Fraudulent Mail

From RSWiki
Revision as of 10:40, 14 September 2009 by Robert (talk | contribs) (Created page with '==Fradulent mail claiming to come from Irish Banks== '''No Irish bank will ever contact you by e-mail. Never. If you get an e-mail claiming to be from a bank Irish or otherwise …')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Fradulent mail claiming to come from Irish Banks

No Irish bank will ever contact you by e-mail. Never. If you get an e-mail claiming to be from a bank Irish or otherwise then you can be 100% certain that it is forged and you should delete it straight away.

Each of the main Irish banks have their own pages regarding fradulent mails:

Recent Phishing Attempts

AIB

Received 14th September 2009 - Claims that AIB are launching a Customer Satisfaction Program and is offering 10000 free cheques. Mail has an attachment that the viewer is required to click on.

Mail Path: 

Received: (vpopmail 22270 invoked by uid 16); 14 Sep 2009 08:29:42 +0100
Received: (qmail 22258 messnum 435189 invoked from network[62.193.238.86/wpc2071.amenworld.com]); 14 Sep 2009 07:29:41  -0000
Received: from wpc2071.amenworld.com (HELO preprod.groupeleduff.com) (62.193.238.86)
  by mail19.svc.cra.dublin.eircom.net (qp 22258) with SMTP; 14 Sep 2009 07:29:41 -0000 
Received: from aib.ie ([67.202.3.66]) by preprod.groupeleduff.com with MailEnable ESMTP; Mon, 14 Sep 2009 09:35:01 +0200

The attachment is crafted so that it pulls legitimate images from AIB's website and contains a form that will attempt to send any information filled in to a webmail account on 212.34.154.2 which is in Madrid Spain.


Received 11th September 2009 - Claims that AIB are launching a new Anti-Phishing site and requires you to confirm your identity.

Mail Path: 

Received: (vpopmail 27362 invoked by uid 16); 11 Sep 2009 14:03:34 +0100
Received: (qmail 27313 messnum 335556 invoked from network[216.122.144.114/safetycertified.com]); 11 Sep 2009 13:03:34 -0000
Received: from safetycertified.com (HELO mail.safetycertified.com) (216.122.144.114)
 by mail19.svc.cra.dublin.eircom.net (qp 27313) with SMTP; 11 Sep 2009 13:03:34 -0000
Received: from ec2-174-129-176-254.compute-1.amazonaws.com [174.129.176.254] by mail.safetycertified.com with SMTP;
  Fri, 11 Sep 2009 09:03:04 -0400

The mail contains a link that you are prompted to click on to confirm your identity. This hyperlink is targeted to an ISP's address pool. In this case Hinet in Taiwan.


Retrieved from "https://www.sweetnam.eu/index.php?title=Fraudulent_Mail&oldid=2618"