Jump to content

Seems like something is missing????


Wazoo
 Share

Recommended Posts

From: "WazoO"

To: <xxxxxx>

Subject: Phishing / spam attempt

Date: Thu, 12 Apr 2007 08:26:17 -0500

Especially concerned as this is the first one I've received that

actually did match up to someone I have an account with.

A rare occurrence of extreme luck or has there been a security

breach of account data is the real question.

I checked the <snipped> web-site just now, but I fail to see

any warnings in place that this phish is in progress. As Admin

of the SpamCop.net support Forum, I can tell you that there

are a lot of folks out there that will in fact click on the offered

links and provide the requested data.

SpamCop.net Reporting tools were used and complaints were

sent to the following involved ISPs (noting that the spam spew

is seen coming from a German ISP and the fake web-site is

hosted in Argentina);

Re: 80.67.17.6 (Administrator of network where email originates)

To: abuse[at]ispgateway.de

Re: http://xxxxx.cscgt.com/xxxxx/ (Administrator of network hosting website

referenced in spam)

To: abuse[at]iplan.com.ar

To: ralonso[at]iplan.com.ar

spam phish as received;

Subject: Important Account Information Online Banking Suspension . (ID:xxxx-xxxx)

<actually snipped here>

This warning/query got me;

Date: Thu, 12 Apr 2007 10:31:13 -0400

To: WazoO

Subject: URGENT!!! PHISHING ATTEMPT FROM XXXXX[at]XXXX.XXX

From: xxxx

Dear Credit Union Member,

We have been alerted that some of our members have received an email from xxxxx[at]xxxx.xxx requesting our members to click on a link to update their account information. The email is signed Craig Haley who is posing as a <snipped> employee. DO NOT RESPOND OR CLICK ON THIS LINK! This email is NOT from <snipped>. <snipped> will not request personal identifying data or ask you to provide any account information as part of our web banking log in procedure. Please contact us immediately if you receive any suspicious emails.

Sincerely,

<snipped>

and then the follow-up;

Date: Thu, 12 Apr 2007 17:41:38 -0400

To: WazoO

Subject: SECOND WARNING!!! URGENT!!! PHISHING ATTEMPT FROM XXXXX[at]XXXX.XXX

From: xxxx[at]xxxx.xxx

Dear Credit Union Member,

We have been alerted that some of our members have received an email from xxxx[at]xxxx.xxxrequesting our members to click on a link to update their account information. This email is signed Craig Haley who is posing as a <snipped> employee. DO NOT RESPOND OR CLICK ON THIS LINK! This email is NOT from <snipped>. <snipped> will not request personal identifying data or ask you to provide any account information as part of the web banking log in procedure. We are in the process of investigating the origination of the phishing email. We have contacted our processors and to the best of our knowledge, there has not been a security breach.Please contact us immediatley if you receive any suspicious emails.

Sincerely,

<snipped>

Then the 'surprize!'

Date: Sun, 22 Apr 2007 21:19:07 -0400

To: Wazoo

Subject: <snipped>'s Website

From: xxxxx[at]xxxx.xxx

Dear Credit Union Member,

<snipped>'s website is temporarily unavailable. Until further notice you will not be able to access your account online. Sorry for any inconvience.

Sincerely,

<snipped>

Eventually then getting;

X-Authentication-Warning: xxxxxxxx.net: apache owned process doing -bs

To: WazoO

From: xxxxx[at]xxxxx.xxx

Subject: <snipped> Website

Date: Tue, 24 Apr 2007 15:48:19 -0400

Dear Credit Union Members,

Thank you for your patience while our website has been down. Our processors have resolved the issue and the website is now up and running. Again, sorry for any inconvenience.

<snipped>

The 'error message' in the headers looks somewhat bad, though everything else looks OK, as far as where it came from, etc. The issue is ... was there just a bit of coincidence in the timing of some 'scheduled/unscheduled maintenance .. or should I let the paranoia run rampant and wonder just where the 'now required by law' notification of the suggested possible scenario of a security breach might be???

A bit odd that as fast as their reply/response was to my initial contact ... it is strangely silent as to answering my follow-up queries on this recent 'downtime' ....

One would like to offer kudo's for 'doing something' about the issue, but .... was there an issue? <g>

Link to comment
Share on other sites

This warning/query got me;

and then the follow-up;

Then the 'surprize!'

Eventually then getting;

The 'error message' in the headers looks somewhat bad, though everything else looks OK, as far as where it came from, etc. The issue is ... was there just a bit of coincidence in the timing of some 'scheduled/unscheduled maintenance .. or should I let the paranoia run rampant and wonder just where the 'now required by law' notification of the suggested possible scenario of a security breach might be???

A bit odd that as fast as their reply/response was to my initial contact ... it is strangely silent as to answering my follow-up queries on this recent 'downtime' ....

One would like to offer kudo's for 'doing something' about the issue, but .... was there an issue? <g>

...Just some wild guesses (to add to your supposition that it might just be a coincidence): perhaps they decided to make some change to their web site (a note about the phishing attempt or some additional security precautions) as a consequence of the phishing attempt but the change caused their web site to crash. Another possibility: a DOS attack to punish the CU for daring to alert their members to the phishing attempt. Another possibility: lots of victims and potential victims going to the CU web site due to the phishing attempt.
Link to comment
Share on other sites

Thank you for your patience while our website has been down. Our processors have resolved the issue and the website is now up and running. Again, sorry for any inconvenience.

Pretty scary...

"Don't worry, everything is all right now. Really, we mean it."

Reminds me of the last scene of [the remake of] Invasion of the Body Snatchers, with Donald Sutherland starring as your Credit Union website.

-- rick

Link to comment
Share on other sites

Pretty scary...

/snip

Reminds me of the last scene of [the remake of] Invasion of the Body Snatchers, with Donald Sutherland starring as your Credit Union website.

-- rick

...not to mention that what apparently had Donald Sutherland head, had the body of a bulldog...(or perhaps a Boston terrier...hard to tell)

Edited by dra007
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...