Re: Good Bank of America Phish in Spam, Scam and Phishbusters

Re: Good Bank of America Phish

Wed, 01 Jul 2009 04:57:16 EDT

MGD :

said by nirvansk815 :

Hopefully what you need is inside this header. If not, let me know where to look.

Excellent, thank you. Originated in France then relayed via a server in New Zealand.

MGD

Re: Good Bank of America Phish

Wed, 01 Jul 2009 04:29:20 EDT

nirvansk815 :

said by MGD :

said by nirvansk815 :

Just wanted to post some pictures of what seems to be a very good phish attempt.

You don't by chance have the originating IP of that phishmail.?

MGD

Hopefully what you need is inside this header. If not, let me know where to look.

X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtTQ0w9NA==X-Message-Status: s3:0X-SID-PRA: billpay-alert@bankofamerica <e-alert-update@bankofamerica.com>X-SID-Result: SoftFailX-Message-Info: dpeAAki3kMS5MfdIIv4qnXWmWRVCOXEotpHEqZVh/uQdqaxlz5hlwhPg/dc4fC5y0BJ0b5W34GTaFeUlTy1DdMCt8mAw/+ATReceived: from mxi1.callplus.net.nz ([202.180.66.203]) by col0-mc3-f30.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 30 Jun 2009 07:32:07 -0700Message-Id: <7mumo6$7kdksd@ismtp01.callplus.net.nz>Received: from 8.159.86-79.rev.gaoland.net (HELO User) ([79.86.159.8])  by ismtp01.callplus.net.nz with ESMTP; 01 Jul 2009 02:31:24 +1200From: "billpay-alert@bankofamerica"<e-alert-update@bankofamerica.com>Subject: Bank Of America Alert : Important Customer Service MessageDate: Tue, 30 Jun 2009 07:32:02 -0700MIME-Version: 1.0Content-Type: text/html;charset="Windows-1251"Content-Transfer-Encoding: 7bitX-Priority: 1X-MSMail-Priority: HighX-Mailer: Microsoft Outlook Express 6.00.2600.0000X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000Bcc:Return-Path: e-alert-update@bankofamerica.comX-OriginalArrivalTime: 30 Jun 2009 14:32:07.0490 (UTC) FILETIME=[8B9F9220:01C9F98F]

--
There's so much to be thankful for...How can anyone be sad?

Re: Good Bank of America Phish

Wed, 01 Jul 2009 01:44:30 EDT

MGD :

said by nirvansk815 :

Just wanted to post some pictures of what seems to be a very good phish attempt.

You don't by chance have the originating IP of that phishmail.?

MGD

Re: Good Bank of America Phish

Wed, 01 Jul 2009 01:42:52 EDT

MGD : Yes, it has errors that belies its Eastern European non native English origin. However, the presentation is rather unique, so is the the drop down javascripted box format, that will request both online bank log in, and card data. Plus site key answers and victim's Drivers License, DOB, SSN, & MMN.

Even though the files are dated from May of 2008,

Snapped 2009-07-01 01:42:18

»culturalclassics.com/media/xfile···m_files/

I don't recall seeing the exact phish format before. Maybe nwrickert has.

MGD

Re: Good Bank of America Phish

Wed, 01 Jul 2009 01:08:08 EDT

madylarian : Rather, it's a not-very-good phish. Dead giveaways:

1. Bank Of American Bill Pays Notification Services

2. Dear Customer instead of Dear *Your Name*

mady
--
Honi soit qui mal y pense

Re: Good Bank of America Phish

Tue, 30 Jun 2009 22:30:56 EDT

garys_2k :

said by Doctor Four :

Has anyone reporting this phish to Google so that it shows up as a reported web forgery for Firefox users?

Yes, I did as soon as I saw it. It still shows without the warning so I did it again, just now. Hopefully it will get their attention.

Re: Good Bank of America Phish

Tue, 30 Jun 2009 16:05:06 EDT

MGD : I am not sure about that, however, SURBL picks up phishtrack submits in real time, and others may as well. MSIE currently flags the culturalclassics.com domain as a phishing site. Tinyurl has disabled the tinyurl.com initial redirect.

MGD

Re: Good Bank of America Phish

Tue, 30 Jun 2009 15:48:00 EDT

Doctor Four : Has anyone reporting this phish to Google so that it shows up as a reported web forgery for Firefox users?

Re: Good Bank of America Phish

Tue, 30 Jun 2009 15:31:38 EDT

nwrickert : No it wasn't. But you can see for yourself at
»/phishtrack?pi···8&urls=1
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11

Re: Good Bank of America Phish

Tue, 30 Jun 2009 15:08:54 EDT

antiphishing :

said by nwrickert :

This seems to be the phish you submitted to »/phishtrack and appears as phish #37948. Thanks for submitting.

Was the phishing site:
httx://70.90.182.---/Onlineid/Onlineid.bankofamerica/bankofamerica.com/Online_Banking/security.update/update.bankofamerica.com/

I am trying to get that site terminated off the internet. :o
--

Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»www.phishtank.com
»www.fraudwatchers.org
»mozilla.com

Re: Good Bank of America Phish

Tue, 30 Jun 2009 15:00:32 EDT

nwrickert : This seems to be the phish you submitted to »/phishtrack and appears as phish #37948. Thanks for submitting.
--
AT&T dsl; Speedstream 5100b modem; openSuSE 11.0; firefox 3.0.11

Good Bank of America Phish

Tue, 30 Jun 2009 11:24:04 EDT

nirvansk815 : Just wanted to post some pictures of what seems to be a very good phish attempt.
--
There's so much to be thankful for...How can anyone be sad?

Looks real
notice the address bar