|
The hyper-link in the body of the "phishing" email was a bait-and-switch game. Clicking on the "Bank of America" link launches a web browser, but the browser will be directed to a web site that has no connection to Bank of America. Simple and slick.
There is more; clicking on this hyper-link is only the beginning. This particular phishing scam turned out to be very convoluted and sophisticated. Interesting.
Here is what happened to me on January 12th:
* First, I logged into my mail server, downloaded my email, opened the phishing email and read it. Those actions happened in Oakland, California:
Starting point.
* Next, I clicked on the hyper-link in the phishing email.
* My web browser was directed to a server in San Salvador, El Salvador:
www.ccsoy.com = 168.243.215.219
First destination
* But the hyper-link in the phishing email pointed to a script file (a program) on the server in El Salvador, not to a web page.
* Before I was aware anything had happened, my web browser had executed the script file and I was redirected to another server, in Bandung, Jawa Barat (Djawa Barat), Indonesia:
www.mbicc.com = 202.159.35.6
Second destination
* No, it didn't stop there. The script file in El Salvador pointed to another script file in Indonesia, not to a web page.
* My web browser executed the script file in Indonesia. In a flash, I was redirected again, to the final destination -- a private PC in Ajax, Ontario, Canada:
cpe0004754cb643-cm0011ae02814e.cpe.net.cable.rogers.com = 74.118.82.223
Final destination
Whew! My PC went on a trans-global trek with one mouse click, and I had no clue:
California to El Salvador to Indonesia to Canada.
|
|
