New Phishy: "Wells Fargo AMT service upgrade"
Results 1 to 4 of 4

Thread: New Phishy: "Wells Fargo AMT service upgrade"

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    New Phishy: "Wells Fargo AMT service upgrade"

    How convient and so security-minded of Wells Fargo. Interesting too that it goes to http://200.155.4.91:81/1/index.php (down at this time) rather than Wells Fargo's Official Site:

    % Copyright registro.br
    % The data below is provided for information purposes
    % and to assist persons in obtaining information about or
    % related to domain name and IP number registrations
    % By submitting a whois query, you agree to use this data
    % only for lawful purposes.
    % 2004-10-04 09:55:26 (BRT -03:00)

    inetnum: 200.155.0/19
    aut-num: AS16397
    abuse-c: ABC204
    owner: Comdominio Soluções de Tecnologia S/A.
    ownerid: 003.672.254/0001-44
    responsible: Area de Engenharia - comDominio
    address: Rua Dr. Miguel Couto, 58,
    address: 01008-010 - Sao Paulo - SP
    phone: (11) 3351-4325 []
    owner-c: AEC81
    tech-c: GRC66
    inetrev: 200.155.0/20
    inetrev: 200.155.16/23
    inetrev: 200.155.18/24
    nserver: NS1.DATACENTER1.COM.BR
    nsstat: 20041002 AA
    nslastaa: 20041002
    nserver: NS2.DATACENTER1.COM.BR
    nsstat: 20041002 AA
    nslastaa: 20041002
    nserver: NS3.DATACENTER1.COM.BR
    nsstat: 20041002 AA
    nslastaa: 20041002
    inetrev: 200.155.20/22
    nserver: NS1.DATACENTER1.COM.BR
    nsstat: 20041003 AA
    nslastaa: 20041003
    nserver: NS2.DATACENTER1.COM.BR
    nsstat: 20041003 AA
    nslastaa: 20041003
    nserver: NS3.DATACENTER1.COM.BR
    nsstat: 20041003 AA
    nslastaa: 20041003
    inetrev: 200.155.24/21
    nserver: NS1.DATACENTER1.COM.BR
    nsstat: 20041002 AA
    nslastaa: 20041002
    nserver: NS2.DATACENTER1.COM.BR
    nsstat: 20041002 AA
    nslastaa: 20041002
    nserver: NS3.DATACENTER1.COM.BR
    nsstat: 20041002 AA
    nslastaa: 20041002
    created: 20010828
    changed: 20020909

    nic-hdl-br: ABC204
    person: Abuse @ comDominio
    e-mail: abuse@COMDOMINIO.COM.BR
    address: Rua Dr. Miguel Couto, 58,
    address: 01008-010 - Sao Paulo - SP
    phone: (11) 3351-4325 []
    created: 20030625
    changed: 20030625

    nic-hdl-br: AEC81
    person: Area de Engenharia - comDominio
    e-mail: registro@COMDOMINIO.COM.BR
    address: Rua Dr. Miguel Couto, 58,
    address: 01008-010 - São Paulo - SP
    phone: (11) 3351-4325 []
    created: 20020909
    changed: 20030623

    nic-hdl-br: GRC66
    person: Gerencia de Redes - comDominio
    e-mail: registro@COMDOMINIO.COM.BR
    address: Rua Dr. Miguel Couto, 58,
    address: 01008-010 - Sao Paulo - SP
    phone: (11) 3351-4325 []
    created: 20020909
    changed: 20040126

    remarks: Security issues should also be addressed to
    remarks: nbso@nic.br, http://www.nbso.nic.br/
    remarks: Mail abuse issues should also be addressed to
    remarks: mail-abuse@nic.br

    % whois.registro.br accepts only direct match queries.
    % Types of queries are: domains (.BR), BR POCs, CIDR blocks,
    % IP and AS numbers.
    And even more interesting is the source:

    Code:
    <html>
    <body>
    <table cellspacing="0" cellpadding="0" width="601" border="0">
      <tbody>
        <tr>
          <td colspan="2"></td>
        </tr>  <tr>
        <td colspan="2"> </td>
      </tr>
    
        <tr>
          <td width="500" height="324" align="left" valign="top">
            <table cellspacing="0" cellpadding="0" width="545" border="0">
              <tbody>
                <tr>
                  <td width="20"> </td>
                  <td valign="top" align="left" width="476"><div align="justify">
                    
    
    </p>
                    
    
    <font face="Arial, Helvetica, sans-serif" size="2">Dear Wells Fargo customer, </font></p>
                    
    
    <font face="Arial, Helvetica, sans-serif" size="2">                    In order to be prepared for the smart card upgrade on Visa and MasterCard debit and credit cards and to avoid problems with our ATM services, we have recently introduced additional security measures and upgraded our software.</font> <font face="Arial, Helvetica, sans-serif" size="2">
    
                        
    
                        This security upgrade will be effective immediately and requires our customers to update their ATM card information. Please update your information here
    
                        
    
     &copy; Wells Fargo Customer Support Dept. 
    
                        
    
                      </font> </p>
                  </div></td>
                  <td width="10"></td>
                </tr>
              </tbody>
          </table></td>
        </tr>
        
      </tbody>
    </table>
    <font color=#FFFFFF>1532 l 3  1356 optimal  Gloria</font>
    <font color=#FFFFFF>0 D cumin birdie aching arsenic owing interpretive zip dolce winnipeg turnpike  lubbock R0lGODlhggHMALNSAKMA 2085 </font>
    </body></html>
    
    ----7616889477559604--
    Info has been forwarded to AntiPhishing Workgroup
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member
    Join Date
    Aug 2004
    Posts
    149
    that is interesting.....

    THIS INFORMATION ABOVE IS WHY I ENJOY BEING A MEMBER OF AO.....

    the sad thing is that probibly hundreds of people fell for it......

  3. #3
    the beign of authority kurt_der_koenig's Avatar
    Join Date
    Jan 2004
    Location
    Pa
    Posts
    567
    umm..Very interesting. MsMittens do you think you were a prime target or just someone in a line of names? This is one reason why learning some code helps, one doesn't get that from WYSIWYG progs.

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Naw. I'm Canadian. Wells Fargo has diddly to do with ATMs up here. It'd be better if CIBC or Royal Bank or one of the other "Big 5" (as they are called) had sent that. Then it'd look a little more legit. Plus that "AMT" typo was rather a big hint!

    I get these now and again. And I find them amusing to say the least. The other recent one that made me giggle was a variation on the Nigerian/419 scam. Except this one was for China. There EVERYWHERE!

    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides