Click the comments link on any
story to see comments or add your own.
Subscribe to this blog
RSS feed
|
Home :: Email
23 Jun 2005
Phishing is a big problem, and banks have given us lots of advice like
don't click on links in e-mail messages and watch for mail from
fake sources.
So take a look at this message that I got earlier this year
and tell me whether it's real or a phish.
(I already know the answer. This is a thought experiment.)
Clues:
- Helo with nonexistent domain name unrelated to the bank
- Actual IP has no rDNS, SWIP is to some company with no visible
connection to the bank
- Return address is in securesuiteemail.com, a domain unrelated to the bank
- Return address domain is at Yahoo domains with a yahoo.com contact, a
mailing address in Israel, and a bogus phone number
- Headers include "Comment: Unauthenticated sender"
- HTML contents include URLs that they encourage you to click through,
that don't match the ones in the text part and are not in the bank's
domain or any domain in the header, rather they're at
bankofamerica.vbv.cyota.com
So tell me, if you found this in your mailbox, would you believe that it's
a genuine communication from the Bank of America credit card department?
(I've reformatted this message a little bit to make it look OK on the
weblog. The headers are verbatim other than the recipient address,
and the HTML is basically the way it was. The links are all live, and
take you to a site purporting to be Bank of America.)
Return-Path:
Received: (qmail 4897 invoked by uid 100); 27 Feb 2005 19:32:01 -0000
Received: (qmail 4155 invoked from network); 27 Feb 2005 19:30:20 -0000
Received: from unknown (HELO cyomail1.cyota.dotsconnect.com) (63.150.74.73)
by mail.iecc.com with SMTP; 27 Feb 2005 19:30:20 -0000
Received: from cyoweb1 (cyoweb1 [172.29.1.10])
by cyomail1.cyota.dotsconnect.com (8.11.7p1+Sun/8.10.2) with SMTP
id j1RJKXF27254
for xxx@yyy.com; Sun, 27 Feb 2005 14:20:33 -0500 (EST)
Date: 27 Feb 2005 19:31:39 -0000
Message-Id: <200502271920.j1RJKXF27254@cyomail1.cyota.dotsconnect.com>
From: "Bank of America"
Reply-To: bankofamerica@securesuiteemail.com
To: xxx@yyy.com
Subject: Bank of America - Verified by Visa Registration Confirmation
Comment: Unauthenticated sender
X-Mailer: JNet CSmtpWrapper
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="CyotaVBV"
--CyotaVBV
Content-Type: text/plain; charset=iso-8859-1
Dear Bank of America Visa Cardholder:
This message confirms your registration into Verified by Visa
services.
This is an outbound message only. Please do not reply. If you have
any questions, please refer to our Frequently Asked Questions (FAQs)
or contact us by secure e-mail at
http://www.bankofamerica.com/verifiedbyvisa (select this link or copy
and paste it into your browser). On this page, select "FAQs" or
choose "Contact Us" to send us an e-mail.We will get back to you
within 2 business days.
You can always visit the Verified by Visa site at
http://www.bankofamerica.com/verifiedbyvisa to track your
transactions and manage account settings.
Please keep this email with the Verified by Visa site URL in a safe
place.
Thank you,
Bank of America
--CyotaVBV
Content-Type: text/html; charset=iso-8859-1
Dear Bank of America Visa Cardholder:
This message confirms your registration into Verified by Visa
services.
This is an outbound message only. Please do not reply. if you
have any questions,
please refer to our Frequently Asked Questions (FAQs) or
contact us by secure e-mail at
the Verified by Visa site.
On this page, select "FAQs" or choose "Contact Us" to send us
an e-mail.
We will get back to you within 2 business days.
You can always visit the Verified by Visa site.
to track your transactions and manage account
settings.
Please keep this email with the Verified by Visa site link in
a safe place.
Thank you,
Bank of America
Stable link is https://jl.ly/Email/phish1.html
|
Topics
My other sites
Who is this guy?
Airline ticket info
Taughannock Networks
Other blogs
CAUCE It turns out you don’t need a license to hunt for spam. 201 days ago
A keen grasp of the obvious Italian Apple Cake 759 days ago
Related sites
Coalition Against Unsolicited Commercial E-mail
Network Abuse Clearinghouse
My
Mastodon feed
|