This kind of cases were reported in August, 2005 already. It is very sad to see that bad guys are using this technique again. Thanks!
Sophos reported one of the cases here: http://www.sophos.com/pressoffice/news/articles/2005/08/sa_phishfax.html - Juha-Matti chuck goolsbee <[EMAIL PROTECTED]> wrote: > Received this today... it included a word doc ("Ncua FORM.doc" which > I have NOT opened yet) and a request to fax it. Quite odd. > Appears to have been formmailled out of The Planet in Dallas, via an > IP in Romania. > > --chuck > > > Return-Path: <[EMAIL PROTECTED]> > Received: from [64.18.0.51] (HELO psmtp.com) > by smtp.forest.net (CommuniGate Pro SMTP 5.0.9) > with SMTP id 48742105 for [EMAIL PROTECTED]; Thu, 12 Apr 2007 08:40:19 > -0700 > Received: from source ([70.84.87.146]) (using TLSv1) by > exprod5mx170.postini.com ([64.18.4.10]) with SMTP; > Thu, 12 Apr 2007 08:23:05 PDT > Received: from [85.120.78.130] (port=2870 helo=User) > by mazda.websitewelcome.com with esmtpa (Exim 4.63) > (envelope-from <[EMAIL PROTECTED]>) > id 1Hc13w-0005iz-KQ; Thu, 12 Apr 2007 10:18:19 -0500 > From: "FCU Online"<[EMAIL PROTECTED]> > Subject: Please Download and Complete the Form > Date: Thu, 12 Apr 2007 18:18:04 +0300 > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="----=_NextPart_000_011B_01C2A9A6.4B8A4532" > X-Priority: 1 > X-MSMail-Priority: High > X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 > X-AntiAbuse: This header was added to track abuse, please include it > with any abuse report > X-AntiAbuse: Primary Hostname - mazda.websitewelcome.com > X-AntiAbuse: Original Domain - forest.net > X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12] > X-AntiAbuse: Sender Address Domain - ncua.com > X-Source: > X-Source-Args: > X-Source-Dir: > > <x-html><!x-stuff-for-pete base="" src="" id="1" > charset="Windows-1251"><HTML><HEAD><TITLE></TITLE> > </HEAD> > <BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5> > <FONT size=2 color=#000000 face="Arial"> > <DIV> > Dear FCU account holder,</DIV> > <DIV> > Recently, there have been multiple e-mail fraud attempts, known as > "Phishing", that were initiated via e-mail sent to both the general > public and to some credit union members that appeared to be from FCU > Bank.This false e-mail asked for the recipient to click on a link to > verify their credit union account registration. If the recipient > proceeded to do so, the link directed them to a false website and > asked for their credit union account number and PIN, along with other > personal information. At FCU Bank the highest interest to our > customers is the safekeeping of confidential information you have > entrusted to us and using it in a secure manner. A fundamental > element of safeguarding your confidential information is to provide > protection against unauthorized access or use of this > information.</DIV> > <DIV> > Due to all the fraud attempts we need you to complete a form, sign it > and fax it back to us as soon as possible to +1-866-270-4524 so that > we can improve our security measurements. As soon as our database > will be updated we will contact you for further information`s and to > make some important announcements so please complete the form > attached to this mail with no delay. </DIV> > <DIV> > We are committed to the secure use and protection of customer > information. If you have any questions regarding our services, please > check the website or call our customer service. </DIV> > <DIV> > We apologize for any inconvenience</DIV> > <DIV> > Best Regards,<BR> > FCU Bank <FONT size=3 face="Times New Roman"> </FONT><IMG > align=baseline border=0 width=1 height=1 > src="cid:00A68AE7FFA8$0507B9AC$0100007f@cksiwzdutjtwwrx"></DIV> > </FONT> > </BODY></HTML> > > </x-html> _______________________________________________ phishing mailing list [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
