Well, I don't claim to be an expert on all things hacking, but sometimes just getting a mail delivered is information enough - it means that there's a live recipient that can then be targeted.
A popular approach that I have seen lately is to include an HTML page that has obscured JavaScript in it, although I think you would have seen that. I would be concerned about identity theft, though, proper email address or no. It's possible that the bank cross-checks and that was an attempt to fool the bank. It's also, alas, very, VERY possible that the bank itself is infected and that visiting its webserver would then infect YOU. But hey, they got the Low Price on security, didn't they? Doesn't everybody? Speaking of infected servers, I got another LinkedIn malware "care package" yesterday. It was one of the bogus UPS notification types. Who on Earth would believe that LinkedIn is sending UPS packages to them? Never mind. People respond to Nigerian princes. The server that's sending this garbage from LinkedIn is NOT their normal news mailserver, incidentally. However, it definitely did come up as a LinkedIn IP address. Tim On Wed, 2012-06-27 at 18:07 -0400, Dean, Mike wrote: > Who feels like finding some phish? > > My step-daughter received three emails supposedly from a bank, that she > doesn't do business with, stating that an online account had been set up > and that the password had been changed. > > At first, one would think that obviously these are phishing emails or > perhaps, and outside possibility that someone had opened an account in her > name. With regard to the latter thought, if so, why put down her email > address unless they also hacked her email account and forwarded copies of > her emails (or changed her password). Neither of those things has happened. > > One of the emails states that a copy was sent to her "secure email address" > as verification, but again, why have a copy of the emails go to her actual > email? > > So, back to the phishing thought. One of the emails had a Customer Service > number (I know, Aha, that's it!). But, that phone number pops appears > legit. I did; however, find a reference to Harshad numbers and spammers, > but haven't been able to get any concrete information on that line. > > The 2nd email had an image attached to it with the bank's logo. My thought > here was that something was embedded in the image. But, I have no way to > really determine that. > > Finally, in none of the emails was there any links that pointed anywhere > strange or any javascript (I have the original emails in the Gmail "Show > Original" format, which includes the raw message along with the Base64 > encoded image file). > > I didn't want to send an email with attachments to the list, so if anyone > wants to see if they can find the phish (or purpose of the emails), reply > back and I'll forward you a copy of the "Show Original" emails. > > Mike --------------------------------------------------------------------- Archive http://marc.info/?l=jaxlug-list&r=1&w=2 RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml Unsubscribe [email protected]
