?


    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
     
    Shane, Sep 30, 2005
    #18
  19. Dave - Dave.net.nz

    Richard Guest

    Shane wrote:

    > The obvious ones would be a nice place to start
    > If I have a list of New Zealand Banking Industry domains, and related, if
    > the new domains match within *say* 85% of those domains red flag them
    > Its not going to catch *all* of the phishers, but it is a proactive start,
    > afterall there are rules on profanity being used in domains isnt there?


    No, that was removed some time ago, otherwise we wouldnt have gems like
    http://fuckmicrosoft.com/
     
    Richard, Sep 30, 2005
    #19
  20. Dave - Dave.net.nz

    Shane Guest

    On Fri, 30 Sep 2005 15:48:32 +1200, Richard wrote:

    > Shane wrote:
    >
    >> The obvious ones would be a nice place to start If I have a list of New
    >> Zealand Banking Industry domains, and related, if the new domains match
    >> within *say* 85% of those domains red flag them Its not going to catch
    >> *all* of the phishers, but it is a proactive start, afterall there are
    >> rules on profanity being used in domains isnt there?

    >
    > No, that was removed some time ago, otherwise we wouldnt have gems like
    > http://fuckmicrosoft.com/


    I *thought* some TLD's were still moderated in NZ
    Of course I am probably wrong :\


    --
    Hardware, n.: The parts of a computer system that can be kicked

    The best way to get the right answer on usenet is to post the wrong one.
     
    Shane, Sep 30, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scrote

    Well done Texas

    Scrote, Jan 14, 2005, in forum: Computer Support
    Replies:
    28
    Views:
    1,155
    Old Gringo
    Jan 14, 2005
  2. Annette Kurten

    Well done grandslammers.

    Annette Kurten, Feb 26, 2005, in forum: Computer Support
    Replies:
    0
    Views:
    357
    Annette Kurten
    Feb 26, 2005
  3. Sammy Smith

    My first Attempted phish email....FOILED!

    Sammy Smith, Jul 30, 2005, in forum: Computer Security
    Replies:
    7
    Views:
    657
    lpaulson3
    Aug 1, 2005
  4. Karen  Parker
    Replies:
    32
    Views:
    1,108
    Karen Parker
    Aug 27, 2004
  5. Karen  Parker
    Replies:
    7
    Views:
    357
    JohnO
    Aug 26, 2004
Loading...

Share This Page