Fraudulent Mail
Fradulent mail claiming to come from Irish Banks
No Irish bank will ever contact you by e-mail. Never. If you get an e-mail claiming to be from a bank Irish or otherwise then you can be 100% certain that it is forged and you should delete it straight away.
Each of the main Irish banks have their own pages regarding fradulent mails:
Recent Phishing Attempts
AIB
Received 14th September 2009 - Claims that AIB are launching a Customer Satisfaction Program and is offering 10000 free cheques. Mail has an attachment that the viewer is required to click on.
Mail Path:
Received: (vpopmail 22270 invoked by uid 16); 14 Sep 2009 08:29:42 +0100 Received: (qmail 22258 messnum 435189 invoked from network[62.193.238.86/wpc2071.amenworld.com]); 14 Sep 2009 07:29:41 -0000 Received: from wpc2071.amenworld.com (HELO preprod.groupeleduff.com) (62.193.238.86) by mail19.svc.cra.dublin.eircom.net (qp 22258) with SMTP; 14 Sep 2009 07:29:41 -0000 Received: from aib.ie ([67.202.3.66]) by preprod.groupeleduff.com with MailEnable ESMTP; Mon, 14 Sep 2009 09:35:01 +0200
The attachment is crafted so that it pulls legitimate images from AIB's website and contains a form that will attempt to send any information filled in to a webmail account on 212.34.154.2 which is in Madrid Spain.
Received 11th September 2009 - Claims that AIB are launching a new Anti-Phishing site and requires you to confirm your identity.
Mail Path:
Received: (vpopmail 27362 invoked by uid 16); 11 Sep 2009 14:03:34 +0100 Received: (qmail 27313 messnum 335556 invoked from network[216.122.144.114/safetycertified.com]); 11 Sep 2009 13:03:34 -0000 Received: from safetycertified.com (HELO mail.safetycertified.com) (216.122.144.114) by mail19.svc.cra.dublin.eircom.net (qp 27313) with SMTP; 11 Sep 2009 13:03:34 -0000 Received: from ec2-174-129-176-254.compute-1.amazonaws.com [174.129.176.254] by mail.safetycertified.com with SMTP; Fri, 11 Sep 2009 09:03:04 -0400
The mail contains a link that you are prompted to click on to confirm your identity. This hyperlink is targeted to an ISP's address pool. In this case Hinet in Taiwan.