Thursday, May 24, 2007

Today's Phishing Attempt

Starts off:
> Dear Customer,

> The First National Bank of Manitowoc Online department temporary disabled your account.

After three unsuccessful login attempts your account was temporary disabled until further investigations.

All cards from this account are suspended.

You must reactivate your account at First National Bank of Manitowoc immediately, or you won't be able to use your cards again.
Source: From phishing attempt e-mail received on Thursday May 24, 2007


The URL the phishing attempt tries to get you to click on is http://www.bankfirstnational.com/banking/unsuspend.shtml but is anchored to a site at: firstmanitowoc.com which is registered to:
Domain Name.......... firstmanitowoc.com
Creation Date........ 2007-05-24
Registration Date.... 2007-05-24
Expiry Date.......... 2008-05-24
Organisation Name.... OWEN TAYLOR
Organisation Address. 136 FM 1746
Organisation Address.
Organisation Address. WOODVILLE
Organisation Address. 75979
Organisation Address. TX
Organisation Address. UNITED STATES

Admin Name........... OWEN TAYLOR
Admin Address........ 136 FM 1746
Admin Address........
Admin Address........ WOODVILLE
Admin Address........ 75979
Admin Address........ TX
Admin Address........ UNITED STATES
Admin Email.......... firstmanitowoc@yahoo.com
Admin Phone.......... +1.4092837981
Admin Fax............

Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... domain.tech@YAHOO-INC.COM
Tech Phone........... +1.6198813096
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
Source: Whois.net whois lookup of firstmanitowoc.com
I have found most of these attempts come from overseass, I am shocked to find a phishing scam arising from the USA.

Updates:
Looking at the e-mail headers I see this note coming to me from 213.193.223.109 (Link takes you to Project Honey Pot) reportedly from The Netherlands via system in Australia – 210.8.99.128 (again this link takes you to Project Honey Pot's entry on the IP).

FYI, whois information is easy to fake up. The phishermen probably got a hold of some poor sap's information and used that. This is the second spoof of the First National Bank I have received.

Labels:

|