An inquisitive mind will always wonder what is going on in the background. Well today I was going through my spam folder and open the first Nationwide Phishing attempt in the pile, most recent too. After following the link http://www.nationwideuser.co.uk/redirect.html it redirected me to another link http://jaki-dacosta.co.uk/olb2.nationet.com/index.html. (WARNING: PLEASE DO NOT USE THESE LINKS IF YOU ARE NOT SURE OF THEIR INTENT. THERE ARE NO ACTUAL BANK LINKS HERE, THESE ARE MALICIOUS PHISHING WEBPAGES)
To someone who is used to Phishing attempts their first reaction would be to report the whole URL and go on with work as usual. The interesting thing about this webpage is that it is a user’s webpage http://jaki-dacosta.co.uk I guess owned by Jaki DaCosta.
In order to verify this I conducted a simple DNS query (WHOIS) at www.dnsstuff.com and the results for jaki-dacosta.co.uk:
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.
Pipex Communications UK Ltd t/a 123-Reg.co.uk [Tag = 123-REG]
Registered on: 07-Nov-2005
Renewal date: 07-Nov-2007
and for nationwideuser.co.uk
po box 5058
Claranet Limited [Tag = CLARANET]
Registered on: 28-Jul-2006
Renewal date: 28-Jul-2008
Registration request being processed.
The Phishing address was registered recently (i.e. 28-Jul-2006) where by Jaki DaCosta’s webpage has been registered slightly longer (i.e. 07-Nov-2005).
All this analysis is nothing new and anyone can think of it and do checks. On the other hand what I do want to point out is that a victim, if I may categorise it as that, has had her webserver being used to host a Phishing website – look at the redirected URL, the Phishing webpage is in a subfolder. If the Phishing filters are put it to action by the different vendors in the market then this webserver will not be accessible to the public or it will be flagged as a Phishing site, which it might not be.
An ending note to all this, we keep seen more and more sophisticated attacks. I believe that just throwing more technological solutions will not solve the problem with Phishing, what is required is public awareness.
Jaki DaCosta – http://jaki-dacosta.co.uk
DNS Stuff – www.dnsstuff.com