31-May-2006
Phishing attempt
Today, I received an email that looks pretty professional:
Mind you: the text reads:
Alaska USA's UltraBranch Administration always look forward for the high
security of our clients. Some customers have been receiving an email claiming to be from Alaska USA C.U advising them to follow a link to what appear to be a Alaska USA C.U web site, where they are prompted to enter their personal Online Banking details. Alaska USA C.U is in no way involved with this email and the web site does not belong to us.
Actually, we are performing security improvements of our banking community and enforce customers to register their sensitive information for an additionally created free security service to prevent any fraudulent activity against their assets and savings. We, hereby ask you to respond within few hours of current notification and complete security application form via our SSL protected website to apply for this service absolutely for free, otherwise your account(s) may not process posted transactions correctly and on time.
Please visit us to apply
https://ultrabranch.alaskausa.org/efs/servlet/efs/login.jsp
This blue text is the hyperlink in the red box in the image.
You may think: Nice.
But take a good look at the source of the message around this point - that is: just the URL address (for the sake of layout - sorry)
http://211.74.197.218/~kevin/verify/alaska/ultrabranch.alaskausa.org
Please do not reply to this e-mail. Mail sent to this address cannot be answered.<br>
For assistance, log in to your Online Bank account and choose the "Help" link on any page.<br>
I've seen this guy "KEVIN" before, trying to obtain user's credentials!
Of course you shouldn't answer to the return address - he would be disposed.
Data on this message: The header:
Return-Path: confirm@alaskausa.org
Received: from richardinniss.demon.co.uk (80.177.19.229)
by diana.intra.grootersnet.nl (V5.5-ECO1, OpenVMS V8.2 Alpha);
Wed, 31 May 2006 17:32:32 +0200 (CEST)
Received: from 222.48.77.64 by ; Wed, 31 May 2006 19:41:34 +0300
Message-ID: <wuobfmhxntlcfrduof@hotmail.com>
From: "Alaska USA Security Departament" <rm@alaskausa.org>
Reply-To: "Alaska USA Security Departament" <irm@alaskausa.org>
To: xxxxxx@xxxxxxxxxxxxxx
Subject: IMPORTANT: Confirm your account
Date: Wed, 31 May 2006 14:46:34 -0200
X-Mailer: Internet Mail Service (5.5.2650.21)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--43801022623500288"
X-Priority: 3
X-MSMail-Priority: Normal
Note, it was sent from an HOTMAIL account - So I know where to signal abuse.
The originator has an account with a Taiwanese ISP:
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 211.74.128.0 - 211.74.255.255
netname: SEEDNET-TW
descr: Digital United Inc.
descr: 9F, No. 125, Song Jiang Road.
descr: Taipei Taiwan 100
country: TW
admin-c: CY74-AP
tech-c: CY74-AP
mnt-by: MAINT-TW-TWNIC
changed: hostmaster@twnic.net 20001102
status: ALLOCATED PORTABLE
source: APNIC
person: Chyi-Chuan Yang
nic-hdl: CY74-AP
e-mail: ccyang@du.net.tw
address: 9F, 125, song jiang road
address: Taipei, 104, R.O.C
phone: +886-2-2737-7298
fax-no: +886-2-2739-7512
country: TW
changed: hostmaster@twnic.net.tw 20050531
mnt-by: MAINT-TW-TWNIC
source: APNIC
inetnum: 211.74.197.192 - 211.74.197.223
netname: NANLINGCO.LT-TW
descr: NanlingCo.,Ltd
descr: N/A Taiwan
country: TW
admin-c: CZ13-TW
tech-c: CZ13-TW
mnt-by: MAINT-TW-TWNIC
remarks: This information has been partially mirrored by APNIC from
remarks: TWNIC. To obtain more specific information, please use the
remarks: TWNIC whois server at whois.twnic.net.
changed: michaelc@du.net.tw 20031222
status: ASSIGNED NON-PORTABLE
source: TWNIC
person: Chian Ze-Fong
address: NanlingCo.,Ltd
address: N/A Taiwan
e-mail: ricky@nanling.com.tw
nic-hdl: CZ13-TW
changed: hostmaster@twnic.net.tw20031125
source: TWNIC
The second one, given the address. Just try to contact them, who knows...
0 Comments:
Post a Comment
<< Home