1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Serious question. Has my information been compromised? Phishing scam.

Discussion in 'BlackHat Lounge' started by C-Rod3, Sep 2, 2016.

  1. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    I am sure you are all aware of phishing sites - websites that present themselves as another mainstream website to try and get you to enter your passwords, bank info, etc.

    I was sent a phishing site prompting me to enter all of my personal information. I'm talking name, bank account, social security, the whole 9 yards.

    Here's the catch. I entered my information into the actual text boxes, only to realize the web address was NOT my bank halfway through. I had clicked "submit info" prior to my realization, but it "didn't go through" because I had forgot o enter my zip code.

    i don't know how these key logger phishing sites actually work, but does the scammer have my information? It was all done on an iPhone, and I hit the blue "Go" button in the form when filling it out, which it claimed to have rejected
     
    Last edited: Sep 2, 2016
  2. sturose

    sturose Jr. VIP Jr. VIP

    Joined:
    Nov 6, 2013
    Messages:
    1,808
    Likes Received:
    2,217
    Gender:
    Male
    Occupation:
    Self unemployed
    Location:
    Right behind you!
    IDK whether they have your info pal but I would play it safe.

    Contact your bank ASAP and change all your details.
     
    • Thanks Thanks x 1
  3. DiMaster

    DiMaster Registered Member

    Joined:
    Nov 10, 2015
    Messages:
    81
    Likes Received:
    18
    If site uses "default" contact form your credits should not get to the main database. But still you should do something to keep yuorself sfe in case if they log all submit attempts.
     
  4. C3R0X

    C3R0X BANNED BANNED

    Joined:
    Jul 27, 2016
    Messages:
    138
    Likes Received:
    38
    Gender:
    Male
    In one word,Contact to your BAnk ;)
     
  5. indianfreak

    indianfreak Power Member

    Joined:
    Jan 4, 2008
    Messages:
    717
    Likes Received:
    457
    @sturose is right, don't take any risk. Change all your details at your bank NOW!
     
  6. AceWallGromit

    AceWallGromit Regular Member

    Joined:
    Jul 23, 2016
    Messages:
    375
    Likes Received:
    255
    Location:
    Canada
    They might claim your info was rejected just to have you resubmit so they have your double verification.

    Depending on what info you entered they could have enought to do damage via identity theft or gaining account access to websites you visit/own.

    Monitor all your accounts closely as suspicious activity might be imminent.

    Take some pro-active action to re-secure your web and financial assets by changing passwords and adding any available layers of security questions etc.
     
  7. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    None of the information they "recieved" could gain them direct access to my websites though.

    It was full name, banks, SSN, and address.

    Also, they didn't say it was rejected. It was like a form error, saying "Please enter zip code". Traditionally you'd think they wouldn't get the logs if I didn't submit after the first "failed attempt". I'm just wondering the actual technical aspect of a phishing site. Like, if they literally recieve everything I enter in the text boxes regardless of if I submit
     
  8. BassTrackerBoats

    BassTrackerBoats Super Moderator Staff Member Moderator Jr. VIP

    Joined:
    Mar 10, 2010
    Messages:
    17,336
    Likes Received:
    31,817
    Occupation:
    Selling CPA Sites
    Location:
    Not England
    Home Page:
    You should look into an identity theft protection service in that the above info may have gotten into the wrong hands.
     
  9. mnunes532

    mnunes532 Supreme Member

    Joined:
    Jan 21, 2014
    Messages:
    1,439
    Likes Received:
    468
    Gender:
    Male
    Location:
    Portugal
    Here's what you can do: go to that website again on desktop (using chrome or firefox), press f12 to open developer tools, click network tab, submit the form with dummy data and check for requests in the network tab. If there isn't any POST request with the data from the form, you should be safe.
     
    • Thanks Thanks x 2
  10. ChrisX

    ChrisX Jr. VIP Jr. VIP

    Joined:
    Oct 8, 2011
    Messages:
    284
    Likes Received:
    141
    Gender:
    Male
    Home Page:
    Yeah, was just about to suggest the same. Check if the form is submitted on error (page reload or via javascript).
    If you're lucky and they've used the "required" tag in form fields, chrome wouldn't even submit the form.
     
    • Thanks Thanks x 1
  11. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    In fact that was the error.


    "______ was required, please go back and fill the required fields". I can't remember if it was zip or not but this was the nature of the message.

    Maybe that saved my ass afterall
     
  12. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    Also worth noting this was all done on an iPhone. I didn't actually hit the submit button. I hit the blue "Go" button in the textpad. I know sometimes this submits the form and sometimes it simply moves on to the next text field.
     
  13. ChrisX

    ChrisX Jr. VIP Jr. VIP

    Joined:
    Oct 8, 2011
    Messages:
    284
    Likes Received:
    141
    Gender:
    Male
    Home Page:
    Doesn't sound like default front-end validation so most likely like they did get your info. Sorry.
     
  14. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    I really don't mean to drag this out further... But what do you mean by "front-end verification"? Curious as to how you came to that cunclusion with the info I provided.
     
  15. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    Another important thing I wanted to bring up is that this occurred 3 years ago. That's why my memory is so faded on the exact response after it declined my submission. The reason it resurfaced in my mind is because a buddy of mine said they might be holding it for later use. They haven't actually done anything in the 3 years
     
  16. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,622
    Likes Received:
    34,782
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:

    Are you some kind of clown?
    Why is this in the making money section?
    Are you just posting crap to boost post count?
     
  17. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    You think I'm funny? What, like a clown? Don't be a wise guy, Tony.

    I am being completely serious about this. My information could be compromised.
     
  18. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,622
    Likes Received:
    34,782
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:

    So contact your Bank, change your passwords. Don't start posting crap about some incident from 3 years ago. This is common sense.

    Hold on, you are they guy that thinks his AV is spying on him:
    http://www.blackhatworld.com/seo/is-my-antivirus-spying-on-me-help.873655/

    I think you need to be fitted for a bigger tin foil hat.
     
    • Thanks Thanks x 2
  19. Sherbert Hoover

    Sherbert Hoover Jr. Executive VIP Jr. VIP

    Joined:
    Dec 26, 2010
    Messages:
    1,300
    Likes Received:
    10,843
     
    • Thanks Thanks x 4
  20. C-Rod3

    C-Rod3 Registered Member

    Joined:
    Aug 18, 2016
    Messages:
    66
    Likes Received:
    10
    Gender:
    Male
    Lmao