rconner Posted July 12, 2011 Share Posted July 12, 2011 Here's an attempted phish that the SC parser says actually did come through the bank (PNC bank, in this case) by way of Messagelabs. The headers don't go back any farther than this. Actually, the headers do go back to Poland, but SpamCop apparently stumbled over an intramural relay within PNC and stopped work. Pretty sneaky stuff, although for whatever reason the message payload was not transmitted so I had to patch it in the customary fashion in order to report it. I can't imagine it being a bona-fide message because I have no business with this bank. It isn't, it is just another Phish (although one that managed to swim through the target business somehow). tracking link -- rick Link to comment Share on other sites More sharing options...
Farelf Posted July 12, 2011 Share Posted July 12, 2011 Wow, that is diabolical Rick. By the way, no consolation, but without mail-hosting the parse would have been de-railed even earlier in the chain: http://www.spamcop.net/sc?id=z5066110999ze...625a0b15bf8f74z IPNetInfo (utility) fingered poczta.quay.pl [195.205.183.3] (abuse[at]tpnet.pl) and messagepartners.com (latter for discard on inspection). Thanks for the example - a timely reminder of the complexities and of the cunning crafting some of these phishes appear to have been given. Sort of neat that the payload got lost along the way - something is working somewhere, maybe. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.