7th September 2007, 7:16 PM
(This post was last modified: 7th September 2007, 7:27 PM by etoven.)
I think the biggest giveaway is the fact that they don't have a fully qualified domain name. Do they honestly expect me to believe that the Bank of America would host a web site by ip only and not register a domain?
Phishing websites almost never register a domain name because the WhoIs server would reveal their identity.
BTW: everything after the IP address is the banks real url to the page. sslencrypt218bit stands for secure socket layer encrypt 218 bit. They probably have script that will accept any domain go out and fetch the real page but postback to their server instead any goodies you type in first, and then fetch the real next page reposting any form data you entered to the real server along the way. Most users never know their on the wrong site.
Phishing websites almost never register a domain name because the WhoIs server would reveal their identity.
BTW: everything after the IP address is the banks real url to the page. sslencrypt218bit stands for secure socket layer encrypt 218 bit. They probably have script that will accept any domain go out and fetch the real page but postback to their server instead any goodies you type in first, and then fetch the real next page reposting any form data you entered to the real server along the way. Most users never know their on the wrong site.