A real web designer....

I

Ipwn 4

Expert Member
Joined
Nov 6, 2010
Messages
1,937
Reaction score
226
Pity this d00$ isn't using his talents. Check this replica of absa's website, it's pretty much identical...

THIS IS A FAKE SITE, DON'T ENTER YOUR DETAILS

What scares me is that I entered fake details all the way but got to a point where this site required me to enter a OTP, how messed up is that the fake sites even now have OTP's that are SMS'ed....

They can try all they will but the old school method of checking the URL remains your best protection agains phishing...
 
It is not a "designer" - anyone can steal the code and images that make up the legit site, in order to fake it.
 
Ipwn 4 said:
Pity this d00$ isn't using his talents. Check this replica of absa's website, it's pretty much identical...

THIS IS A FAKE SITE, DON'T ENTER YOUR DETAILS

What scares me is that I entered fake details all the way but got to a point where this site required me to enter a OTP, how messed up is that the fake sites even now have OTP's that are SMS'ed....

They can try all they will but the old school method of checking the URL remains your best protection agains phishing...
Click to expand...

Holy smokes. Luckily Chrome detected it as a phishing site.
 
Ipwn 4 said:
Pity this d00$ isn't using his talents. Check this replica of absa's website, it's pretty much identical...

THIS IS A FAKE SITE, DON'T ENTER YOUR DETAILS

What scares me is that I entered fake details all the way but got to a point where this site required me to enter a OTP, how messed up is that the fake sites even now have OTP's that are SMS'ed....

They can try all they will but the old school method of checking the URL remains your best protection agains phishing...
Click to expand...


You will be amazed at how many people they catch out with this trick
 
byron_spy said:
You will be amazed at how many people they catch out with this trick
Click to expand...

They will most probably, just thought its a pretty good replica... Absa are such noobs, sent them a mail informing them of the site and that they should maybe do something about it and the best they do is send me a mail back stating that the email doesn't come from them and they are looking into the origin of the mail.... I noticed quite a few links to absa an this site, wonder if someone actually analyzes their stats and picks up that there are sites like this out there?

New note to self : ignore any and all contact from banks! Banks don't ever send links...
 
Ipwn 4 said:
They will most probably, just thought its a pretty good replica... Absa are such noobs, sent them a mail informing them of the site and that they should maybe do something about it and the best they do is send me a mail back stating that the email doesn't come from them and they are looking into the origin of the mail.... I noticed quite a few links to absa an this site, wonder if someone actually analyzes their stats and picks up that there are sites like this out there?

New note to self : ignore any and all contact from banks! Banks don't ever send links...
Click to expand...

There isn't much they can do beside put a warning up on the real absa page ..

.. which doesn't help if you're on your way to the spoofed one ;)
 
Shocking! One of my rules, if ANY site ever wants a username or password I make sure the domain is 100%. Not even something like fnb.myowndomain.co.za. Gotta be very careful!
 
rward said:
There isn't much they can do beside put a warning up on the real absa page ..

.. which doesn't help if you're on your way to the spoofed one ;)
Click to expand...

Haha the fake one has a warning though....:whistle:

I got the link in an email, was on my iPad so the stupid thing didn't give the full email address, only said absa support... The formatting gave it away though(no automated system I've ever seen highlights lnks). Also no reference number and the date on the email is next week. Like mcryan said, the best bet is to be 100% sure of the domain name
 
rward said:
There isn't much they can do beside put a warning up on the real absa page ..

.. which doesn't help if you're on your way to the spoofed one ;)
Click to expand...

I don't know about South African banks, but USA banks send DCMA notices to the datacenter to take down the website, or take down the server hosting it. And many USA based DC's follow through within 24hours. That website is in Brazil so I'm not sure how much we (South African law enforcement) can do, but I'm pretty sure something can be done to get the server owner or datacenter to take it down. 90% of the time someone's hacked into someone else's website and uploaded the phishing site without the owner even being aware of it.
 
According to Flag for Chrome, the site is based in Montreal, Canada, 174.142.82.10. Probably a hosting service. The most Absa can do is contact them and ask them to take down that site. +1 to Chrome for immediately blocking it as a suspected phishing site!
 
Ipwn 4 said:
What scares me is that I entered fake details all the way but got to a point where this site required me to enter a OTP, how messed up is that the fake sites even now have OTP's that are SMS'ed....
Click to expand...

I suspect they interact with the ABSA site while you interact with their fake site. The OTP you get is actually triggered by them logging into your account. Once you give this to them they can transact.
 
Scary, scared to even look at it. Easy to replicate sites though. Just go to one, right click, view source then paste it onto notepad. Absa should be able to see their images and files being pulled from these dodgy sites though. Normal hotlinking would just pull one not an entire bumch of images
 
This is the thing its so easy to copy source now

Even while disable right click on a website, you still have short cuts that can view source

These scammers will always find a way so scary, read the weekend about the false otp they sending out and then requesting the users cell data
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X