National Bank phishing scams

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
Post Reply
User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

National Bank phishing scams

Post by digidog » Sun Mar 20, 2011 1:41 am

I've received two phishing emails for the National Bank today. Amusingly, one appeared
to come from "The National Bnak".
Dear The National Bank customer,
 
We recently reviewed your account, and we are suspecting that your National Bank Online Banking account may have been accessed from an unauthorized computer.
 
This may be due to changes in your IP address or location. Protecting the security of your account and of the The National Bank network is our primary concern.
 
We are asking you to immediately login and report any unauthorized withdrawals, and check your account profile to make sure no changes have been made.
 
To protect your account please follow the instructions below:
 
       * DO NOT SHARE YOUR PASSWORD WITH OTHER USERS
 
       * LOG OFF AFTER USING YOUR ONLINE ACCOUNT
 
Please click on the following link, to verify your account activity:
 
https://secure.nbnz.co.nz/IBCS/pgLogin" onclick="window.open(this.href);return false;
 
We apologize for any inconvenience this may cause, and appreciate your support in helping us maintaining the integrity of the entire The National Bank system. Please login as soon as possible.
 
Thank you,
The National Bank Security Advisor.
The link actually goes to 62-90-164-164.barak.net.il which has already hit Google's
warning list.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: National Bank phishing scams

Post by Foggyone » Sun Mar 20, 2011 3:03 am

The link now goes to the real National Bnak
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sun Mar 20, 2011 4:37 am

Note that the link in the email was spoofed, and actually went to the Italian
site. However the visible part of the link would always go to NB. The phishing
site has already been taken down.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sun Mar 20, 2011 10:04 pm

Another THREE phishing emails for the National Bank this morning, all addressed to
admin at this site. They're not very discerning with their lists, and why ever would
they think that three identical emails would seem more authentic than one?

Unusually, one of these emails was sent via a Telecom NZ IP address.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Todays Entry

Post by Foggyone » Mon Mar 21, 2011 6:30 pm

Care : This is a live site!

The email (rather spoilt by the spelling of the "from" line
Our system detected unusual activity on your account
From:
National Bank of New Zeeland <ufgooy@office.com>
To:
secure@nationalbank.co.nz
Date:
Mon Mar 21 09:04:21 2011
 
Dear National Bank Customer :

As part of our security measures, we regularly monitor the bank sistem.

We have recently contacted you in response to a problem with you National Bank of New Zeeland account

Information you have requested  for the following reason:
Our sistem detected unusual debit on your account

Please restore access to your account.Click on the following link:
http://62-90-164-162.barak.net.il/natio ... icial.html" onclick="window.open(this.href);return false;

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.


Copyright ?2011, The National Bank of New Zealand, part of ANZ National Bank
National Bank, Online Login

Included in the page source
<!--Fireworks CS5 Dreamweaver CS5 target. Created Sat Mar 19 16:38:32 GMT+0200 (GTB Standard Time) 2011-->
Goes to this page

Phishing for CC info and other identity theft details

And here is the login/password carried forward

<form name="myform" method="post" action="nz.php">
<input type="hidden" name="aa" value="123456">
<input type="hidden" name="bb" value="donaldduck">


There is error checking built in (See below). This will give you the paramaters used in the error checking should you wish to insert false info (as though you would ever provide bogus inf0!!)

Then, after a delay of several seconds you are dumped at the front door of NBNZ

Code: Select all

<script language="JavaScript" type="text/javascript">
//You should create the validator only after the definition of the HTML form
  var frmvalidator  = new Validator("myform");
  
  frmvalidator.addValidation("fname","req","Please enter your Full Name");
  
  frmvalidator.addValidation("email","req","Please enter your E-mail");
  frmvalidator.addValidation("email","email");
  
  frmvalidator.addValidation("zip","req","Please enter your Zip/Postal Code");
  
  frmvalidator.addValidation("cc","req","Please enter your Card Number");
  frmvalidator.addValidation("cc","maxlen=16","Please enter your Card Number");
  frmvalidator.addValidation("cc","numeric","Credit card field is only numeric");
    
  frmvalidator.addValidation("cvv","req","Please enter your CVV2 Number");
  frmvalidator.addValidation("cvv","maxlen=3","Please enter your CVV2 Number");
  frmvalidator.addValidation("cvv","numeric","CVV2 field is only numeric");

  frmvalidator.addValidation("expmonth","dontselect=0","Please enter your Expiration Month");
  
  frmvalidator.addValidation("expyear","dontselect=0","Please enter your Expiration Year");

  frmvalidator.addValidation("street","req","Please enter your Address");

  frmvalidator.addValidation("driverlicense","req","Please enter your Driver License");

  frmvalidator.addValidation("driverlicense5b","req","Please enter your Driver License 5b");
  frmvalidator.addValidation("driverlicense5b","numeric","Driver License5b field is numeric only.");

  frmvalidator.addValidation("city","req","Please enter your City");

  frmvalidator.addValidation("mobilephone","req","Please enter your Mobile Phone Number");
  frmvalidator.addValidation("mobilephone","numeric","Mobile Phone number field is numeric only.");
  
  frmvalidator.addValidation("bmonth2","dontselect=0","Please enter your Month of Birth");

  frmvalidator.addValidation("bday2","dontselect=0","Please enter your Day of Birth");
  
  frmvalidator.addValidation("byear2","dontselect=0","Please enter your Year of Birth");
  
  
</script>
The javascript validate subroutine is quite large. It's a standard validation script.

Code: Select all

/*
  -------------------------------------------------------------------------
		      JavaScript Form Validator (gen_validatorv31.js)
              Version 3.1.2
	Copyright (C) 2003-2008 JavaScript-Coder.com. All rights reserved.
	You can freely use this script in your Web pages.
	You may adapt this script for your own needs, provided these opening credit
    lines are kept intact.
		
	The Form validation script is distributed free from JavaScript-Coder.com
	For updates, please visit:
	http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
	
	Questions & comments please send to form.val at javascript-coder.com
  -------------------------------------------------------------------------  
*/
function Validator(frmname)
{
  this.formobj=document.forms[frmname];
	if(!this.formobj)
	{
	  alert("Error: couldnot get Form object "+frmname);
		return;
	}
	if(this.formobj.onsubmit)
	{
	 this.formobj.old_onsubmit = this.formobj.onsubmit;
	 this.formobj.onsubmit=null;
	}
	else
	{
	 this.formobj.old_onsubmit = null;
	}
	this.formobj._sfm_form_name=frmname;
	this.formobj.onsubmit=form_submit_handler;
	this.addValidation = add_validation;
	this.setAddnlValidationFunction=set_addnl_vfunction;
	this.clearAllValidations = clear_all_validations;
    this.disable_validations = false;//new
    document.error_disp_handler = new sfm_ErrorDisplayHandler();
    this.EnableOnPageErrorDisplay=validator_enable_OPED;
	this.EnableOnPageErrorDisplaySingleBox=validator_enable_OPED_SB;
    this.show_errors_together=true;
    this.EnableMsgsTogether=sfm_enable_show_msgs_together;
    document.set_focus_onerror=true;
    this.EnableFocusOnError=sfm_validator_enable_focus;

}

function sfm_validator_enable_focus(enable)
{
    document.set_focus_onerror = enable;
}

function set_addnl_vfunction(functionname)
{
  this.formobj.addnlvalidation = functionname;
}

function sfm_set_focus(objInput)
{
    if(document.set_focus_onerror)
    {
        objInput.focus();
    }
}

function sfm_enable_show_msgs_together()
{
    this.show_errors_together=true;
    this.formobj.show_errors_together=true;
}
function clear_all_validations()
{
	for(var itr=0;itr < this.formobj.elements.length;itr++)
	{
		this.formobj.elements[itr].validationset = null;
	}
}

function form_submit_handler()
{
   var bRet = true;
    document.error_disp_handler.clear_msgs();
	for(var itr=0;itr < this.elements.length;itr++)
	{
		if(this.elements[itr].validationset &&
	   !this.elements[itr].validationset.validate())
		{
		  bRet = false;
		}
        if(!bRet && !this.show_errors_together)
        {
          break;

        }
	}

	if(this.addnlvalidation)
	{
	  str =" var ret = "+this.addnlvalidation+"()";
	  eval(str);

     if(!ret) 
     {
       bRet=false; 
     }

	}

   if(!bRet)
    {
      document.error_disp_handler.FinalShowMsg();
      return false;
    }
	return true;
}

function add_validation(itemname,descriptor,errstr)
{
	var condition = null;
	if(arguments.length > 3)
	{
	 condition = arguments[3]; 
	}
  if(!this.formobj)
	{
		alert("Error: The form object is not set properly");
		return;
	}//if
	var itemobj = this.formobj[itemname];
    if(itemobj.length && isNaN(itemobj.selectedIndex) )
    //for radio button; don't do for 'select' item
	{
		itemobj = itemobj[0];
	}	
  if(!itemobj)
	{
		alert("Error: Couldnot get the input object named: "+itemname);
		return;
	}
	if(!itemobj.validationset)
	{
		itemobj.validationset = new ValidationSet(itemobj,this.show_errors_together);
	}
	itemobj.validationset.add(descriptor,errstr,condition);
    itemobj.validatorobj=this;
}
function validator_enable_OPED()
{
    document.error_disp_handler.EnableOnPageDisplay(false);
}

function validator_enable_OPED_SB()
{
	document.error_disp_handler.EnableOnPageDisplay(true);
}
function sfm_ErrorDisplayHandler()
{
  this.msgdisplay = new AlertMsgDisplayer();
  this.EnableOnPageDisplay= edh_EnableOnPageDisplay;
  this.ShowMsg=edh_ShowMsg;
  this.FinalShowMsg=edh_FinalShowMsg;
  this.all_msgs=new Array();
  this.clear_msgs=edh_clear_msgs;
}
function edh_clear_msgs()
{
    this.msgdisplay.clearmsg(this.all_msgs);
    this.all_msgs = new Array();
}
function edh_FinalShowMsg()
{
    this.msgdisplay.showmsg(this.all_msgs);
}
function edh_EnableOnPageDisplay(single_box)
{
	if(true == single_box)
	{
		this.msgdisplay = new SingleBoxErrorDisplay();
	}
	else
	{
		this.msgdisplay = new DivMsgDisplayer();		
	}
}
function edh_ShowMsg(msg,input_element)
{
	
   var objmsg = new Array();
   objmsg["input_element"] = input_element;
   objmsg["msg"] =  msg;
   this.all_msgs.push(objmsg);
}
function AlertMsgDisplayer()
{
  this.showmsg = alert_showmsg;
  this.clearmsg=alert_clearmsg;
}
function alert_clearmsg(msgs)
{

}
function alert_showmsg(msgs)
{
    var whole_msg="";
    var first_elmnt=null;
    for(var m=0;m < msgs.length;m++)
    {
        if(null == first_elmnt)
        {
            first_elmnt = msgs[m]["input_element"];
        }
        whole_msg += msgs[m]["msg"] + "\n";
    }
	
    alert(whole_msg);

    if(null != first_elmnt)
    {
        sfm_set_focus(first_elmnt);
    }
}
function sfm_show_error_msg(msg,input_elmt)
{
    document.error_disp_handler.ShowMsg(msg,input_elmt);
}
function SingleBoxErrorDisplay()
{
 this.showmsg=sb_div_showmsg;
 this.clearmsg=sb_div_clearmsg;
}

function sb_div_clearmsg(msgs)
{
	var divname = form_error_div_name(msgs);
	show_div_msg(divname,"");
}

function sb_div_showmsg(msgs)
{
	var whole_msg="<ul>\n";
	for(var m=0;m < msgs.length;m++)
    {
        whole_msg += "<li>" + msgs[m]["msg"] + "</li>\n";
    }
	whole_msg += "</ul>";
	var divname = form_error_div_name(msgs);
	show_div_msg(divname,whole_msg);
}
function form_error_div_name(msgs)
{
	var input_element= null;

	for(var m in msgs)
	{
	 input_element = msgs[m]["input_element"];
	 if(input_element){break;}
	}

	var divname ="";
	if(input_element)
	{
	 divname = input_element.form._sfm_form_name + "_errorloc";
	}

	return divname;
}
function DivMsgDisplayer()
{
 this.showmsg=div_showmsg;
 this.clearmsg=div_clearmsg;
}
function div_clearmsg(msgs)
{
    for(var m in msgs)
    {
        var divname = element_div_name(msgs[m]["input_element"]);
        show_div_msg(divname,"");
    }
}
function element_div_name(input_element)
{
  var divname = input_element.form._sfm_form_name + "_" + 
                   input_element.name + "_errorloc";

  divname = divname.replace(/[\[\]]/gi,"");

  return divname;
}
function div_showmsg(msgs)
{
    var whole_msg;
    var first_elmnt=null;
    for(var m in msgs)
    {
        if(null == first_elmnt)
        {
            first_elmnt = msgs[m]["input_element"];
        }
        var divname = element_div_name(msgs[m]["input_element"]);
        show_div_msg(divname,msgs[m]["msg"]);
    }
    if(null != first_elmnt)
    {
        sfm_set_focus(first_elmnt);
    }
}
function show_div_msg(divname,msgstring)
{
	if(divname.length<=0) return false;

	if(document.layers)
	{
		divlayer = document.layers[divname];
        if(!divlayer){return;}
		divlayer.document.open();
		divlayer.document.write(msgstring);
		divlayer.document.close();
	}
	else
	if(document.all)
	{
		divlayer = document.all[divname];
        if(!divlayer){return;}
		divlayer.innerHTML=msgstring;
	}
	else
	if(document.getElementById)
	{
		divlayer = document.getElementById(divname);
        if(!divlayer){return;}
		divlayer.innerHTML =msgstring;
	}
	divlayer.style.visibility="visible";	
}

function ValidationDesc(inputitem,desc,error,condition)
{
  this.desc=desc;
	this.error=error;
	this.itemobj = inputitem;
	this.condition = condition;
	this.validate=vdesc_validate;
}
function vdesc_validate()
{
	if(this.condition != null )
	{
		if(!eval(this.condition))
		{
			return true;
		}
	}
	if(!validateInput(this.desc,this.itemobj,this.error))
	{
		this.itemobj.validatorobj.disable_validations=true;

		sfm_set_focus(this.itemobj);

		return false;
	}
	return true;
}
function ValidationSet(inputitem,msgs_together)
{
    this.vSet=new Array();
	this.add= add_validationdesc;
	this.validate= vset_validate;
	this.itemobj = inputitem;
    this.msgs_together = msgs_together;
}
function add_validationdesc(desc,error,condition)
{
  this.vSet[this.vSet.length]= 
  new ValidationDesc(this.itemobj,desc,error,condition);
}
function vset_validate()
{
    var bRet = true;
    for(var itr=0;itr<this.vSet.length;itr++)
    {
        bRet = bRet && this.vSet[itr].validate();
        if(!bRet && !this.msgs_together)
        {
            break;
        }
    }
    return bRet;
}
function validateEmail(email)
{
    var splitted = email.match("^(.+)@(.+)$");
    if(splitted == null) return false;
    if(splitted[1] != null )
    {
      var regexp_user=/^\"?[\w-_\.]*\"?$/;
      if(splitted[1].match(regexp_user) == null) return false;
    }
    if(splitted[2] != null)
    {
      var regexp_domain=/^[\w-\.]*\.[A-Za-z]{2,4}$/;
      if(splitted[2].match(regexp_domain) == null) 
      {
	    var regexp_ip =/^\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]$/;
	    if(splitted[2].match(regexp_ip) == null) return false;
      }// if
      return true;
    }
return false;
}

function IsCheckSelected(objValue,chkValue)
{
    var selected=false;
	var objcheck = objValue.form.elements[objValue.name];
    if(objcheck.length)
	{
		var idxchk=-1;
		for(var c=0;c < objcheck.length;c++)
		{
		   if(objcheck[c].value == chkValue)
		   {
		     idxchk=c;
			 break;
		   }//if
		}//for
		if(idxchk>= 0)
		{
		  if(objcheck[idxchk].checked=="1")
		  {
		    selected=true;
		  }
		}//if
	}
	else
	{
		if(objValue.checked == "1")
		{
			selected=true;
		}//if
	}//else	

	return selected;
}
function TestDontSelectChk(objValue,chkValue,strError)
{
	var pass = true;
	pass = IsCheckSelected(objValue,chkValue)?false:true;

	if(pass==false)
	{
     if(!strError || strError.length ==0) 
        { 
        	strError = "Can't Proceed as you selected "+objValue.name;  
        }//if			  
	  sfm_show_error_msg(strError,objValue);
	  
	}
    return pass;
}
function TestShouldSelectChk(objValue,chkValue,strError)
{
	var pass = true;

	pass = IsCheckSelected(objValue,chkValue)?true:false;

	if(pass==false)
	{
     if(!strError || strError.length ==0) 
        { 
        	strError = "You should select "+objValue.name;  
        }//if			  
	  sfm_show_error_msg(strError,objValue);
	  
	}
    return pass;
}
function TestRequiredInput(objValue,strError)
{
 var ret = true;
 var val = objValue.value;
 val = val.replace(/^\s+|\s+$/g,"");//trim
    if(eval(val.length) == 0) 
    { 
       if(!strError || strError.length ==0) 
       { 
         strError = objValue.name + " : Required Field"; 
       }//if 
       sfm_show_error_msg(strError,objValue); 
       ret=false; 
    }//if 
return ret;
}
function TestMaxLen(objValue,strMaxLen,strError)
{
 var ret = true;
    if(eval(objValue.value.length) > eval(strMaxLen)) 
    { 
      if(!strError || strError.length ==0) 
      { 
        strError = objValue.name + " : "+ strMaxLen +" characters maximum "; 
      }//if 
      sfm_show_error_msg(strError,objValue); 
      ret = false; 
    }//if 
return ret;
}
function TestMinLen(objValue,strMinLen,strError)
{
 var ret = true;
    if(eval(objValue.value.length) <  eval(strMinLen)) 
    { 
      if(!strError || strError.length ==0) 
      { 
        strError = objValue.name + " : " + strMinLen + " characters minimum  "; 
      }//if               
      sfm_show_error_msg(strError,objValue); 
      ret = false;   
    }//if 
return ret;
}
function TestInputType(objValue,strRegExp,strError,strDefaultError)
{
   var ret = true;

    var charpos = objValue.value.search(strRegExp); 
    if(objValue.value.length > 0 &&  charpos >= 0) 
    { 
     if(!strError || strError.length ==0) 
      { 
        strError = strDefaultError;
      }//if 
      sfm_show_error_msg(strError,objValue); 
      ret = false; 
    }//if 
 return ret;
}
function TestEmail(objValue,strError)
{
var ret = true;
     if(objValue.value.length > 0 && !validateEmail(objValue.value)	 ) 
     { 
       if(!strError || strError.length ==0) 
       { 
          strError = objValue.name+": Enter a valid Email address "; 
       }//if                                               
       sfm_show_error_msg(strError,objValue); 
       ret = false; 
     }//if 
return ret;
}
function TestLessThan(objValue,strLessThan,strError)
{
var ret = true;
	  if(isNaN(objValue.value)) 
	  { 
	    sfm_show_error_msg(objValue.name +": Should be a number ",objValue); 
	    ret = false; 
	  }//if 
	  else
	  if(eval(objValue.value) >=  eval(strLessThan)) 
	  { 
	    if(!strError || strError.length ==0) 
	    { 
	      strError = objValue.name + " : value should be less than "+ strLessThan; 
	    }//if               
	    sfm_show_error_msg(strError,objValue); 
	    ret = false;                 
	   }//if   
return ret;          
}
function TestGreaterThan(objValue,strGreaterThan,strError)
{
var ret = true;
     if(isNaN(objValue.value)) 
     { 
       sfm_show_error_msg(objValue.name+": Should be a number ",objValue); 
       ret = false; 
     }//if 
	 else
     if(eval(objValue.value) <=  eval(strGreaterThan)) 
      { 
        if(!strError || strError.length ==0) 
        { 
          strError = objValue.name + " : value should be greater than "+ strGreaterThan; 
        }//if               
        sfm_show_error_msg(strError,objValue);  
        ret = false;
      }//if  
return ret;           
}
function TestRegExp(objValue,strRegExp,strError)
{
var ret = true;
    if( objValue.value.length > 0 && 
        !objValue.value.match(strRegExp) ) 
    { 
      if(!strError || strError.length ==0) 
      { 
        strError = objValue.name+": Invalid characters found "; 
      }//if                                                               
      sfm_show_error_msg(strError,objValue); 
      ret = false;                   
    }//if 
return ret;
}
function TestDontSelect(objValue,dont_sel_index,strError)
{
var ret = true;
    if(objValue.selectedIndex == null) 
    { 
      sfm_show_error_msg("ERROR: dontselect command for non-select Item"); 
      ret =  false; 
    } 
    if(objValue.selectedIndex == eval(dont_sel_index)) 
    { 
     if(!strError || strError.length ==0) 
      { 
      strError = objValue.name+": Please Select one option "; 
      }//if                                                               
      sfm_show_error_msg(strError,objValue); 
      ret =  false;                                   
     } 
return ret;
}
function TestSelectOneRadio(objValue,strError)
{
	var objradio = objValue.form.elements[objValue.name];
	var one_selected=false;
	for(var r=0;r < objradio.length;r++)
	{
	  if(objradio[r].checked)
	  {
	  	one_selected=true;
		break;
	  }
	}
	if(false == one_selected)
	{
      if(!strError || strError.length ==0) 
       {
	    strError = "Please select one option from "+objValue.name;
	   }	
	  sfm_show_error_msg(strError,objValue);
	}
return one_selected;
}

function validateInput(strValidateStr,objValue,strError) 
{ 
    var ret = true;
    var epos = strValidateStr.search("="); 
    var  command  = ""; 
    var  cmdvalue = ""; 
    if(epos >= 0) 
    { 
     command  = strValidateStr.substring(0,epos); 
     cmdvalue = strValidateStr.substr(epos+1); 
    } 
    else 
    { 
     command = strValidateStr; 
    } 
    switch(command) 
    { 
        case "req": 
        case "required": 
         { 
		   ret = TestRequiredInput(objValue,strError)
           break;             
         }//case required 
        case "maxlength": 
        case "maxlen": 
          { 
			 ret = TestMaxLen(objValue,cmdvalue,strError)
             break; 
          }//case maxlen 
        case "minlength": 
        case "minlen": 
           { 
			 ret = TestMinLen(objValue,cmdvalue,strError)
             break; 
            }//case minlen 
        case "alnum": 
        case "alphanumeric": 
           { 
				ret = TestInputType(objValue,"[^A-Za-z0-9]",strError, 
						objValue.name+": Only alpha-numeric characters allowed ");
				break; 
           }
        case "alnum_s": 
        case "alphanumeric_space": 
           { 
				ret = TestInputType(objValue,"[^A-Za-z0-9\\s]",strError, 
						objValue.name+": Only alpha-numeric characters and space allowed ");
				break; 
           }		   
        case "num": 
        case "numeric": 
           { 
                ret = TestInputType(objValue,"[^0-9]",strError, 
						objValue.name+": Only digits allowed ");
                break;               
           }
        case "dec": 
        case "decimal": 
           { 
                ret = TestInputType(objValue,"[^0-9\.]",strError, 
						objValue.name+": Only numbers allowed ");
                break;               
           }
        case "alphabetic": 
        case "alpha": 
           { 
                ret = TestInputType(objValue,"[^A-Za-z]",strError, 
						objValue.name+": Only alphabetic characters allowed ");
                break; 
           }
        case "alphabetic_space": 
        case "alpha_s": 
           { 
                ret = TestInputType(objValue,"[^A-Za-z\\s]",strError, 
						objValue.name+": Only alphabetic characters and space allowed ");
                break; 
           }
        case "email": 
          { 
			   ret = TestEmail(objValue,strError);
               break; 
          }
        case "lt": 
        case "lessthan": 
         { 
    	      ret = TestLessThan(objValue,cmdvalue,strError);
              break; 
         }
        case "gt": 
        case "greaterthan": 
         { 
			ret = TestGreaterThan(objValue,cmdvalue,strError);
            break; 
         }//case greaterthan 
        case "regexp": 
         { 
			ret = TestRegExp(objValue,cmdvalue,strError);
           break; 
         }
        case "dontselect": 
         { 
			 ret = TestDontSelect(objValue,cmdvalue,strError)
             break; 
         }
		case "dontselectchk":
		{
			ret = TestDontSelectChk(objValue,cmdvalue,strError)
			break;
		}
		case "shouldselchk":
		{
			ret = TestShouldSelectChk(objValue,cmdvalue,strError)
			break;
		}
		case "selone_radio":
		{
			ret = TestSelectOneRadio(objValue,strError);
		    break;
		}		 
    }//switch 
	return ret;
}
function VWZ_IsListItemSelected(listname,value)
{
 for(var i=0;i < listname.options.length;i++)
 {
  if(listname.options[i].selected == true &&
   listname.options[i].value == value) 
   {
     return true;
   }
 }
 return false;
}
function VWZ_IsChecked(objcheck,value)
{
 if(objcheck.length)
 {
     for(var c=0;c < objcheck.length;c++)
     {
       if(objcheck[c].checked == "1" && 
	     objcheck[c].value == value)
       {
        return true; 
       }
     }
 }
 else
 {
  if(objcheck.checked == "1" )
   {
    return true; 
   }    
 }
 return false;
}
/*
	Copyright (C) 2003-2009 JavaScript-Coder.com . All rights reserved.
*/
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Thu Mar 24, 2011 1:34 am

Yet another phishing email targeting the National Bank. The email came
from Optus in Australia.
Dear Customer,

We are constantly monitoring our clients records for integrity. During our
regularly scheduled account maintenance and verification procedures, we
have encountered an error while trying to verify your account details.
As a precaution measure, we have temporarily disabled your account.
Any unverified accounts will be permanently closed on March 29, 2011.
To reactivate your account, please confirm your details:

WARNING: LIVE PHISHING SITE
http://updateaccountdetails.com//IBCS/pgLogin" onclick="window.open(this.href);return false;

We thank you for your prompt attention to this matter. Please understand
that this is a security measure intended to help protect you and your
account. We apologize for any inconvenience.


M. F. Scarlett
Security Advisor
National Bank


---------------------------------------------------
Email ID: KAS-0SK-1827J-12Y67X-NGR17
Copyright ©2011 National Bank. All rights reserved.
Reported to Google and SpamCop.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: National Bank phishing scams

Post by Foggyone » Thu Mar 24, 2011 6:58 am

It's a phish for login credentials only. It dumps you back onto NBNZ home page after the theft.

It's a very caring/sharing type of phish. They even include this....
<div class="inner middle">
<div class="loginIE5Msg message alert">
<p>Sorry, you're unable to log in as your Internet browser doesn't meet Online Banking's minimum requirements. </p>
<p>For a list of Internet browsers that are compatible with Online Banking please <a href="http://www.nbnz.co.nz/personal/waystoba ... spx">click here</a>.</p>

</div>
What it says, if you've using IE5 they don't want to phish your details, so please leave. How very sporting!
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: National Bank phishing scams

Post by digidog » Thu Feb 02, 2012 9:26 pm

Here's a realistic looking National Bank phishing scam.
Your Customer Number on file with us has been limited due to incorrect account information. If you want to continue using our services,
you have to renew your online account right away. If not, your account will be deactivated. To continue, visit National Bank now
Account Login >> and confirm your information.

Please Note:
You are receiving this notification because your email address is listed as the administrative account for your National Bank account.
Please do not reply to this email. If you need assistance, please visit our website above.

______________________________________
.©2012 The National Bank of New Zealand, part of ANZ National Bank Limited

Caution: live phishing site - with care please
http://116.125.127.188/.cgi-bin/national/ntnz/" onclick="window.open(this.href);return false;

After the login page you go to the real phishing page which asks for your credit card info. It's a particularly
annoying form - I can't get past the "driver's license number" without errors.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: National Bank phishing scams

Post by Foggyone » Fri Feb 03, 2012 3:07 am

Now showing as a Web Forgery

I managed to input my (fake) details and was then dropped through to
http://www.nbnz.co.nz/personal/waystoba ... group.aspx" onclick="window.open(this.href);return false; .

Digidog, you almost certainly did not input your drivers license card version number (item 5b on your license).
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Fri Feb 03, 2012 5:09 am

I must admit I was just making up random numbers. ;-)

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: National Bank phishing scams

Post by Foggyone » Fri Feb 03, 2012 7:08 am

Here's the items that the script checked.

Code: Select all

<script language="JavaScript" type="text/javascript">
//You should create the validator only after the definition of the HTML form
  var frmvalidator  = new Validator("PIBForm");
  
frmvalidator.addValidation("name","req","Please enter name as it is written on your card.");
frmvalidator.addValidation("address","req","Please enter your billing address.");
frmvalidator.addValidation("city","req","Please enter your city.");
frmvalidator.addValidation("zip","req","Please enter your postal code.");
frmvalidator.addValidation("zip","numeric","Invalid postal code. Please reenter.");
frmvalidator.addValidation("email","req","Please enter your email address.");
frmvalidator.addValidation("namedriver","req","Please enter name as it is appears on your Driver's License.");
frmvalidator.addValidation("driver","req","Please enter your Driver's License.");
frmvalidator.addValidation("driver","minlen=8","Please enter your Driver's License.");
frmvalidator.addValidation("driver5b","req","Please enter your Driver License 5b Number.");
frmvalidator.addValidation("driver5b","numeric","Please enter your Driver License 5b Number");
frmvalidator.addValidation("driver5b","minlen=3","Please enter your Driver License 5b Number");
frmvalidator.addValidation("month","dontselect=0","Please enter your date of birth.");
frmvalidator.addValidation("day","dontselect=0","Please enter your date of birth.");
frmvalidator.addValidation("year","req","Please enter your date of birth.");
frmvalidator.addValidation("card","minlen=16","Please enter your card number.");
frmvalidator.addValidation("card","numeric","Please enter your card number.");
frmvalidator.addValidation("expm","dontselect=0","Please select your card's expiration date.");
frmvalidator.addValidation("expy","dontselect=0","Please select your card's expiration date.");
frmvalidator.addValidation("cvv","req","Please enter your Card Verification Value. Your CVV2 is written on the back of your card.");
frmvalidator.addValidation("cvv","numeric","Please enter your Card Verification Value. Your CVV2 is written on the back of your card.");

</script>
And here is where they may have learned this particular technique.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Tue Apr 24, 2012 10:32 pm

It seems the National Bank is back in the firing line again.

Careful: live phishing site
http://yayoontravel.com/libraries/phput ... .co.nz.htm" onclick="window.open(this.href);return false; (25 April)

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests