Fraudulent Mail: Difference between revisions
(Created page with '==Fradulent mail claiming to come from Irish Banks== '''No Irish bank will ever contact you by e-mail. Never. If you get an e-mail claiming to be from a bank Irish or otherwise …') |
(→AIB) |
||
Line 15: | Line 15: | ||
==AIB== | ==AIB== | ||
'''Received 15th September 2009''' - Claims that AIB are launching a Customer Satisfaction Program and is offering 10000 free cheques. Mail has an attachment that the viewer is required to click on. | |||
Mail Path: | |||
Received: (qmail 21552 messnum 5604273 invoked from network[62.250.3.55/relay55.tele2.vuurwerk.nl]); 15 Sep 2009 14:55:12 -0000 | |||
Received: from relay55.tele2.vuurwerk.nl (HELO relay.versatel.net) (62.250.3.55) | |||
by mail25.svc.cra.dublin.eircom.net (qp 21552) with SMTP; 15 Sep 2009 14:55:12 -0000 | |||
Received: from [82.175.69.251] (helo=gizom.nl) | |||
by relay.versatel.net with esmtp (Exim 4.69) | |||
(envelope-from <win@aib.ie>) | |||
The attachment is crafted so that it pulls legitimate images from AIB's website and contains a form that will attempt to send any information filled in to capcode2.pck.nerim.net (213.41.255.74) located in France. | |||
--- | |||
'''Received 14th September 2009''' - Claims that AIB are launching a Customer Satisfaction Program and is offering 10000 free cheques. Mail has an attachment that the viewer is required to click on. | '''Received 14th September 2009''' - Claims that AIB are launching a Customer Satisfaction Program and is offering 10000 free cheques. Mail has an attachment that the viewer is required to click on. |
Revision as of 18:51, 15 September 2009
Fradulent mail claiming to come from Irish Banks
No Irish bank will ever contact you by e-mail. Never. If you get an e-mail claiming to be from a bank Irish or otherwise then you can be 100% certain that it is forged and you should delete it straight away.
Each of the main Irish banks have their own pages regarding fradulent mails:
Recent Phishing Attempts
AIB
Received 15th September 2009 - Claims that AIB are launching a Customer Satisfaction Program and is offering 10000 free cheques. Mail has an attachment that the viewer is required to click on.
Mail Path:
Received: (qmail 21552 messnum 5604273 invoked from network[62.250.3.55/relay55.tele2.vuurwerk.nl]); 15 Sep 2009 14:55:12 -0000 Received: from relay55.tele2.vuurwerk.nl (HELO relay.versatel.net) (62.250.3.55) by mail25.svc.cra.dublin.eircom.net (qp 21552) with SMTP; 15 Sep 2009 14:55:12 -0000 Received: from [82.175.69.251] (helo=gizom.nl) by relay.versatel.net with esmtp (Exim 4.69) (envelope-from <win@aib.ie>)
The attachment is crafted so that it pulls legitimate images from AIB's website and contains a form that will attempt to send any information filled in to capcode2.pck.nerim.net (213.41.255.74) located in France.
---
Received 14th September 2009 - Claims that AIB are launching a Customer Satisfaction Program and is offering 10000 free cheques. Mail has an attachment that the viewer is required to click on.
Mail Path:
Received: (vpopmail 22270 invoked by uid 16); 14 Sep 2009 08:29:42 +0100 Received: (qmail 22258 messnum 435189 invoked from network[62.193.238.86/wpc2071.amenworld.com]); 14 Sep 2009 07:29:41 -0000 Received: from wpc2071.amenworld.com (HELO preprod.groupeleduff.com) (62.193.238.86) by mail19.svc.cra.dublin.eircom.net (qp 22258) with SMTP; 14 Sep 2009 07:29:41 -0000 Received: from aib.ie ([67.202.3.66]) by preprod.groupeleduff.com with MailEnable ESMTP; Mon, 14 Sep 2009 09:35:01 +0200
The attachment is crafted so that it pulls legitimate images from AIB's website and contains a form that will attempt to send any information filled in to a webmail account on 212.34.154.2 which is in Madrid Spain.
Received 11th September 2009 - Claims that AIB are launching a new Anti-Phishing site and requires you to confirm your identity.
Mail Path:
Received: (vpopmail 27362 invoked by uid 16); 11 Sep 2009 14:03:34 +0100 Received: (qmail 27313 messnum 335556 invoked from network[216.122.144.114/safetycertified.com]); 11 Sep 2009 13:03:34 -0000 Received: from safetycertified.com (HELO mail.safetycertified.com) (216.122.144.114) by mail19.svc.cra.dublin.eircom.net (qp 27313) with SMTP; 11 Sep 2009 13:03:34 -0000 Received: from ec2-174-129-176-254.compute-1.amazonaws.com [174.129.176.254] by mail.safetycertified.com with SMTP; Fri, 11 Sep 2009 09:03:04 -0400
The mail contains a link that you are prompted to click on to confirm your identity. This hyperlink is targeted to an ISP's address pool. In this case Hinet in Taiwan.