Posted on 05/01/2006 2:17:31 PM PDT by 2Jim_Brown
CHICAGO, May 1 (UPI) -- Computer-security professionals at the weekend were working on what is being described as a just-emerging IT problem -- the kind which, if the pros are correct, potentially could imperil all e-commerce across the globe. Hackers have apparently compromised the computer server of a Russian bank and set up a fake subsite to "phish" for credit-card information and other personal financial details, experts tell UPI's Networking.
This is a new kind of phishing scam, as computer criminals usually set up sites that simply look and feel similar to the site they are attacking. But in this instance, the phishers replicated the Moscow-based KS Bank site itself, www.ks-bank.ru, and not just an image of it, and created a page that used its exact URL, a subsite of that URL, www.ks-bank.ru/.x/hvfcu. This new tactic raises a horrid specter for online banking consumers -- the grinding fear of whether one's e-commerce site is what it purports to be or is actually a criminal enterprise. By Gene Koprowski
http://www.upi.com/Hi-Tech/view.php?StoryID=20060501-100818-3626r
(Excerpt) Read more at washingtontimes.com ...
Well, do not deal with Russian banks, then - it pays to deal only with those you know and trust.
The Russians are so poor at technology
they can't even get their "Live" scoring
system operating correctly in the JandS
Tennis Tourney this week in Moscow!
My girlfriend works for Chase. You wouldn't believe the amount of our information that goes overseas due to outsourcing of one kind or another. Even the IRS sends stuff abroad.
Are they saying what I think? When I get such email, the "properties" of the URL point to the bogus site, and is completely different from the URL that's displayed (usually chase.com or citibank.com).
Is this post saying that even if you put in the "right" URL you still can go to a fake site? Doesn't SSL or VeriSign prevent it?
Notice the difference in the urls. The/.x/... doesn't belong to the bank. It's a different IP.
Except for the enhanced technology, this is just a variation on a very old con game, do a Google search on "The Bank of Sark", and read about some real con men who made this kind of scam work long before the Internet existed.
The implication of this is that hackers can do this to any bank, or PayPal, etc. or the companies you pay directly to online.
I am dealing with very few companies. All of them are US based, thus sueable in the US.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.