It has become a trend with the 4 phase phish :
- Identify a target
- Attack the site
- Upload phishing page
- Email and Harvest
Well from the previous post we identified some flaws in the phishing attack but that’s 2014. It gets worse when phishers become this uncreative. The uncreativity was an attempt in one of the OWASP mailing lists, and seriously, OWASP , a little bit of effort is required to harvest people here but this phisher has none.
So the phisher attacked a wordpress site and worked his way to phase 3. View it here if it hasn’t been removed, or see the screenshot below:
Now from the above well all I can add is:
- Spelling is key: – it’s confirm not comfirm
- I will not give google the last 2 fields if I am logging in from the same location. Plus I don’t log in with all those it’s multifaced if I need to provide my alternate email and phone number I’d have to login first
- Yahoo and AOL and “OTHERS” <-Seriously powered not by google
- The UI , well I think you can just visit your Gmail Login to see how Idiot proof it is compared to this.
- The submit button caption 😀 < well lets not go there.
Anyway Phase 4 -dada dada!!!!! Lets see the smart email from :
“Email Admin” <frankbeverly@ymail.com> a.k.a “King Phisher”
I sincereley hope that this is not the best we getting for 2015.