That's really cunning...anyone investigation wouldn't see anything unless they were using the victim's computer/IP.
You're not cool enough for some malware
As part of a review of phishing in 2012, RSA has outlined how phishers are now using “whitelists” to narrow down their attacks. In what the company calls “bouncer list” phishing, RSA writes that attackers are now using “black hat whitelists”. Only those on the target list will see the malware page crafted by the attackers ( …
-
Friday 18th January 2013 03:27 GMT John Tserkezis
That explains why I've been seeing a clear drop in quality of email malware coming in over the past few years.
Not only can they no longer spell correctly, they don't even bother with correct formatting - both with the fake HTML email pages and the text-only equivalent.
Heck, many don't even bother obscuring the target malware links within html so they would "look" right on the mail client page... Even the ones that take to you pwned websites don't have web pages that look like the bank they're supposed to emulate.
Worst of all, THOSE are the ones that we're warned about in media here in australia.
(shakes head) they just don't put any effort into it anymore...
-
Friday 18th January 2013 09:00 GMT auburnman
I don't know, I've been seeing some really well formatted and worded phishing emails of late pretending to be Paypal; the only clues were the lack of use of my name and the attempt to get me to click on a link in the email. It was worryingly convincing enough that I thought I could have fallen for it if I'd been sleepy or having an off day. It makes me concerned that the amount of less aware tech users amongst us being scammed could increase.
-
-
Friday 18th January 2013 05:24 GMT Franklin
Yep, I've seen these.
I've also seen the malware pages check the browser user-agent to make sure it's a vulnerable browser and/or the targeted platform.
Visit the site without the validation string that's included in the email link, you see a 404. Visit the site with your browser user-agent set to, say, Linux Firefox, you see a 404. Visit the site with the correct validation string and your browser user-agent set to IE 7, you get a drive-by download attempt.