(OT?) Phishers targetting Kiwibank
I've received a reasonably plausible-looking phish for Kiwibank, appears to have originated in Washington DC. The domain it uses is "kiwibahk.com", registered through bookmyname.com, and I have sent a complaint to the registrar. Does anyone want a copy for reference? Lesley W
On 08/12/05, Lesley Walker
I've received a reasonably plausible-looking phish for Kiwibank, appears to have originated in Washington DC. The domain it uses is "kiwibahk.com", registered through bookmyname.com, and I have sent a complaint to the registrar.
http://www.nzherald.co.nz/section/story.cfm?c_id=5&ObjectID=10359020 Another internet banking scam is doing the rounds. This time Kiwibank customers are the target. Emails pretending to be from the bank were sent out early this morning. They contain a link to a site which looks official. -- Steven Heath +64 21 706-067 .nz news & views www.nznews.org.nz "America is the only nation in history which has gone directly from barbarism to degeneration without the usual interval of civilization." Georges Clemenceau
On Thu, 8 Dec 2005, Steven Heath wrote:
http://www.nzherald.co.nz/section/story.cfm?c_id=5&ObjectID=10359020
Another internet banking scam is doing the rounds.
This time Kiwibank customers are the target. Emails pretending to be from the bank were sent out early this morning. They contain a link to a site which looks official.
I note that the IPs ( 4 A records listed for www.thedomain.com [1] ) has changed at least twice this afternoon and appear to be hosted with Zombied machines. People who say we should just block the IPs please take note. Actually I just noticed that "www.kiwibank.com" is owned by somebody who is currently forwarding it to the real kiwibank site. Kiwibank have a note up: http://www.kiwibank.co.nz/news/security_notice.asp [1] - Domain not mentioned since some after filtering it. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
They shut down their whole Internet banking site because of a phishing email ! I would have thought that was somewhat of an over reaction. That would sure annoy me if I happened to be one of their customers. Simon Lyall wrote:
On Thu, 8 Dec 2005, Steven Heath wrote:
http://www.nzherald.co.nz/section/story.cfm?c_id=5&ObjectID=10359020
Another internet banking scam is doing the rounds.
This time Kiwibank customers are the target. Emails pretending to be from the bank were sent out early this morning. They contain a link to a site which looks official.
I note that the IPs ( 4 A records listed for www.thedomain.com [1] ) has changed at least twice this afternoon and appear to be hosted with Zombied machines. People who say we should just block the IPs please take note.
Actually I just noticed that "www.kiwibank.com" is owned by somebody who is currently forwarding it to the real kiwibank site.
Kiwibank have a note up:
http://www.kiwibank.co.nz/news/security_notice.asp
[1] - Domain not mentioned since some after filtering it.
No to mention the fact it does absolutely nothing to correct the actual problem. -- Andrew Tony Wicks wrote:
They shut down their whole Internet banking site because of a phishing email ! I would have thought that was somewhat of an over reaction. That would sure annoy me if I happened to be one of their customers.
On Thu, 08 Dec 2005 16:34, Tony Wicks wrote:
They shut down their whole Internet banking site because of a phishing email ! I would have thought that was somewhat of an over reaction. That would sure annoy me if I happened to be one of their customers. I agree, i thought it was somewhat of an over reaction. considering first reports of these emails was early this morning and they didnt take the banking down till mid afternoon or so.
And yes its really annoying, thank god for txt & phone banking :) Liz -- Cesarean Section: A historic district in Rome.
Well.. actually.. Kiwibank's internet banking seems to often be down during the afternoon (*mumble*). Are you guys sure they took it down specifically for that? or was it just (an annoying) coincidence? Then again, the fact that its down at all, regardless of the reason is pretty lame. Someone should take to the admins with a mallet or something.
On Thu, 08 Dec 2005 16:34, Tony Wicks wrote:
They shut down their whole Internet banking site because of a phishing email ! I would have thought that was somewhat of an over reaction. That would sure annoy me if I happened to be one of their customers. I agree, i thought it was somewhat of an over reaction. considering first reports of these emails was early this morning and they didnt take the banking down till mid afternoon or so.
And yes its really annoying, thank god for txt & phone banking :)
Liz
-- Cesarean Section: A historic district in Rome.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Jeremy Brake said:
Well.. actually.. Kiwibank's internet banking seems to often be down during the afternoon (*mumble*). Are you guys sure they took it down specifically for that? or was it just (an annoying) coincidence? Then again, the fact that its down at all, regardless of the reason is pretty lame. Someone should take to the admins with a mallet or something.
No, they took it down on purpose. The NBR has published a very detailed article on the event. From http://www.nbr.co.nz/home/column_article.asp?id=13760&cid=3&cname=Technology [url may wrap] : "This afternoon it became apparent about five customers may have followed the instructions from the scam and compromised their bank account details "Kiwibank is working directly with those known to have been affected and this afternoon shut down its Internet bank transaction site as a precaution. and you've really got to wonder why. The phishers could surely save the passwords and use them when the site comes up, so the bank annoyed their customers and has potentially given people the impression that the phishers/hackers had managed to take the site down. Maybe temporarily blocking access from international IP addresses would have been a better solution. -- Kerry Thompson, CCNA CISSP http://www.crypt.gen.nz
Kerry Thompson wrote:
Maybe temporarily blocking access from international IP addresses would have been a better solution.
you seem to be assuming that the phishers are not based in NZ or have no links in NZ. I mean all they'de have to do is email the details to an NZ counterpart, or use a zombie(with proxy of some sort) based in NZ to get around it.
On 9 Dec 2005, at 9:27 AM, Kerry Thompson wrote:
"This afternoon it became apparent about five customers may have followed the instructions from the scam and compromised their bank account details
"Kiwibank is working directly with those known to have been affected and this afternoon shut down its Internet bank transaction site as a precaution.
and you've really got to wonder why. The phishers could surely save the passwords and use them when the site comes up,
Why? Bank discovers some customers have handed out their details to the phishers. Bank says "Hrm, some customers have given out their login details. We're not quite sure which customers, but we're know some have. How about we turn off the site so that aforementioned customers don't lose money, even if it inconveniences many customers in the short term, it could prevent us from being ripped off." So, now no one can login, bank finds out who's handed out their details, probably by sheepish customers calling and saying "My bad". Aforementioned customers' login details get changed. Bank turns site back on. Later, the phishers say "Ooh look, phished details! Ima be rich!" They try to login. Oh dear, the details have been changed. No more money for the phishers. _That_, is why. OK, so maybe if the bank knew immediately WHO had been affected, they could just turn off individual accounts, but I'd hazard a guess that this wasn't the case. Is it too early for a beer? Cheers Michael
Tony Wicks wrote:
They shut down their whole Internet banking site because of a phishing email ! I would have thought that was somewhat of an over reaction. That would sure annoy me if I happened to be one of their customers.
They're a bank so they're a conservative organisation and their logic will be based around possible press headlines: Bank shuts down Internet access to protect customers or Bank adopts cavalier attitude to customers money If you were in their shoes which one would you chose? It would be good if these phishing discussions focussed on technical aspects of what can be done by people on this list once the list knows about the latest scam. The banks I suspect will make their own decisions without seeking advice here.
participants (11)
-
Andrew Redgwell -
Andy Linton -
Dave - Dave.net.nz -
Jeremy Brake -
Kerry Thompson -
Lesley Walker -
Liz -
Michael Jager -
Simon Lyall -
Steven Heath -
Tony Wicks