|
I did not make a copy of the real phishing page that came after the log-in page.
But I did poke around in the directories of the hacked computer in Ajax, Ontario.
I was surprised to find that the directories were searchable and their contents viewable by anyone. By me, for instance. By you, if you happened to click a few links and poke around.
The material uploaded by the phishing hackers had not been password-protected or hidden in any way.
All the source files for the phishing web pages were visible and could be downloaded.
The same was true of the following text file, which no longer exists on the hacked PC:
http://cpe0004754cb643-cm0011ae02814e.cpe.net.cable.rogers.com:82/boa/ase.txt
THIS TEXT FILE CONTAINED THE HARVESTED PHISHING DATA.
The fraudulent web site had been created to harvest the data in this file.
The original phishing email had been created to persuade people to visit the phishing site and enter their personal data into this file.
This text file was the "payoff" of the entire phishing scheme. All those hacked computers had been compromised and lined up to generate this file.
And I could just open it or download it. Anyone could.
|
|
