06 December 2006
we received this excellent bank of america.com phish today. it even got around gmail's junk email filter and thats unusual so it could be a new style...
click picture to enlargean easy way to tell is to run your mouse over the hyperlink while looking down toward the status bar...for instance in this phish the link looks legitimate but a second look in the status bar shows that they dont match see it begins: starlightdancestudio.com ...to make sure, next you (in firefox 2.0) right click the link and >copy shortcut > then you paste that in your trace route...
3d's traceroute truncates the url down to the domain name.
see starlightdancestudio.com is hosted by someone called ecommerce.com...its not a bank of america domain. then you forward the email complete to the abuse department and cc: email@example.com and firstname.lastname@example.org
if you want to although theres no need to email them -- you can also use 3d's traceroute to find out who is the domain name registrar.
Process query: 'starlightdancestudio.com'
1. Step: Querying com.whois-servers.net:43 with whois.
2. Step: Querying whois.godaddy.com:43 with whois -- From: com.whois-servers.net:43 Domain Name: STARLIGHTDANCESTUDIO.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
-- End -- --
Cc: email@example.com ,firstname.lastname@example.org
Subject: Fw: Bank of America: Important Notice On Your Account Information (Re-Confirm)
Date: Wed, 6 Dec 2006 15:41:15 -0600
ECOMMERCE.COM: this spam was sent to advertise a phishing website that you host please would you terminate service to:
click properties>details>message source>select all to copy and paste the message source to the top of your forwardclick the link to read more about phishing from the anti-phishing working group
Posted by wst... at 16:24