Some more on phishing, real vs fake

I came across another phishing scam today, the spammer has gone to some trouble to ensure that his site looks legitimate.

The fake site


In the above, the words “Security Alert” are not centered, but that’s because I had to do a screen capture and move some stuff around, and forgot to re-center that part of the text.  It should be centered and looking legitimate.  Ditto for the grey ring around the Verisign logo.

The real site


You can see that the spammer has copied almost everything but added the extra KTT PIN in the logon box.  That’s hardly a giveaway, however, because it is feasible that a bank might do something like that.  It’s redundant, though.  If you have the login information, then also having the PIN number is simply going for broke.

The phisher has put in four extra touches:

  1. The site is grammatically correct.

  2. He has a Verisign link on there.  If you click on the link, it actually goes to the real KeyBank Verisign verification that it is, indeed, a real site and that Key Bank owns it.
  3. The URL of the site is  If you weren’t looking closely, you might not see the something.tld is the actual web page, and your eye might just see the at the start of the link.

    Luckily, https is part of the real key bank but as I said in another post, using https at the landing page is not a universal standard adopted by all of the financial institutions, but it should be.

  4. The phisher has put a logo at the top of the page for Key Total Treasury.  Curiously, the actual web page does not contain it.

Phishing scams can sometimes be pretty easily to spot, but sometimes ones like these are more difficult.  The only way you’d be able to see that this one wasn’t legitimate is by looking at the URL and seeing that it wasn’t the actual landing page of 

Comments (2)
  1. Alex says:

    This is like taking phishing to another level. A little more common sense and he/she might have a perfect phishing site.

  2. Evans says:

    I received an email from egg bank which seemed like a normal newsletter/marketting email. It didn’t require me to do anything like change your pin/password etc. It was fantastically designed in HTML and had no spelling mistakes. I realized it was phishing email as Outlook doesn’t show html emails unless you trust a sender. Since that email wasn’t on my trusted senders list so it showed all the links. Looking at the html I found out that all the images were retrieved from but the links for logging in were from another website wasn’t related to I guess the phishing people are becoming clever.

Comments are closed.

Skip to main content