Jump to content

Phishing is better from the bank


rconner
 Share

Recommended Posts

Here's an attempted phish that the SC parser says actually did come through the bank (PNC bank, in this case) by way of Messagelabs. The headers don't go back any farther than this. Actually, the headers do go back to Poland, but SpamCop apparently stumbled over an intramural relay within PNC and stopped work. Pretty sneaky stuff, although for whatever reason the message payload was not transmitted so I had to patch it in the customary fashion in order to report it.

I can't imagine it being a bona-fide message because I have no business with this bank. It isn't, it is just another Phish (although one that managed to swim through the target business somehow).

tracking link

-- rick

Edited by rconner
Link to comment
Share on other sites

Wow, that is diabolical Rick. By the way, no consolation, but without mail-hosting the parse would have been de-railed even earlier in the chain:

http://www.spamcop.net/sc?id=z5066110999ze...625a0b15bf8f74z

IPNetInfo (utility) fingered poczta.quay.pl [195.205.183.3] (abuse[at]tpnet.pl) and messagepartners.com (latter for discard on inspection).

Thanks for the example - a timely reminder of the complexities and of the cunning crafting some of these phishes appear to have been given. Sort of neat that the payload got lost along the way - something is working somewhere, maybe.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...