Wazoo Posted April 26, 2007 Share Posted April 26, 2007 From: "WazoO" To: <xxxxxx> Subject: Phishing / spam attempt Date: Thu, 12 Apr 2007 08:26:17 -0500 Especially concerned as this is the first one I've received that actually did match up to someone I have an account with. A rare occurrence of extreme luck or has there been a security breach of account data is the real question. I checked the <snipped> web-site just now, but I fail to see any warnings in place that this phish is in progress. As Admin of the SpamCop.net support Forum, I can tell you that there are a lot of folks out there that will in fact click on the offered links and provide the requested data. SpamCop.net Reporting tools were used and complaints were sent to the following involved ISPs (noting that the spam spew is seen coming from a German ISP and the fake web-site is hosted in Argentina); Re: 220.127.116.11 (Administrator of network where email originates) To: abuse[at]ispgateway.de Re: http://xxxxx.cscgt.com/xxxxx/ (Administrator of network hosting website referenced in spam) To: abuse[at]iplan.com.ar To: ralonso[at]iplan.com.ar spam phish as received; Subject: Important Account Information Online Banking Suspension . (ID:xxxx-xxxx) <actually snipped here> This warning/query got me; Date: Thu, 12 Apr 2007 10:31:13 -0400 To: WazoO Subject: URGENT!!! PHISHING ATTEMPT FROM XXXXX[at]XXXX.XXX From: xxxx Dear Credit Union Member, We have been alerted that some of our members have received an email from xxxxx[at]xxxx.xxx requesting our members to click on a link to update their account information. The email is signed Craig Haley who is posing as a <snipped> employee. DO NOT RESPOND OR CLICK ON THIS LINK! This email is NOT from <snipped>. <snipped> will not request personal identifying data or ask you to provide any account information as part of our web banking log in procedure. Please contact us immediately if you receive any suspicious emails. Sincerely, <snipped> and then the follow-up; Date: Thu, 12 Apr 2007 17:41:38 -0400 To: WazoO Subject: SECOND WARNING!!! URGENT!!! PHISHING ATTEMPT FROM XXXXX[at]XXXX.XXX From: xxxx[at]xxxx.xxx Dear Credit Union Member, We have been alerted that some of our members have received an email from xxxx[at]xxxx.xxxrequesting our members to click on a link to update their account information. This email is signed Craig Haley who is posing as a <snipped> employee. DO NOT RESPOND OR CLICK ON THIS LINK! This email is NOT from <snipped>. <snipped> will not request personal identifying data or ask you to provide any account information as part of the web banking log in procedure. We are in the process of investigating the origination of the phishing email. We have contacted our processors and to the best of our knowledge, there has not been a security breach.Please contact us immediatley if you receive any suspicious emails. Sincerely, <snipped> Then the 'surprize!' Date: Sun, 22 Apr 2007 21:19:07 -0400 To: Wazoo Subject: <snipped>'s Website From: xxxxx[at]xxxx.xxx Dear Credit Union Member, <snipped>'s website is temporarily unavailable. Until further notice you will not be able to access your account online. Sorry for any inconvience. Sincerely, <snipped> Eventually then getting; X-Authentication-Warning: xxxxxxxx.net: apache owned process doing -bs To: WazoO From: xxxxx[at]xxxxx.xxx Subject: <snipped> Website Date: Tue, 24 Apr 2007 15:48:19 -0400 Dear Credit Union Members, Thank you for your patience while our website has been down. Our processors have resolved the issue and the website is now up and running. Again, sorry for any inconvenience. <snipped> The 'error message' in the headers looks somewhat bad, though everything else looks OK, as far as where it came from, etc. The issue is ... was there just a bit of coincidence in the timing of some 'scheduled/unscheduled maintenance .. or should I let the paranoia run rampant and wonder just where the 'now required by law' notification of the suggested possible scenario of a security breach might be??? A bit odd that as fast as their reply/response was to my initial contact ... it is strangely silent as to answering my follow-up queries on this recent 'downtime' .... One would like to offer kudo's for 'doing something' about the issue, but .... was there an issue? <g> Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.