Phishing Site? [Archive] - DFWstangs Forums

: Phishing Site?


Mychael101
12-18-2006, 02:25 PM
I think I have something messed up on my comp. I've ran several virus/malware/spyware scans in safe mode and I can't find anything. Anytime I want to browse over to chase's website it starts to load it and then instead of the normal www.chase.com it very quickly shows https:mfasa.chase.com/login.html, WTF is this and how do I get rid of it if its not supposed to be there?

Snake007
12-18-2006, 04:57 PM
I think I have something messed up on my comp. I've ran several virus/malware/spyware scans in safe mode and I can't find anything. Anytime I want to browse over to chase's website it starts to load it and then instead of the normal www.chase.com it very quickly shows https:mfasa.chase.com/login.html, WTF is this and how do I get rid of it if its not supposed to be there?

I just went there and it shows Http://mfasa.chase.com/auth/login.html for a split second..go figure...

Mychael101
12-18-2006, 11:37 PM
So is that ok???

usmcluke
12-18-2006, 11:53 PM
I know you have have had some identity theft woes so I understand your concern but that page is owned by chase. mfsaa I am sure is what concerns you but that is followed by .chase.com (actually Bank One but same thing), the mfsaa is a smaller part of the larger chase.com domain. If you really are concerned about you computer and think that you have been hacked. Disconnect it from the the internet, and rebuild it, using your recovery CD. If you don't have the technical know how to accomplish that, post up asking for help there are a lot of us who can show you what to do.

Mychael101
12-19-2006, 01:53 AM
I didn't have a recovery cd but I have an hp comp and I just used the recovery tools they provide. Its pretty much the same as the system restore. There is an option for destructive recovery that will return it to the way it was shipped from the factory and I will lose all data. I may do that after I transfer all the data I want to hold on to.

Hunt4m3x
12-19-2006, 09:03 AM
I bet it is checking that you aren't getting the man in the middle attack or ARP attacks. Or checking for phishing tools.

I know Risk did it on his network and Bank of America Denied his access because "someone" (him) was running ARP attack on his network.

Basicly, steals your username/passwords.


The site is owned by Chase tho. Nothing to worry bout.

Mychael101
12-19-2006, 10:20 AM
Well that basically eliminates the only way I could think of that would allow someone to get my debit/credit card information. But its good to know that my comp is secure.

Stang2be
12-19-2006, 04:55 PM
I bet it is checking that you aren't getting the man in the middle attack or ARP attacks. Or checking for phishing tools.

I know Risk did it on his network and Bank of America Denied his access because "someone" (him) was running ARP attack on his network.

Basicly, steals your username/passwords.


The site is owned by Chase tho. Nothing to worry bout.

ARP is layer 2 and that would only work possibly if you were on comcast/tw and someone decided to arp poison the gateway. Even then the provider should be able to detect/prevent this if they so choose.

I have never tried this on comcast/time warner but have demo'd this at my previous job to show it is possible to sniff traffic on a switched network. :cool: