Be on your guard, the phishing attacks are coming from every vector nowadays. The other night I received this SMS on my cell phone at about 3:30am.
Obviously a fake login site, in this case we can tell from looking at the domain name itself that it was registered for the explicit purpose of setting up the phishing site (target, TD Bank) – as opposed to a legitimate site being compromised and having the phish kit installed on it.
As I write this the DNS on this domain has been taken down, the whois info is certainly bogus (likely, as we observed in our comments on ICANN’s intent to gut whois privacy culled from, or a mashup of, previous victims’ contact info).
I just found it interesting to receive a multi-pronged phishing attempt – the hook is cast via SMS to your cell phone, hoping you’ll login via the website. Perhaps in light of the recent release of Hacking Team’s stash of 0-day exploits, and given that the phishing hook was aimed at mobile devices, perhaps this was an attempt to compromise vulnerable Android and Windoze devices as well.
Leave a Reply