[vox-tech] one of the most pernicious spams i've ever seen.
Micah J. Cowan
vox-tech@lists.lugod.org
Thu, 25 Sep 2003 08:37:27 -0700
On Thu, Sep 25, 2003 at 06:30:32AM -0700, p@dirac.org wrote:
> on one hand, a bank *NEVER* asks you for your PIN. even in person when
> you're at the bank. So they certainly wouldn't ask you for a PIN over
> the net.
My bank (Wells Fargo) does over the phone (automated); I'm also
requested to enter it sometimes on a keypad in person (they would
never ask for me to pronounce it, of course), so I wouldn't have been
too surprised.
> my question is -- how is this done? how does this URL:
>
> http://www.citibank.com:ac=VybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSeM.NeT/3/?IYTEw
> 4eVTtbH1w6CpDrT
Not a citibank.com URL, it's a pisem.net URL. Look more closely
(haven't read any of the other responses yet, but I'm sure I'm not the
first to point this out). Pretty sneaky, huh?
> bring up citibank.com's webpage and then another page with the
> account/PIN grabber? i've never seen anything like this before.
Not sure how that's done, but I'm pretty sure that if you completely
restart your browser it won't happen.
-Micah