Phish?
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Phish?

  1. #1
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324

    Phish?

    If this is a phish, it's a weird one.

    Dear Suntrust Bank Customer ID-50661461153,

    SunTrust Banks Inc., is committed to maintaining a safe environment for our customers. To protect the security of your account, SunTrust Banks Inc., employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the SunTrust system for unusual activity.

    We are contacting you to remind you that on Nov. 24, 2004 our Account Review Team identified some unusual activity in your account. In accordance with SunTrust's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved.

    We encourage you to log in and perform the steps necessary to restore your account access as soon as possible. Allowing your account access to remain limited for an extended period of time may result in further limitations on the use of your account and possible account closure.Visit now Online Banking page and sign on to your account for verification process: http://www.suntrust.com/personal/Che...king/index.php


    Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.

    Sincerely,
    Suntrust Banks Inc., Account Review Department.
    The link that is shown there is actually http://210.127.248.70/personal/Check...ernet_Banking/ . But it seems to go to a legit (??) site.

    If it's spam, it's awfully weird spam. If anyone is interested, I have done a wget recursively but have saved it in a file that's rather large (1.1MB). If you want it emailed so you can explore it, let me know. I was rather surprised at what I pulled up from that site.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  2. #2
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    [QUOTE]inetnum: 210.125.0.0 - 210.127.255.255
    netname: KRNIC-KR
    descr: KRNIC
    descr: Korea Network Information Center
    country: KR
    admin-c: HM127-AP
    tech-c: HM127-AP
    remarks: ******************************************
    remarks: KRNIC is the National Internet Registry
    remarks: in Korea under APNIC. If you would like to
    remarks: find assignment information in detail
    remarks: please refer to the KRNIC Whois DB
    remarks: http://whois.nic.or.kr/english/index.html
    remarks: ******************************************
    mnt-by: APNIC-HM
    mnt-lower: MNT-KRNIC-AP
    changed: hm-changed@apnic.net 19981001
    changed: hm-changed@apnic.net 20010606
    changed: hm-changed@apnic.net 20040319
    status: ALLOCATED PORTABLE
    source: APNIC

    person: Host Master
    address: 11F, KTF B/D, 1321-11, Seocho2-Dong, Seocho-Gu,
    address: Seoul, Korea, 137-857
    country: KR
    phone: +82-2-2186-4500
    fax-no: +82-2-2186-4496
    e-mail: hostmaster@nic.or.kr
    nic-hdl: HM127-AP
    mnt-by: MNT-KRNIC-AP
    changed: hostmaster@nic.or.kr 20020507
    source: APNIC

    inetnum: 210.127.248.0 - 210.127.249.255
    netname: IEI-SHINDAEBANG-KR
    descr: IEI
    descr: 395-62 Shindaebang-dong Dongjak-ku
    descr: SEOUL
    descr: 156-010
    country: KR
    admin-c: JB374-KR
    tech-c: JB375-KR
    remarks: This IP address space has been allocated to KRNIC.
    remarks: For more information, using KRNIC Whois Database
    remarks: whois -h whois.nic.or.kr
    mnt-by: MNT-KRNIC-AP
    remarks: This information has been partially mirrored by APNIC from
    remarks: KRNIC. To obtain more specific information, please use the
    remarks: KRNIC whois server at whois.krnic.net.
    changed: hostmaster@nic.or.kr 20041123
    source: KRNIC

    person: Jongsu Byun
    descr: IEI
    descr: 395-62 Shindaebang-dong Dongjak-ku
    descr: SEOUL
    descr: 156-010
    country: KR
    phone: +82-2-836-0100
    fax-no: +82-2-836-6327
    e-mail: jongsu@iei.or.kr
    nic-hdl: JB374-KR
    mnt-by: MNT-KRNIC-AP
    remarks: This information has been partially mirrored by APNIC from
    remarks: KRNIC. To obtain more specific information, please use the
    remarks: KRNIC whois server at whois.krnic.net.
    changed: hostmaster@nic.or.kr 20041123
    source: KRNIC

    person: Jongsu Byun
    descr: IEI
    descr: 395-62 Shindaebang-dong Dongjak-ku
    descr: SEOUL
    descr: 156-010
    country: KR
    phone: +82-2-836-0100
    fax-no: +82-2-836-6327
    e-mail: jongsu@iei.or.kr
    nic-hdl: JB375-KR
    mnt-by: MNT-KRNIC-AP
    remarks: This information has been partially mirrored by APNIC from
    remarks: KRNIC. To obtain more specific information, please use the
    remarks: KRNIC whois server at whois.krnic.net.
    changed: hostmaster@nic.or.kr 20041123
    source: KRNIC
    [\QUOTE]

    http://www.apnic.net/apnic-bin/whois.pl

    after doing a lookup at ARIN I was pointed to the website above. For some reason I dont think I would trust a bank webpage comming out of korea...
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Especially if the bank is apparently located in Atlanta, Georgia. My wget -sr resulted in the following:

    PHP Code:
    210.127.248.70                      [url]www.advertising.com[/url]
    channels.netscape.com               [url]www.consumer.gov[/url]
    customercare.suntrust.com           [url]www.doubleclick.com[/url]
    ebusiness.suntrust.com              [url]www.ftc.gov[/url]
    giftcard.suntrust.com               [url]www.ibsnetaccess.com[/url]
    inquirasearch.suntrust.com          [url]www.life-insurance-service.com[/url]
    internetbanking.suntrust.com        [url]www.maxxinvest.com[/url]
    mysolutions.suntrust.com            [url]www.mbna.com[/url]
    onlinetreasurymanager.suntrust.com  [url]www.microsoft.com[/url]
    rn.ftc.gov                          wwwn.applyonlinenow.com
    tips
    .fbi.gov                        [url]www.sec.gov[/url]
    travel.state.gov                    [url]www.suntrust.com[/url]
    trustservices.suntrust.com          [url]www.suntrustmortgage.com[/url]
    vbv.arcot.com                       [url]www.usps.com[/url]
    www2.suntrust.com                   [url]www.visa.com[/url
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    DING DING DING DING WE HAVE A WINNER!!!!! Phish confirmed...lol
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Care to elaborate?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Well I did a little bit of googleing and Suntrust is a know cover for alot of phishing type emails. I found 2 or 3 variations of emails from them and they were confirmed phish, that in conjunction with them being in atlanta, but their webpage being in korea (of all countries) makes me pretty certain that this is indeed a phish. Added to all this, them covering the links actual address is sort of icing on the cake.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    You are a customer of the Bank?
    and their comment on the email..? that is if you are a customer..

    /edit: A simple 2 line reply and I take 20 mins to type it.. sheeeeees.. see ya's in a few weeks...
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Well I figured that but seriously check the links. When you choose the option to go to the Online service it actually redirects you to the LEGIT SunTrust website. That's why I'm not quite sure how well devised this phish is. Or is it a phish? Perhaps an attempt to get "free advertising" (Oh poor us..)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    well, if you go to the sign on link it is fake and takes you to another 210 IP address. the rest all point to domain names, but that takes to another IP. So Im assuming if you "sign on" you send them your info.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ms. M:

    I have got quite a few of these recently and the IP address for the link is a definite phish. If you try to connect they are sometimes already down, sometimes still up. In your case you may have found a situation where a legit web site was compromised and the additional pages added. This has since been identified and fixed thus you find a legitimate site in it's place....

    It's a guess but it's my best guess.... SunTrust is being heavily targetted for phishing in the last week or so as witnessed by the number I have been getting.... I usually get very few phishes.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •