Go Back   Great Lakes 4x4. The largest offroad forum in the Midwest > General 4x4 Stuff > The Pub
GL4x4 Live! GL4x4 Casino

The Pub A friendly forum where everybody is nice, and will answer any questions you have about life.







Search
Reply
 
Thread Tools
Old January 15th, 2008, 04:54 PM   #1
clarkstoncracker
lol
 
clarkstoncracker's Avatar
 
Join Date: 11-03-05
Location: OC - MI
Posts: 42,018
iTrader: (39)
Send a message via AIM to clarkstoncracker
Wow, this is scary. Chase Bank Online Scam with user profile.

I'm not an idiot. Well, mostly not an idiot, but I almost got scammed.

I go to login to my chase account from my laptop at home using internet explorer to transfer some funds. I go to chase.com, I enter my log in information, and it forwards me to a page I've never seen. Asking me to verify every single personal number imaginable.

I was pissed, because I didn't have my routing number, so I went up stairs to grab my checkbook, and I get back to the computer. I accidentally closed the wrong window in IE.

I load up firefox, I go to chase.com and I login, and presto, I'm in.

So now I'm confused, why did chase want to verify my info, and now they don't care?

I open up IE, and login.. Same "update profile" page.

The page asking for information is a fraud! I know this, because I called chase, and they said they have never heard of this, and they NEVER ask for this kind of information. long conversation short, they froze all of my chase accounts while I get new accounts setup.

Both my desktop and laptop go to this page while using internet explorer. I have searched EVERYWHERE for info on this, and I can't find anything.

I run up to the minute virus protection, I have both a hardware firewall, as well as xp's firewall (on the laptop) and vista's firewall (on the desktop).

I have ran ad-aware, as well as hijackthis, and everything comes back clean.

What the hell is going on here? And how are the scammers pulling this off?

the "phishing" web address is:

h ttps://chaseonline.chase.com/online/AgentFCCServlet (edited to make it non clickable)


I will attach screen shots as well as the page source in a txt file!

click to make screenshots larger.






be careful, and can somebody loan me a hundred bucks until my accounts are back open?
Attached Files
File Type: txt chasescam.txt (90.4 KB, 63 views)
__________________

Last edited by clarkstoncracker; January 15th, 2008 at 05:02 PM.
clarkstoncracker is offline   Reply With Quote
Old January 15th, 2008, 05:01 PM   #2
DetR6oit
Senior Member
 
Join Date: 11-16-05
Location: Detroit
Posts: 654
iTrader: (2)
never seen that but I always use firefox thanks for the heads up though
DetR6oit is offline   Reply With Quote
Old January 15th, 2008, 05:02 PM   #3
deuce228
Redneck Poser
 
deuce228's Avatar
 
Join Date: 11-07-05
Location: West Branch, MI
Posts: 7,971
iTrader: (8)
Why would a firefox promoter such as yourself be using I.E?
deuce228 is offline   Reply With Quote
Old January 15th, 2008, 05:03 PM   #4
87'YJ
Jeeps, Journey and Jesus
 
87'YJ's Avatar
 
Join Date: 11-07-05
Location: Columbus
Posts: 1,651
iTrader: (2)
Scary as hell
87'YJ is offline   Reply With Quote
Old January 15th, 2008, 05:04 PM   #5
Smiley
Senior Member
 
Smiley's Avatar
 
Join Date: 12-26-05
Location: Byron Center
Posts: 789
iTrader: (1)
There are trojans that can change your dns server to use a fake one as a proxy, so it sends you to false websites.

You have an infection. Remove the drives from the systems and then scan those hard drives for viruses / trojans with another clean system.
Smiley is offline   Reply With Quote
Old January 15th, 2008, 05:05 PM   #6
clarkstoncracker
lol
 
clarkstoncracker's Avatar
 
Join Date: 11-03-05
Location: OC - MI
Posts: 42,018
iTrader: (39)
Send a message via AIM to clarkstoncracker
Quote:
Originally Posted by deuce228 View Post
Why would a firefox promoter such as yourself be using I.E?
I use the alexa toolbar in IE sometimes.. When I'm trying to find websites like other sites. Its an absolute fluke I tried logging in with IE.

I don't even have a bookmark in IE.. And I didn't want to gum up firefox with the alexa toolbar.
__________________
clarkstoncracker is offline   Reply With Quote
Old January 15th, 2008, 05:06 PM   #7
mideerslayer
NEVER GIVE UP!
 
mideerslayer's Avatar
 
Join Date: 04-27-06
Location: Clinton Township
Posts: 3,797
iTrader: (28)
Quote:
Originally Posted by clarkstoncracker View Post
I'm an idiot. Well, mostly an idiot, but I almost got scammed.



be careful, and can somebody loan me a hundred bucks until my accounts are back open?
I have $10 I can loan you :tonka:
mideerslayer is offline   Reply With Quote
Old January 15th, 2008, 05:52 PM   #8
mpwal099
Stick it up your ass
 
mpwal099's Avatar
 
Join Date: 03-05-06
Location: Plymouth
Posts: 3,070
iTrader: (11)
That's effed up for sure. I just tried logging in to ours using IE for shits and giggles and was able to get in just fine.
__________________
Quote:
Originally Posted by Stan View Post
I feel, for the most part, we have a whole generation of worthless, lazy, pieces of shit.
Quote:
Originally Posted by Fatty Matty View Post
A good chunk of the younger generation is really fucked up. Not all of them, but a good amount.
mpwal099 is offline   Reply With Quote
Old January 15th, 2008, 06:01 PM   #9
Monkeyevil
I <3 Miatas
 
Monkeyevil's Avatar
 
Join Date: 11-05-05
Location: Kalamazoo, MI
Posts: 8,982
iTrader: (16)
Send a message via AIM to Monkeyevil
Check your host file.

c:\winnt\system32\drivers\etc\hosts
__________________
JcrOffroad
Zoom Zoom!
Monkeyevil is offline   Reply With Quote
Old January 15th, 2008, 07:26 PM   #10
Romey
Senior Member
 
Romey's Avatar
 
Join Date: 11-05-05
Location: Waterford MI
Posts: 1,957
iTrader: (1)
Quote:
Originally Posted by Monkeyevil View Post
Check your host file.

c:\winnt\system32\drivers\etc\hosts
That would cause the same problem with firefox.
Romey is offline   Reply With Quote
Old January 15th, 2008, 07:38 PM   #11
JEEPR
Playing Possum
 
JEEPR's Avatar
 
Join Date: 11-05-05
Location: Harrison Township
Posts: 6,743
iTrader: (9)
Huh.. That's weird. How can they do that? It would seem like it has to be something on your computer.

Is it a non-secure web site?
JEEPR is offline   Reply With Quote
Old January 15th, 2008, 07:43 PM   #12
clarkstoncracker
lol
 
clarkstoncracker's Avatar
 
Join Date: 11-03-05
Location: OC - MI
Posts: 42,018
iTrader: (39)
Send a message via AIM to clarkstoncracker
Quote:
Originally Posted by Monkeyevil View Post
Check your host file.

c:\winnt\system32\drivers\etc\hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
__________________
clarkstoncracker is offline   Reply With Quote
Old January 15th, 2008, 08:03 PM   #13
Smiley23
Senior Member
 
Smiley23's Avatar
 
Join Date: 07-21-07
Location: MI
Posts: 2,153
iTrader: (3)
FYI - Phish:

Same code Kelly posted:

http://www.castlecops.com/modules.ph...&id=90088&in=1
Smiley23 is offline   Reply With Quote
Old January 15th, 2008, 08:27 PM   #14
techman
Senior Member
 
Join Date: 09-04-06
Location: SE MI
Posts: 686
iTrader: (7)
Quote:
Originally Posted by Smiley23 View Post
FYI - Phish:

Same code Kelly posted:

http://www.castlecops.com/modules.ph...&id=90088&in=1
My security guy sent out an email earlier today about a trojan hijack

Trojan.Silentbanker (aka Spy-Agent.cm) was first discovered on January 14th, 2008. Protection against this Trojan was added to the HFHS system on January 15th at 12:13PM (dat file # 5208).


Another new Trojan intercepts online banking information
Brad Reed

January 14, 2008 (Network World) A new Trojan program is targeting unwitting users' bank data by intercepting account information before it is encrypted and sending it to an attacker's central database.

The Trojan, dubbed Trojan.Silentbanker by security software company Symantec, can intercept online banking transactions that normally are well guarded by two-factor authentication procedures. During a banking transaction, Silentbanker will change the user's bank account details over to the attacker's account, all the while mimicking what the user would expect to see from a typical banking transaction. Because users have no idea their account data has been changed, they then unknowingly send money to the attacker's account after entering their second authentication password.

Although the Trojan.Silentbanker is listed by Symantec as having a low level of distribution and being easy to remove from infected machines, Symantec security response team member Liam O'Murchu says it still poses a danger because of its ability to work without users detecting it.

"The scale and sophistication of this emerging banking Trojan is worrying, even for someone who sees banking Trojans on a daily basis," writes O'Murchu on Symantec's security response blog. "This Trojan downloads a configuration file that contains the domain names of over 400 banks. Not only are the usual large American banks targeted but banks in many other countries are also targeted, including France, Spain, Ireland, the UK, Finland, Turkey -- the list goes on."

The Trojan can be "downloaded or delivered silently through Web exploits," according to Symantec. Once it has been loaded to a machine, it can hook onto various APIs in both Internet Explorer and Firefox. As soon as the program is in place on a Web browser, it is free to cause all kinds of mischief, including redirecting legitimate banking requests to attacker-controlled computers; altering the HTML of pages shown to the user; and recording user names and passwords, as well as capturing screenshots of any Web pages the user visits.

Additionally, says O'Murchu, the Trojan can constantly update itself, as it relays URLs and HTML from banking Web sites to the attackers on a daily basis. "Using these submissions they can target banks for which they do not have bank accounts already," he says. "We are currently monitoring all of the updates to this Trojan."

Symantec recommends users take several steps to guard themselves against this Trojan, including disabling system restore before getting rid of the virus, to ensure the system doesn't inadvertently back up a copy of the Trojan software; making sure all virus definitions are updated on their antivirus software; running a full virus scan of their machines; and finally, deleting the value from their registry.

The Silentbanker Trojan is not the first Trojan aimed at attacking bank accounts in recent weeks. Late last year, for instance, security firm SecureWorks discovered a botnet-controlled Trojan called the "Prg Banking Trojan" that is believed to have affected customers from more than a dozen banks in the United States, the United Kingdom, Italy and Spain.
techman is offline   Reply With Quote
Reply
Great Lakes 4x4. The largest offroad forum in the Midwest > General 4x4 Stuff > The Pub
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 04:55 AM.


Powered by: vBulletin, Copyright 2000 - 2012, Jelsoft Enterprises Ltd.
Copyright 2005 - 2012 Cracker Enterprises - Powered by Linux
vB Ad Management by =RedTyger=
Page generated in 0.16153 seconds with 39 queries