| View previous topic :: View next topic |
| Author |
Message |
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16536
|
 Posted: Sun Feb 20, 2005 4:52 pm Post subject: Citizens Bank |
|
|
Oldfrog, you have an email address I could forward this stuff to?
| Code: | Return-Path: <support@citizensbank.com>
Received: from localhost (localhost [127.0.0.1])
by xxx.xxxx.TLD (8.12.10+Sun/8.12.10) with ESMTP id j1KG3R78020142
for <ikeb@[127.0.0.1]>; Sun, 20 Feb 2005 11:03:27 -0500 (EST)
Received: from xxx.xxxx.TLD ([127.0.0.1])
by localhost (smtp [127.0.0.1]) (amavisd-new, port 10024) with LMTP
id 19640-04 for <ikeb@[127.0.0.1]>; Sun, 20 Feb 2005 11:03:27 -0500 (EST)
Received: from 209.87.239.70 ([82.174.175.220])
by xxx.xxxx.TLD (8.12.10+Sun/8.12.10/Submit) with SMTP id j1KG2kY0020056
for <xxx@xxx.TLD>; Sun, 20 Feb 2005 11:02:48 -0500 (EST)
X-Message-Info: GX/l+773+xak/JFK+56/51444779350
Received: from smtp-brig.artwork.support@citizensbank.com ([82.174.175.220]) by gf9-eg18.support@citizensbank.com with Microsoft SMTPSVC(5.0.5819.1094);
Sun, 20 Feb 2005 20:02:38 +0300
X-Message-Info: FMDG+%ND_LC_CHAR[1-3]165+gmx+T+9/4760492081474
Received: (qmail 63489 invoked by uid 36); Sun, 20 Feb 2005 22:05:38 +0500
Date: Sun, 20 Feb 2005 23:03:38 +0600
Message-Id: <06307556356.71603@support@citizensbank.com>
From: Citizens Bank <support@citizensbank.com>
To: Ikeb <xxx@xxx.TLD>
Subject: [spam] Important Online Banking Alert
MIME-Version: 1.0 (produced by manuelclaus 1.4)
Content-Type: multipart/alternative;
boundary="--4585150628270558599"
X-Virus-Scanned: amavisd-new at xxxx.TLD
X-UIDL: mKj"!R,:!!F'k!!&41"!
X-Text-Classification: spam
X-POPFile-Link: http://127.0.0.1:8088/jump_to_message?view=3914
----4585150628270558599
Content-Type: text/html;
charset="iso-4886-4"
Content-Transfer-Encoding: quoted-printable
Content-Description: interpol furry jalopy
<html>
<head>
<link rel=3D"StyleSheet" href=3D"http://www.citizensbank.com/css/default.c=
ss" type=3D"text/css">
<title>Citizens Bank Online</title>
</head>
<body>
<img src=3D"http://www.citizensbank.com/img/header/cb_logo.gif">
<br><br><div style=3D"font-family: Arial, Helvetica, sans-serif; font-size=
: 8pt; line-height:13.5pt; color:666666;">
Dear valued <b>Citizens=AE</b> Bank member,
<br><br>
Due to concerns, for the safety and integrity of the online banking commun=
ity we have issued the following warning message.
<br><br>
It has come to our attention that your <b>Citizens=AE</b> account informat=
ion needs to be updated as part of our continuing commitment to protect yo=
ur account and to reduce the instance of fraud on our website. If you coul=
d please take 5-10 minutes out of your online experience and renew your re=
cords you will not run into any future problems with the online service. H=
owever, failure to confirm your records may result in your account suspens=
ion.
<br><br>
Once you have confirmed your accounts record your internet banking service=
will not be interrupted and will continue as normal.
<br><br>
<b>To confirm your bank account records please <a href=3D"http://80.219.15=
5.193/CitizensBank/OnlineBanking/" target=3D"_blank">click here.</a></b>
<br><br>
Thank you for your time,
<br>
<b>Citizens=AE Financial Group.</b></div>
<br>
<table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"760">
<tr>
<td width=3D"8"><img src=3D"http://www.citizensbank.com/img/template/space=
r.gif" width=3D"8" height=3D"1" alt=3D"" border=3D"0"></td>
<td width=3D"745"><img src=3D"http://www.citizensbank.com/img/template/spa=
cer.gif" width=3D"1" height=3D"11" alt=3D"" border=3D"0"></td>
<td width=3D"7"><img src=3D"http://www.citizensbank.com/img/template/space=
r.gif" width=3D"7" height=3D"1" alt=3D"" border=3D"0"></td>
</tr>
<tr>
<td rowspan=3D"3" width=3D"8"><img src=3D"http://www.citizensbank.com/img/=
template/spacer.gif" width=3D"8" height=3D"1" alt=3D"" border=3D"0"></td>
<td width=3D"745"><img src=3D"http://www.citizensbank.com/img/footer/foote=
r.gif" width=3D"745" height=3D"19" alt=3D"" border=3D"0"></td>
<td rowspan=3D"3" width=3D"7"><img src=3D"http://www.citizensbank.com/img/=
template/spacer.gif" width=3D"7" height=3D"1" alt=3D"" border=3D"0"></td>
</tr>
<tr>
<td width=3D"745" bgcolor=3D"#2B9376"><img src=3D"http://www.citizensbank.=
com/img/template/spacer.gif" width=3D"1" height=3D"22" alt=3D"" border=3D"=
0"></td>
</tr>
<tr>
<td width=3D"745" align=3D"center"><div class=3D"footer">
<a href=3D"http://www.citizensbank.com/boilerplate/privacylegal/privacy.as=
p" target=3D"_blank">Privacy</a> |
<a href=3D"http://www.citizensbank.com/boilerplate/privacylegal/security.a=
sp" target=3D"_blank">Security</a> & 2005 Citizens Financial Grou=
p. All rights reserved.
<a href=3D"http://www.citizensbank.com/misc/termsofuse.asp" target=3D"_bla=
nk">Terms of Use</a> |
<a href=3D"http://www.citizensbank.com/tools/site_map/map.asp" target=3D"_=
blank">Site Map</a></div></td>
</tr>
</table>
</body></html>
----4585150628270558599--
|
|
|
| Back to top |
|
 |
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Sun Feb 20, 2005 5:11 pm Post subject: |
|
|
Yes I do, Ike. fraud@deckertechnology.net
This is the first site like this that I have seen operating out of Switzerland. I plugged the URL into IE and both Netcraft and FraudEliminator caught it. Spoofguard seemed to think that it was okay.
_________________
 MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Ikeb
Special Response Team
Forums Admin
Joined: Apr 20, 2003
Posts: 16536
|
| Posted: Sun Feb 20, 2005 5:25 pm Post subject: |
|
|
Thanks Oldfrog. I'll send them there from now on so I don't have to sanitize the header. 
Another item for a "Help" sticky?
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Sun Feb 20, 2005 5:35 pm Post subject: |
|
|
| Quote: | | Another item for a "Help" sticky? |
We have several of those in draft form right now and just as soon as I get the permissions in this forum added to me I will be putting some up.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
OJ_did_it
Major
Premium Member
Joined: Nov 13, 2004
Posts: 1059
|
| Posted: Sun Feb 20, 2005 11:10 pm Post subject: |
|
|
Just a suggestion:
Perhaps we would complie a list of these known sites and set up a forum for people so taht they will kno where they are going.??
OJ
_________________
"Your every move is my calculated step"
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Sun Feb 20, 2005 11:54 pm Post subject: |
|
|
One of the things that we would like to do is compile an online encyclopedia of various phishing exploits. Hopefully this would be an easily navigated resource so that people could quickly find links to the information that they are looking for.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
Oldfrog
Special Response Team
Joined: Jun 27, 2004
Posts: 8576
Location: Deep in the Heart of Texas
|
| Posted: Tue Feb 22, 2005 3:26 am Post subject: |
|
|
As of 0325GMT 21 February the target URL for this phish was offline.
_________________
MS MVP Security 2006-2008
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
