A phishing expedition
Posted Under: safe internet
I just got this email:
<<beginning of email>>
FEDERAL RESERVE BANK
Important:
You’re getting this letter in connection with new directions issued by U.S. Treasury Department. The directions concern U.S. Federal Wire online payments.
On January 26, 2009 a large-scaled phishing attack started and has been still lasting. A great number of banks and credit unions is affected by this attack and quantity of illegal wire transfers has reached an extremely high level.
U.S. Treasury Department, Federal Reserve and Federal Deposit Insurance Corporation (FDIC) in common worked out a complex of immediate actions for the highest possible reduction of fraudulent operations. We regret to inform you that definite restrictions will be applied to all Federal Wire transfers from February 6 till February 13.
Here you can get more detailed information regarding the affected banks and U.S. Treasury Department restrictions:
http://ach-frs.e-bankserver.us/37575142/secur~12432/wire/
Federal Reserve Bank System Administration
<<end of email>>
So how do we know it is a phising email:
- The English is atrocious: eg has been still lasting….
- The spaces are in the wrong places.
- The URL they want to send you is not www.ustreas.gov which is the URL of the
U.S. Department of the Treasury. - It is not U.S. Treasury Department but U.S. Department of the Treasury. Subtle things like this can give you clues about what is going on.
- Remember all US government agencies are dot GOV never dot COM dot US or anything else.
When in doubt run a WHOIS on the offending site. This is what I got:
Server Data
| IP Address: | 61.235.117.73 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute |
| IP Location |  – Beijing – Beijing – China Railcom Guangdong Shenzhen Subbranch |
| Response Code: | 200 |
| Domain Status: | Registered And Active Website |
DomainTools Exclusive
| Registrant Search: | “Evgeniy Kotsarev” owns about 5 other domains |
| NS History: | 3 changes on 3 unique name servers over 3 years. |
Whois Record
Domain Name: E-BANKSERVER.US
Domain ID: D18514989-US
Sponsoring Registrar: WEB COMMERCE COMMUNICATIONS, LTD.
Registrar URL (registration services): whois.web.cc
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: WN8837600T
Registrant Name: Evgeniy Kotsarev
Registrant Organization: Evgeniy Kotsarev
Registrant Address1: Sovetskaya str. d.11 kv.1
Registrant City: Kachalino
Registrant State/Province: Volgogradskaya
Registrant Postal Code: 403080
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +7.8442531113
Registrant Facsimile Number: +0.0
Registrant Email:
And:
Domain Registration Date: Mon Feb 02 14:32:20 GMT 2009
Domain Expiration Date: Mon Feb 01 23:59:59 GMT 2010
Domain Last Updated Date: Mon Feb 02 19:33:51 GMT 2009
To get more information on this or any site go to WHOIS.
The point is that the phishing site was registered today and no doubt they’ll send out milions of emails and unfortunately there are enough people who don’t know what they are doing and are caught hook line and sinker.
To protect yourself: never go to directly to a website from an email when they scare you. Type in the website address yourself. So if an email comes from paypal go to paypal.com by typing it in you browser yourself and remember never give your password, SSN, user ID to anyone who asks from an email but it is much safer never to click on an unsolicited email’s links.
Winter Clearance Sale at VistaPrint! Save up to 90%
Post Footer automatically generated by Add Post Footer Plugin for wordpress.
Reader Comments