Phishing for acc't numbers...
Results 1 to 4 of 4

Thread: Phishing for acc't numbers...

  1. #1
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242

    Phishing for acc't numbers...

    ...got this email from my bank (see image). All in all, a credible job (I'm not awake yet). The sender is using the imbedded gif to trick readers. The gif is linked to this website: http://www.53.com.wps.portal.secure....fo/context.id/

    Here's the email headers:

    ----------------------------------------------------------------------------

    X-Apparently-To: xxxxxxxx@yahoo.com via 206.190.48.84; Fri, 25 Aug 2006 10:21:46 -0700
    X-YahooFilteredBulk: 200.158.67.174
    X-Originating-IP: [200.158.67.174]
    Return-Path: <reference-id_71384id@53.com>
    Authentication-Results: mta302.mail.re4.yahoo.com from=53.com; domainkeys=neutral (no sig)
    Received: from 200.158.67.174 (HELO 200-158-67-174.dsl.telesp.net.br) (200.158.67.174) by mta302.mail.re4.yahoo.com with SMTP; Fri, 25 Aug 2006 10:21:46 -0700
    Received: from transmitting.ifg.com (unknown [35.220.96.177]) by cobaltweb.com with SMTP id X5PPP2ZNBV for <karlstrangfeld@yahoo.com>; Sat, 26 Aug 2006 06:20:50 -0800
    From: "FIFTH THIRD BANK 2006" <support_reference851516162754id@53.com> Add to Address BookAdd to Address Book Add Mobile Alert
    To: Send an Instant Message "Karlstrangfeld" <karlstrangfeld@yahoo.com>
    Subject: Fifth Third Bank: Urgent Notice From Billing Department Sat, 26 Aug 2006 06:20:50 -0800
    Message-ID: <73048sj83k89$c7uk474ohf8$5jz6fta76@Y4887529>
    User-Agent: PObox II beta1.0
    X-Priority: 3 (Normal)
    MIME-Version: 1.0
    Content-Type: multipart/related; boundary="GIMXXV0Z00UTQGIS7Q6S"
    Content-Length: 9325
    -----------------------------------------------------------------------------------

    I traced the originating ip address (200.158.67.174) in the email to Sao Paulo. The website's in Latvia with an ip address of 85.115.127.165, belonging to ProNets-LV from what I can tell.

    Don't you love those domain names? www.53.com.wps.portal.secure.huaru.info? WTF?

    What's the best way to report something like this?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi BC,

    If it is your bank, then tell them about it first..........it should help build some street cred?

    Then take a look at this:

    http://www.ccmostwanted.com/report/report3.htm

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    Gotta love those ridiculously long domains that screw with people's heads.. THey see the first .com and assume it's real..

    For reporting it... You definately want to submit it to PIRT/Fried Phish - http://www.castlecops.com/pirt

    You'll also want to contact your bank... -- 53investigation@security.53.com

    I'm actually surprised you got one for your own bank... I keep getting alerts in my online banking that there are phishes going around.. but I haevn't had one yet.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Funny thing is I've never used online banking. Won't touch it with a 10-foot pole. They'll never be able to emulate flirting with the tellers.

    edit -- I would've missed it if I hadn't fished it out of my spam folder.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •