I came across another phishing scam today, the spammer has gone to some trouble to ensure that his site looks legitimate.

The fake site

In the above, the words “Security Alert” are not centered, but that’s because I had to do a screen capture and move some stuff around, and forgot to re-center that part of the text.  It should be centered and looking legitimate.  Ditto for the grey ring around the Verisign logo.

The real site

You can see that the spammer has copied almost everything but added the extra KTT PIN in the logon box.  That’s hardly a giveaway, however, because it is feasible that a bank might do something like that.  It’s redundant, though.  If you have the login information, then also having the PIN number is simply going for broke.

The phisher has put in four extra touches:

1. The site is grammatically correct.
   
   
2. He has a Verisign link on there.  If you click on the link, it actually goes to the real KeyBank Verisign verification that it is, indeed, a real site and that Key Bank owns it.
   
   
3. The URL of the site is http://ktt.key.com.something.tld.  If you weren’t looking closely, you might not see the something.tld is the actual web page, and your eye might just see the ktt.key.com at the start of the link.
   
   Luckily, https is part of the real key bank but as I said in another post, using https at the landing page is not a universal standard adopted by all of the financial institutions, but it should be.
   
   
4. The phisher has put a logo at the top of the page for Key Total Treasury.  Curiously, the actual web page does not contain it.

Phishing scams can sometimes be pretty easily to spot, but sometimes ones like these are more difficult.  The only way you’d be able to see that this one wasn’t legitimate is by looking at the URL and seeing that it wasn’t the actual landing page of key.com.