Victor's Blog about the Web, Security and Life

The web for me is a hobby where standards and best practices are daily bread. Security is a concern that everybody must be aware of its details for IT in general, and the web in particular, to be a safer place. My life, on the other hand, is that of a regular Lebanese citizen where politics and social issues are discussed on a daily basis. I hope you enjoy reading my blog and make sure to drop me a comment about any topic you find interesting.

A Nice Try Dangerous for Security Beginners!

Printable Version

victor | 01 December, 2005 10:48

Many emails are sent daily claiming that a certain website is another website. This usually occurs the most with Paypal.com (a website that I sometimes use to accept payments). Intruders will send emails holding Paypal logos asking users to verify their account. The link (a normal HTML link) shows paypal.com as the destination while, in fact, they are being redirected to another website with the word paypal in it somewhere. This is a normal thing by now and many advisories were issued out asking people not to trust such emails.

Today, however, an interesting attempt was made from another website called www.usaa.com. This attempt was different in its approach to provide trust to the user. How?The email that I received claimed that a payment was held because my identity was not verified. Then, they asked me to click on their link:
https://www.usaa.com/ The link and the underlying link were the same: first trust impression passed.

When I clicked on the link, a corporate website appeared. The page is asking me to login using my username and password. If I don't remember my account, I must use my Social Security Number. The website is also Verisign Verified with the Verisign logo at the bottom of the page.

I clicked on the logo (and it is clickable), nothing happened. Hmmmm Let's take a look at the link that the logo is pointing to:
javascript:popUp('https://digitalid.verisign.com/as2/ddd50ed4782b078aff907597ba4833b7')

This looks like a javascript popup leading to digital.verisign.com. It must be that my Popup blocker blocked it.

Well, I should trust it (as a first impression) and move forward with my Social Security Number. This is where the trust was almost accomplished and for, beginners, it will be OK to fill in their SSN.

If, however, we strip off the Verisign Link and check it out:
https://digitalid.verisign.com/as2/ddd50ed4782b078aff907597ba4833b7

You will notice that the certification belongs to SOUTHTRUSTONLINEBANKING.COM and it has already expired. I found this try a nice one since it was designed so well to try to provide the maximum possible trust level by Fraud websites and malicious users.

Nice Try! If you are reading this article, then you would better be carefull not to actually provide your SSN.


Security | Next | Previous | Comments (1) | Trackbacks (0)

Related Articles:

Comments

Updated Website

Victor | 02/12/2005, 07:20

It seems that this post or somebody else's email scared www.usaa.com and now the Verisign seal is removed.

Add comment
 
Accessible and Valid XHTML 1.0 Strict and CSS