Email Scam 20070926
ID: Bank of America pop-up (b25153.info)
Email Scam 20071003
ID: PayPal Phish (b25153.info)
We receive TWO scams from this bad guy, b25153.info, so we are presenting them together.
Bad guys are always looking for new tricks to mask their activities, and this BofA mask is a doosey! The link in the email (top right) actually takes you to the log in page of the real Bank of America site! But once you are there, a pop-up page that is IDENTICAL in appearance overlays the real page (bottom right). With that mask in place, any information that you type in goes right to the bag guys! The final straw is that you can click on any of the links on the site and connect directly to any of the pages of the Bank of America site. We even had an online chat with their customer Service rep (wasn't she surprised when we showed up at her door!).
Thanks to all of us, this Phishing site is now closed.
This attack on PayPal customers is no where near as sophisticated or polished as the BofA scam but it does serve the purpose of giving us more ways to dig up information about the phisher himself!
You will note that the email itself (right bottom) has the same style as the BofA email. The PayPal scam site is a typical dead-end page where only the log in fields work (unlike the BofA attempt where all the buttons worked).
We reported this set of links to spoof@paypal.com and they are already shut down. This bad guy is going to get awfully tired of us!
|
|
|
|
Email Scam 20081009
ID: Citibank-Sokolow Phishing email and spoof website
This fake bank announcement is pretty typical but the sophistication of the spoof website puts it in the “middle class” of this type of scam. The bottom line is still to try and trick you into giving the bad guys your Citibank account information. Check it all out on the link to the right.
| 
Citibank-Sokolov scam |
Email Scam 20070804
ID: Hometown Bank-GWD
In this investigation, we are looking into an email that is supposedly from this exisitng and reputable bank. It is actually linking you to a web site in England that is acting as a server for someone trying to commit identity theft.
We were able to track down not only the website that was hosting this scam, but the NAME AND ADDRESS of the designers!
|
|
HBC-GWD report |
Phishing Email Scam 20071013 and 20071027
ID: Metro Credit Union Scams
Like most banks, this one is a target for Phishing scams using their name. Here are two scams that steal the design of the actual bank pages. The first scammer puts it a redirect link on his own domain site and both hack into innocent sites to plant the Phishing pages. Both use some links back to the real bank site in an attempt to allay suspicions. Tracking down who is hosting their efforts gives some interesting results.
|
MCU email scams |
Email Scam 20070906
ID: MidAmerica Bank-Zcom
Bad guys masquerading as banks and other financially legitimate firms can use a lot of tricks in covering their tracks. But this scam plays a unique form of the old children's game, Hot Potato. In this email (below right), supposedly from MidAmerica Bank, the Click Here link starts by taking you to a dummy website in Mexico which redirects you to hidden pages on web sites in Russia! It is there that your personal information is stolen. We will take you through the steps as this Hot Potato gets tossed from link to link, one hidden website page to another, as the bad guys try to stay one step ahead of those working hard to shut them down!
|
|
MAB-Zcom report |
Phishing Email Scam 20071020
ID: Regions Bank
This was a blast from the past for us as we had another scam citing Regions bank while we were still a newsletter distribution. Like other Bank Phishing scams, this one has stolen the layout of the actual bank site for the scam email and Phishing site. Unlike many others, the Phishing site is a fairly complete FAKE bank site!
This is also likely to be an instance of site hijacking rather than a matter of setting up a domain to house the Phishing pages. This makes the hijackers hard to track down as there is no registry name to look up. In this case it also allows damage to the unsuspecting host site as the bad guys plant a Trojan virus there!
|
Regions scam report |
|
