Tim, Great point, I had forgotten that some of these phishing expeditions are really fishing expeditions -- and they are looking for live emails and people who will respond to them.
Along those lines though, since there wasn't any java script in the source of the emails, or any images or URLs that loaded automatically (the one image was a attached to the email, not remotely loaded), thus letting the senders know they caught one, how would they know they caught one? The one phone number appears to be valid. For those that want to look into the phone number, it is 888.588.2623. Thanks for all the responses and ideas! Mike On Wed, Jun 27, 2012 at 8:49 PM, Tim Holloway <[email protected]> wrote: > Well, I don't claim to be an expert on all things hacking, but sometimes > just getting a mail delivered is information enough - it means that > there's a live recipient that can then be targeted. > > A popular approach that I have seen lately is to include an HTML page > that has obscured JavaScript in it, although I think you would have seen > that. > > I would be concerned about identity theft, though, proper email address > or no. It's possible that the bank cross-checks and that was an attempt > to fool the bank. > > It's also, alas, very, VERY possible that the bank itself is infected > and that visiting its webserver would then infect YOU. But hey, they got > the Low Price on security, didn't they? Doesn't everybody? > > Speaking of infected servers, I got another LinkedIn malware "care > package" yesterday. It was one of the bogus UPS notification types. Who > on Earth would believe that LinkedIn is sending UPS packages to them? > Never mind. People respond to Nigerian princes. > > The server that's sending this garbage from LinkedIn is NOT their normal > news mailserver, incidentally. However, it definitely did come up as a > LinkedIn IP address. > > Tim > > On Wed, 2012-06-27 at 18:07 -0400, Dean, Mike wrote: > > Who feels like finding some phish? > > > > My step-daughter received three emails supposedly from a bank, that she > > doesn't do business with, stating that an online account had been set up > > and that the password had been changed. > > > > At first, one would think that obviously these are phishing emails or > > perhaps, and outside possibility that someone had opened an account in > her > > name. With regard to the latter thought, if so, why put down her email > > address unless they also hacked her email account and forwarded copies of > > her emails (or changed her password). Neither of those things has > happened. > > > > One of the emails states that a copy was sent to her "secure email > address" > > as verification, but again, why have a copy of the emails go to her > actual > > email? > > > > So, back to the phishing thought. One of the emails had a Customer > Service > > number (I know, Aha, that's it!). But, that phone number pops appears > > legit. I did; however, find a reference to Harshad numbers and spammers, > > but haven't been able to get any concrete information on that line. > > > > The 2nd email had an image attached to it with the bank's logo. My > thought > > here was that something was embedded in the image. But, I have no way to > > really determine that. > > > > Finally, in none of the emails was there any links that pointed anywhere > > strange or any javascript (I have the original emails in the Gmail "Show > > Original" format, which includes the raw message along with the Base64 > > encoded image file). > > > > I didn't want to send an email with attachments to the list, so if anyone > > wants to see if they can find the phish (or purpose of the emails), reply > > back and I'll forward you a copy of the "Show Original" emails. > > > > Mike > > > > --------------------------------------------------------------------- > Archive http://marc.info/?l=jaxlug-list&r=1&w=2 > RSS Feed http://www.mail-archive.com/[email protected]/maillist.xml > Unsubscribe [email protected] > >
