I received an email in my corporate email account informing me about a password reset of my Facebook account...what Facebook account? I don't have one
the email has subject lie: "Facebook Password Reset Confirmation" sent from IP address 202.64.92.44 (yeah, email addresses can be easily spoofed but not the source IP address but may be a compromise home PC)
Phishing email has body message:
"Hey xxxx ,
Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.
Thanks,
The Facebook Team"
the file attachement is a zip file with filename "Facebook_Password_4cf91.zip"
I didn't bother to have file scan with my online anti-virus, keyloggers and malware scanning tools. Running malware analysis might be interesting but sadly, I don't have the time for it.
Just beware of facebook phishing and don't even think of executing the attachment unless you know what you're doing.
Showing posts with label Phishing. Show all posts
Showing posts with label Phishing. Show all posts
Monday, October 26, 2009
Monday, December 22, 2008
Phishing Alert: Chinabank Online
First there was Metrobank Direct, then BPI, Asia United Bank, Equitable -PCI (now Banco de Oro) that got hit by phishers wishing to earn money the wrong way from unsuspecting online bankers
I predicted my own bank to be targetted by phishing people and there it was...a phishing email was sent to numerous email recipients where the senders kept their fingers crossed that a few uninformed souls will actually login to their Chinabank Online account.
For your info, China bank Online requires two passwords: one for login and another for transactions (called transaction password). The two can be made the same (i know it's weird, but it can really be set to be the same thus defeating the purpose)
Using two passwords is not the same as two-factor authentication...
Chinabank released advisories warning their clients that they won't send emails requiring acount holders to login to their account.
No bank does that, only evil miscreants do!
Related Post:
Chinabank Swift Code
Chinabank Bank Code for Paypal
I predicted my own bank to be targetted by phishing people and there it was...a phishing email was sent to numerous email recipients where the senders kept their fingers crossed that a few uninformed souls will actually login to their Chinabank Online account.
For your info, China bank Online requires two passwords: one for login and another for transactions (called transaction password). The two can be made the same (i know it's weird, but it can really be set to be the same thus defeating the purpose)
Using two passwords is not the same as two-factor authentication...
Chinabank released advisories warning their clients that they won't send emails requiring acount holders to login to their account.
No bank does that, only evil miscreants do!
Related Post:
Chinabank Swift Code
Chinabank Bank Code for Paypal
Thursday, January 03, 2008
Gmail Phishing Email from Hotmail
I received the email below supposedly from customeraccountverticate101@gmail.com asking me to send my username and password to them as if I have a Hotmail account
and i'm that stupid to fall to their lame trick
If you received the same email, click "report as spam" so Gmail/Google can act on it immediately
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
from Customer Service
to customeraccountverticate101@gmail.com,
date Jan 3, 2008 12:21 PM
subject Verify Your Account (Case ID:- GMAIL554USER99886IKPPPPC)
mailed-by gmail.com
hide details 12:21 PM (55 minutes ago)
Reply
Dear Account User
This Email is from Hotmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account.If you are still interested please confirm your account by filling the space below.Your User name,password,date of bith and your country information would be needed to verify your account.
Due to the congestion in all Hotmail users and removal of all unused Gmail Accounts, Hotmail would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
* Username: ..............................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: ................
After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.
Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.
Gmail Hotmail Scam, Social Engineering,
and i'm that stupid to fall to their lame trick
If you received the same email, click "report as spam" so Gmail/Google can act on it immediately
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
from Customer Service
to customeraccountverticate101@gmail.com,
date Jan 3, 2008 12:21 PM
subject Verify Your Account (Case ID:- GMAIL554USER99886IKPPPPC)
mailed-by gmail.com
hide details 12:21 PM (55 minutes ago)
Reply
Dear Account User
This Email is from Hotmail Customer Care and we are sending it to every Gmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Gmail accounts so we are shutting down some Gmail accounts and your account was among those to be deleted.We are sending you this email to so that you can verify and let us know if you still want to use this account.If you are still interested please confirm your account by filling the space below.Your User name,password,date of bith and your country information would be needed to verify your account.
Due to the congestion in all Hotmail users and removal of all unused Gmail Accounts, Hotmail would be shutting down all unused Accounts, You will have to confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 24 hours for security reasons.
* Username: ..............................
* Password: ................................
* Date of Birth: ............................
* Country Or Territory: ................
After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences.
Warning!!! Account owner that refuses to update his/her account after two weeks of receiving this warning will lose his or her account permanently.
Gmail Hotmail Scam, Social Engineering,
Wednesday, October 10, 2007
UCPB Phishing Website
In another phishing scam where scums of the earth try to lure unsuspecting users to login to their online banking account and fish the username and passwords, a friend of mine forwarded the sample email and phishing website shown below:
note: FROM email address can be faked as well as the Time stamp. I don't have the sender IP address so i can't trace it.
~~~~~~~~~~~~~
Subject: United Coconut Planters Bank (UCPB) Security
From: "United Coconut Planters Bank (UCPB)"
Date: Sat, 10 Nov 2007 04:53:37 +0500
Dear UCPB Member!
Our system has detected unsuccessful login attempt to your UCPB account! Please login to your account and review recent activity in order to prevent unauthorized use of your account by third-parties. Click here to proceed.
Thank you!
~~~~~~~~~~~~~~~~~~~~~~
screenshot of email message
the phishing site: www.ucpb1.org
UCPB = United Coconut Planters Bank
Be Forwarned:
for other Phishing incidents in the Philippines, click on the Phishing Category/Label of this site.
note: FROM email address can be faked as well as the Time stamp. I don't have the sender IP address so i can't trace it.
~~~~~~~~~~~~~
Subject: United Coconut Planters Bank (UCPB) Security
From: "United Coconut Planters Bank (UCPB)"
Date: Sat, 10 Nov 2007 04:53:37 +0500
Dear UCPB Member!
Our system has detected unsuccessful login attempt to your UCPB account! Please login to your account and review recent activity in order to prevent unauthorized use of your account by third-parties. Click here to proceed.
Thank you!
~~~~~~~~~~~~~~~~~~~~~~
screenshot of email message
the phishing site: www.ucpb1.org
UCPB = United Coconut Planters Bank
Be Forwarned:
for other Phishing incidents in the Philippines, click on the Phishing Category/Label of this site.
Wednesday, July 04, 2007
Asia United Bank Phishing
Another phishing scam targetting Philippine bank Asia United Bank (but the assholes behind the scam said Asia Union Bank) with the sample letter below:
From: no_reply@aub.com.ph [mailto:no_reply@aub.com.ph]
Sent: Tuesday, June 26, 2007 5:15 PM
To:
Subject: Regular verification of Internet Bank Accounts!
Dear Asia Union Bank member,
During our regular verification of Internet Bank Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please Update your information.
· Login to your Asia Union Bank Internet Account
· Confirm your identity as a Asia Union Bank Customer
https://ebanking.asiaunited.com.ph/eBanking/
Please fill in the required information. This is required for us to continue to offer you a safe and risk free environment.
Thank you,
Asia Union Bank.
~~~~~
I didn't receive this email scam; this was forwarded to me by a friend
the website led me to this website: http://ec-veda.org/b1/eBanking/index.php
and as of this writing (july 13, 2007). It's been almost three weeks and the phishing site's still up with.
I wonder if there're really people tricked by this email when it's so obvious it's a scam...but you'll never know.
Related Post:
Asia United Bank (AUB) Bank Code = 011020011
From: no_reply@aub.com.ph [mailto:no_reply@aub.com.ph]
Sent: Tuesday, June 26, 2007 5:15 PM
To:
Subject: Regular verification of Internet Bank Accounts!
Dear Asia Union Bank member,
During our regular verification of Internet Bank Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please Update your information.
· Login to your Asia Union Bank Internet Account
· Confirm your identity as a Asia Union Bank Customer
https://ebanking.asiaunited.com.ph/eBanking/
Please fill in the required information. This is required for us to continue to offer you a safe and risk free environment.
Thank you,
Asia Union Bank.
~~~~~
I didn't receive this email scam; this was forwarded to me by a friend
the website led me to this website: http://ec-veda.org/b1/eBanking/index.php
and as of this writing (july 13, 2007). It's been almost three weeks and the phishing site's still up with.
I wonder if there're really people tricked by this email when it's so obvious it's a scam...but you'll never know.
Related Post:
Asia United Bank (AUB) Bank Code = 011020011
Wednesday, February 07, 2007
Equitable PCI Bank Phishing
I received this email toady purportedly from Equitable-PCI Bank informing me of unsuccesful login attempts on my online banking account and thus requiring me to review my account activity for any anomaly
the email is not directly addressed to me but to a resigned co-employees. I was only BCCed. The link to the FastNet site will take you not to the legitimate site i.e. http://www.fastnet.com.ph but rather to this phishing site.
Note that entering my account number and PIN, the miscreant will then be able to get and use my account information for whatever evil purposes-- that is if I have an Equitable PCI Bank account!
Digging deeper into the email headers and page source, I found these details:
1. Phishing website copied from Fastnet using HTTRACK available here
2. Used FROM email address: "Equitable PCI BANK"
3. Sent to a random email typical of phishers
4. Return Path: kingm@noronet.cz
5. SMTP server used: mail.noronet.cz
6. IP address of email sender: 194.212.224.152 traced to the Czech Republic
netname: GBCOMP-NET
descr: NoRoNet
descr: Municipal Network
descr: GB-COMP v.o.s.
descr: Nova Role
country: CZ
7. Note both IP address may be routed through Czech Republic IP address and does not necessarily come from there.
8. Phishing site is using fastnet.hk domain name HKDNR WHOIS site.
Registered on February 6, 2007 up to February 6, 2008
Registrant Name: SADA LOPA
Email: Dave2Cruz@hotmail.com
Country: US
Account Name: HK1806283T
9. Server hosted in using there IP addresses taken from authoritative DNS server
Name: www.fastnet.hk
Address: 62.43.146.9
Name: www.fastnet.hk
Address: 83.61.105.204
Name: www.fastnet.hk
Address: 84.102.8.73
Name: www.fastnet.hk
Address: 84.202.139.205
Name: www.fastnet.hk
Address: 142.161.199.111
I could have dug deeper into this one but I know I'll be facing a blank wall. I'm sure the guys at Equitable PCI Bank are already aware of this.
Note that phishing is an attack against the account holder and not directly at the bank itself. The only way to combat this is to educate users on how to discern legitimate sites from fake ones. There are, however, various ways to guard against phishing, one of which is strong 2nd factor authentication already being studied by various local banks.
the email is not directly addressed to me but to a resigned co-employees. I was only BCCed. The link to the FastNet site will take you not to the legitimate site i.e. http://www.fastnet.com.ph but rather to this phishing site.
Note that entering my account number and PIN, the miscreant will then be able to get and use my account information for whatever evil purposes-- that is if I have an Equitable PCI Bank account!
Digging deeper into the email headers and page source, I found these details:
1. Phishing website copied from Fastnet using HTTRACK available here
2. Used FROM email address: "Equitable PCI BANK"
3. Sent to a random email typical of phishers
4. Return Path: kingm@noronet.cz
5. SMTP server used: mail.noronet.cz
6. IP address of email sender: 194.212.224.152 traced to the Czech Republic
netname: GBCOMP-NET
descr: NoRoNet
descr: Municipal Network
descr: GB-COMP v.o.s.
descr: Nova Role
country: CZ
7. Note both IP address may be routed through Czech Republic IP address and does not necessarily come from there.
8. Phishing site is using fastnet.hk domain name HKDNR WHOIS site.
Registered on February 6, 2007 up to February 6, 2008
Registrant Name: SADA LOPA
Email: Dave2Cruz@hotmail.com
Country: US
Account Name: HK1806283T
9. Server hosted in using there IP addresses taken from authoritative DNS server
Name: www.fastnet.hk
Address: 62.43.146.9
Name: www.fastnet.hk
Address: 83.61.105.204
Name: www.fastnet.hk
Address: 84.102.8.73
Name: www.fastnet.hk
Address: 84.202.139.205
Name: www.fastnet.hk
Address: 142.161.199.111
I could have dug deeper into this one but I know I'll be facing a blank wall. I'm sure the guys at Equitable PCI Bank are already aware of this.
Note that phishing is an attack against the account holder and not directly at the bank itself. The only way to combat this is to educate users on how to discern legitimate sites from fake ones. There are, however, various ways to guard against phishing, one of which is strong 2nd factor authentication already being studied by various local banks.
Subscribe to:
Posts (Atom)
