06 December 2006

bank of america phish

we received this excellent bank of america.com phish today. it even got around gmail's junk email filter and thats unusual so it could be a new style...

click picture to enlarge
====
an easy way to tell is to run your mouse over the hyperlink while looking down toward the status bar...for instance in this phish the link looks legitimate but a second look in the status bar shows that they dont match see it begins: starlightdancestudio.com ...to make sure, next you (in firefox 2.0) right click the link and >copy shortcut > then you paste that in your trace route...

3d's traceroute truncates the url down to the domain name.
see starlightdancestudio.com is hosted by someone called ecommerce.com...its not a bank of america domain. then you forward the email complete to the abuse department and cc: reportphishing@antiphishing.org and spam@uce.gov

if you want to although theres no need to email them -- you can also use 3d's traceroute to find out who is the domain name registrar.
Process query: 'starlightdancestudio.com'
1. Step: Querying com.whois-servers.net:43 with whois.
2. Step: Querying whois.godaddy.com:43 with whois -- From: com.whois-servers.net:43 Domain Name: STARLIGHTDANCESTUDIO.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
-- End -- --
From: whois.godaddy.com:43
====
Reply-To: wesawthat@gmail.com
From: wesawthat@gmail.com
To: abuse@ecommerce.com
Cc: reportphishing@antiphishing.org ,spam@uce.gov
Subject: Fw: Bank of America: Important Notice On Your Account Information (Re-Confirm)
Date: Wed, 6 Dec 2006 15:41:15 -0600

ECOMMERCE.COM: this spam was sent to advertise a phishing website that you host please would you terminate service to:

starlightdancestudio.com/

[message source]
click properties>details>message source>select all to copy and paste the message source to the top of your forward
click the link to read more about phishing from the anti-phishing working group

EXTERNAL LINK