*WARNING* well done phish email

Discussion in 'NZ Computing' started by Dave - Dave.net.nz, Sep 29, 2005.

  1. For bank direct this time, although they've done it really well..
    the URL is as follows.

    http://www.bankdlrect.co.nz/index_secure.asp/
    note the lower case "L" instead of an "i"

    The site is well done in copy aswell, they've spent some time playing
    with this.

    Logon(of course fake details were used) even gives a really good
    approved page
     
    Dave - Dave.net.nz, Sep 29, 2005
    #1
    1. Advertisements

  2. heh, link killed... thanks to NZNOG.
     
    Dave - Dave.net.nz, Sep 29, 2005
    #2
    1. Advertisements

  3. Dave - Dave.net.nz

    ardz Guest


    Yeah got that this morning as well. I didnt actually notice the lower case
    L... Good spotting..... tricky B**stards.
     
    ardz, Sep 29, 2005
    #3
  4. Dave - Dave.net.nz

    cbotman Guest

    The only flaw in their plan was that I'm not a Bank Direct customer.

    The URL is down now, but as for getting it to look so similar, I
    imagine they just copy/paste the code from the actual site?

    That was the case in the last phishing site I looked at (a TradeMe
    copy).

    It wouldn't surprise me if they were just hot linking to the images on
    the actually server as well.

    WHOIS lookup:

    Heh, he just bought the domain a week ago, and surprise surprise that
    it's an American (assuming this to be true).

    One sort of wonders if Discount Domains should bare some responsibility
    for registering such a dodgy domain (I actually use them myself)? I
    guess it's not their role to act as censor, but I wonder if they would
    at least cancel it if you asked them. If nothing else, it's copyright
    infringement. :)

    query_datetime: 2005-09-30T08:33:52+12:00
    domain_name: bankdlrect.co.nz
    query_status: 200 Active
    domain_dateregistered: 2005-09-23T12:04:12+12:00
    domain_datebilleduntil: 2006-09-23T12:04:12+12:00
    domain_datelastmodified: 2005-09-23T12:08:07+12:00
    domain_delegaterequested: yes
    %
    registrar_name: DiscountDomains.co.nz
    registrar_address1: P O Box 25-129
    registrar_city: Christchurch
    registrar_country: NZ (NEW ZEALAND)
    registrar_phone: +64 3 961 9554
    registrar_fax: +64 3 961 9553
    registrar_email:
    %
    registrant_contact_name: RODNEY GUISTWITE
    registrant_contact_address1: 9740 CONIFER LANE
    registrant_contact_city: MURRELLS INLET
    registrant_contact_country: US (UNITED STATES)
    registrant_contact_phone: +84 3 6501641
    registrant_contact_email:
     
    cbotman, Sep 30, 2005
    #4
  5. me either... well, not anymore, left a few years back.
    they did cancel it.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #5
  6. Dave - Dave.net.nz

    cbotman Guest

    Man, that was dumb of me!
     
    cbotman, Sep 30, 2005
    #6
  7. Dave - Dave.net.nz

    Squirrel Guest

    Got this and noiced same, yet if you click on contact us it returns to
    correct spelling

    Squirrel


    And remember be nice to straights, it takes two of them to make one of you

    Boy George
     
    Squirrel, Sep 30, 2005
    #7
  8. Dave - Dave.net.nz

    Squirrel Guest

    never even signed up

    Squirrel


    And remember be nice to straights, it takes two of them to make one of you

    Boy George
     
    Squirrel, Sep 30, 2005
    #8
  9. well, they were the registrar...

    reply from them earlier.
    _____________________________________________________
    Dear Dave,

    Thank you for your email.

    We have been aware of the phishing attack being carried out through the
    domain name bankdlrect.co.nz.

    NOTE: This domain name is NOT hosted in anyway with
    www.discountdomains.co.nz - we provide no services on the domain name
    whatsoever.

    This domain name is simply one of the thousands that have been
    registered with discountdomains.co.nz, that use a third party hosting
    provider.

    However, the domain name has now been suspended:

    version: 1.23.0
    query_datetime: 2005-09-30T10:35:31+12:00
    domain_name: bankdlrect.co.nz
    query_status: 210 PendingRelease
    domain_dateregistered: 2005-09-23T12:04:12+12:00
    domain_datebilleduntil: 2006-09-23T12:04:12+12:00
    domain_datelastmodified: 2005-09-30T09:30:45+12:00
    domain_datecancelled: 2005-09-30T09:30:45+12:00
    domain_delegaterequested: yes

    If you have any further concerns, please let me know.

    Regards,

    SAM
    _______________________________________________________
     
    Dave - Dave.net.nz, Sep 30, 2005
    #9
  10. Dave - Dave.net.nz

    Shane Guest

    Dear SAM,
    why the flying f*ck did you allow such an obvious phishing domain to be
    registered in the first place? Do you not check the domain names? Do you
    not care as long as you get paid?
    For these and other rants...


    Shane :)
    (no I didnt send that )
     
    Shane, Sep 30, 2005
    #10
  11. I'm sure that each company with an automated domain registering system
    pays a person to sit there and read each and every one of the
    registrations... yeah right.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #11
  12. Dave - Dave.net.nz

    Shane Guest

    Im willing to bet that the same company has someone checking to make sure
    the cheques are paid, and made out for the right amount
     
    Shane, Sep 30, 2005
    #12
  13. Dave - Dave.net.nz

    Rob J Guest

    Have you not heard of automated signup?

    No ISP has the ability to forsee what a domain is being registered for.
    It's not at all clear on the face of it what this domain would have been
    registered for at the time/.
     
    Rob J, Sep 30, 2005
    #13
  14. Dave - Dave.net.nz

    Shane Guest

    I repeat
    Billing _must_ be connected to an account
    The domains _must_ also be connected to that account
    The domains _must_ be checked to ensure they arent held by somebody else

    forsee?
    they only need to check what it is, not what its for
     
    Shane, Sep 30, 2005
    #14
  15. They're probably somewhat automated... I wonder how many domain name
    payments are paid using notes/cheque... willing to bet that a way higher
    percentage is done via internet banking, with reference numbers, so
    automated.
     
    Dave - Dave.net.nz, Sep 30, 2005
    #15
  16. Dave - Dave.net.nz

    Shane Guest

    Yeah.. and on reflection clients probably buy bulk amounts without the ISP
    ever checking what they are...
    I'll take 400 domains please
     
    Shane, Sep 30, 2005
    #16
  17. Wikipedia Is Your Friend: <http://en.wikipedia.org/wiki/Phishing>
     
    Lawrence D'Oliveiro, Sep 30, 2005
    #17
  18. Dave - Dave.net.nz

    Squirrel Guest

    thankyou, did it take longer to type it out rather than just indulge
    me?

    Squirrel


    And remember be nice to straights, it takes two of them to make one of you

    Boy George
     
    Squirrel, Sep 30, 2005
    #18
  19. Dave - Dave.net.nz

    Squirrel Guest

    I apologise, it would have taken much longer so thanks for your time
    (PBD) :)

    Squirrel


    And remember be nice to straights, it takes two of them to make one of you

    Boy George
     
    Squirrel, Sep 30, 2005
    #19
  20. Dave - Dave.net.nz

    Rob J Guest

    It's not at all uncommon to register domains that are nearly the same as
    the real thing e.g. microsaft.com
    Microsoft cracked down on a few of these similar domains some years
    back.
    Another example was extra.co.nz owned by ICONZ - all perfectly legal and
    redirected to the obvious place.

    Most of the registration process can be automated. It is perfectly legal
    in NZ to register a domain like the bankdlrect one.
     
    Rob J, Sep 30, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.