Jump to content

Phishing is better from the bank


Recommended Posts

Here's an attempted phish that the SC parser says actually did come through the bank (PNC bank, in this case) by way of Messagelabs. The headers don't go back any farther than this. Actually, the headers do go back to Poland, but SpamCop apparently stumbled over an intramural relay within PNC and stopped work. Pretty sneaky stuff, although for whatever reason the message payload was not transmitted so I had to patch it in the customary fashion in order to report it.

I can't imagine it being a bona-fide message because I have no business with this bank. It isn't, it is just another Phish (although one that managed to swim through the target business somehow).

tracking link

-- rick

Link to comment
Share on other sites

Wow, that is diabolical Rick. By the way, no consolation, but without mail-hosting the parse would have been de-railed even earlier in the chain:


IPNetInfo (utility) fingered poczta.quay.pl [] (abuse[at]tpnet.pl) and messagepartners.com (latter for discard on inspection).

Thanks for the example - a timely reminder of the complexities and of the cunning crafting some of these phishes appear to have been given. Sort of neat that the payload got lost along the way - something is working somewhere, maybe.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...