Re: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd)
Hi Here comes the info Look at the email address for techs. Domain ID:D18267039-LRMS Domain Name:MCMACCOY.INFO Created On:05-Jun-2007 13:43:56 UTC Last Updated On:05-Jun-2007 13:55:41 UTC Expiration Date:05-Jun-2008 13:43:56 UTC Sponsoring Registrar:Register.com (R140-LRMS) Status:TRANSFER PROHIBITED Registrant ID:6A01930D5CDF7C71 Registrant Name:Colin McMillan Registrant Organization:Colin McMillan Registrant Street1:402SanchezStreet Registrant Street2: Registrant Street3: Registrant City:SanFrancisco Registrant State/Province:CA Registrant Postal Code:94114 Registrant Country:US Registrant Phone:+1.4158124526 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:[EMAIL PROTECTED] Admin ID:6A01930D5CDF7C71 Admin Name:Colin McMillan Admin Organization:Colin McMillan Admin Street1:402SanchezStreet Admin Street2: Admin Street3: Admin City:SanFrancisco Admin State/Province:CA Admin Postal Code:94114 Admin Country:US Admin Phone:+1.4158124526 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:[EMAIL PROTECTED] Billing ID:6A01930D5CDF7C71 Billing Name:Colin McMillan Billing Organization:Colin McMillan Billing Street1:402SanchezStreet Billing Street2: Billing Street3: Billing City:SanFrancisco Billing State/Province:CA Billing Postal Code:94114 Billing Country:US Billing Phone:+1.4158124526 Billing Phone Ext.: Billing FAX: Billing FAX Ext.: Billing Email:[EMAIL PROTECTED] Tech ID:6A01930D5CDF7C71 Tech Name:Colin McMillan Tech Organization:Colin McMillan Tech Street1:402SanchezStreet Tech Street2: Tech Street3: Tech City:SanFrancisco Tech State/Province:CA Tech Postal Code:94114 Tech Country:US Tech Phone:+1.4158124526 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:[EMAIL PROTECTED] Name Server:NS6.1MAY-DAY.CN Name Server:NS3.1MAY-DAY.CN Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: John Holan IS Analyst -Original Message- From: Steve Pirk [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 06, 2007 10:52 AM To: phishing@whitestar.linuxbox.org Subject: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd) WaMu phshing site (soon?) at: http://treasury.wamu.com.ibswamu.ssid23pyfnxrooebhd.mcmaccoy.info/confir m/cmserver/welcome/default/verify.cfm whois does not return anything for mcmaccoy.info, so it could be a new domain being set up, or it has already been taken down. -- Steve -- Forwarded message -- Return-Path: [EMAIL PROTECTED] Received: from amd-dfmtil7kjsn (200.161.62.58.broad.gz.gd.dynamic.163data.com.cn [58.62.161.200] (may be forged)) by mail.pirk.com (8.13.7/8.12.0.Beta19) with SMTP id l56DIEMc023124 for [EMAIL PROTECTED]; Wed, 6 Jun 2007 06:18:15 -0700 Message-ID: [EMAIL PROTECTED] From: WaMu Bank US Treasury Cash Management'2007 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Washington Mutual Bank US : Urgent Banking Service Email Date: Wed, 06 Jun 2007 21:17:09 +0900 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_0016_01C7A880.0AAB57B0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 [IMAGE] Dear WaMu Treasury Management client! Our Technical Unit is running a scheduled software upgrade. By clicking on the link below you will start the procedure of the client details confirmation: http://treasury.wamu.com.ibswamu.sess23pyfnxrooebhd/confirm/cmserver/wel come/default/verify.cfm These directions are to be mailed and followed by all Commercial Treasury Services members of the WaMu . WaMu USA does apologize for the inconveniences caused to you, and is very grateful for your help. If you are not user of the Washington Mutual US please delete this notice! Copyright (c) 2007 WaMu : All Rights Reserved. ___ phishing mailing list phishing@whitestar.linuxbox.org http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
Re: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd)
On these rockphish all the registrants are forged. They are the victims of a previous ID theft phishing scam. It's also true for domains registered expressly for the purpose of phishing .. as opposed to a hacked legit site. ew On 6 Jun 2007 at 14:43, John Holan wrote: Hi Here comes the info Look at the email address for techs. Domain ID:D18267039-LRMS Domain Name:MCMACCOY.INFO Created On:05-Jun-2007 13:43:56 UTC Last Updated On:05-Jun-2007 13:55:41 UTC Expiration Date:05-Jun-2008 13:43:56 UTC Sponsoring Registrar:Register.com (R140-LRMS) Status:TRANSFER PROHIBITED Registrant ID:6A01930D5CDF7C71 Registrant Name:Colin McMillan Registrant Organization:Colin McMillan Registrant Street1:402SanchezStreet Registrant Street2: Registrant Street3: Registrant City:SanFrancisco Registrant State/Province:CA Registrant Postal Code:94114 Registrant Country:US Registrant Phone:+1.4158124526 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:[EMAIL PROTECTED] Admin ID:6A01930D5CDF7C71 Admin Name:Colin McMillan Admin Organization:Colin McMillan Admin Street1:402SanchezStreet Admin Street2: Admin Street3: Admin City:SanFrancisco Admin State/Province:CA Admin Postal Code:94114 Admin Country:US Admin Phone:+1.4158124526 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:[EMAIL PROTECTED] Billing ID:6A01930D5CDF7C71 Billing Name:Colin McMillan Billing Organization:Colin McMillan Billing Street1:402SanchezStreet Billing Street2: Billing Street3: Billing City:SanFrancisco Billing State/Province:CA Billing Postal Code:94114 Billing Country:US Billing Phone:+1.4158124526 Billing Phone Ext.: Billing FAX: Billing FAX Ext.: Billing Email:[EMAIL PROTECTED] Tech ID:6A01930D5CDF7C71 Tech Name:Colin McMillan Tech Organization:Colin McMillan Tech Street1:402SanchezStreet Tech Street2: Tech Street3: Tech City:SanFrancisco Tech State/Province:CA Tech Postal Code:94114 Tech Country:US Tech Phone:+1.4158124526 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:[EMAIL PROTECTED] Name Server:NS6.1MAY-DAY.CN Name Server:NS3.1MAY-DAY.CN Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: John Holan IS Analyst -Original Message- From: Steve Pirk [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 06, 2007 10:52 AM To: phishing@whitestar.linuxbox.org Subject: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd) WaMu phshing site (soon?) at: http://treasury.wamu.com.ibswamu.ssid23pyfnxrooebhd.mcmaccoy.info/conf ir m/cmserver/welcome/default/verify.cfm whois does not return anything for mcmaccoy.info, so it could be a new domain being set up, or it has already been taken down. -- Steve -- Forwarded message -- Return-Path: [EMAIL PROTECTED] Received: from amd-dfmtil7kjsn (200.161.62.58.broad.gz.gd.dynamic.163data.com.cn [58.62.161.200] (may be forged)) by mail.pirk.com (8.13.7/8.12.0.Beta19) with SMTP id l56DIEMc023124 for [EMAIL PROTECTED]; Wed, 6 Jun 2007 06:18:15 -0700 Message-ID: [EMAIL PROTECTED] From: WaMu Bank US Treasury Cash Management'2007 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Washington Mutual Bank US : Urgent Banking Service Email Date: Wed, 06 Jun 2007 21:17:09 +0900 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_0016_01C7A880.0AAB57B0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 [IMAGE] Dear WaMu Treasury Management client! Our Technical Unit is running a scheduled software upgrade. By clicking on the link below you will start the procedure of the client details confirmation: http://treasury.wamu.com.ibswamu.sess23pyfnxrooebhd/confirm/cmserver/w el come/default/verify.cfm These directions are to be mailed and followed by all Commercial Treasury Services members of the WaMu . WaMu USA does apologize for the inconveniences caused to you, and is very grateful for your help. If you are not user of the Washington Mutual US please delete this notice! Copyright (c) 2007 WaMu : All Rights Reserved. ___ phishing mailing list phishing@whitestar.linuxbox.org http://www.whitestar.linuxbox.org/mailman/listinfo/phishing ___ phishing mailing list phishing@whitestar.linuxbox.org http://www.whitestar.linuxbox.org/mailman/listinfo/phishing
Re: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd)
I know this is probably illegal as all get out, but I just realized that since the registrant info is forged, could someone not contact the forged victim via email and have them say ok to a domain transfer? I know this one is transfer prohibited, but on some domains it may not be. Then again, maybe the admin could email Register.com and request a deletion of the domain... Ok, Steve, time to shut up :-) -- Steve On Wed, 6 Jun 2007 [EMAIL PROTECTED] wrote: On these rockphish all the registrants are forged. They are the victims of a previous ID theft phishing scam. It's also true for domains registered expressly for the purpose of phishing .. as opposed to a hacked legit site. ew On 6 Jun 2007 at 14:43, John Holan wrote: Hi Here comes the info Look at the email address for techs. Domain ID:D18267039-LRMS Domain Name:MCMACCOY.INFO Created On:05-Jun-2007 13:43:56 UTC Last Updated On:05-Jun-2007 13:55:41 UTC Expiration Date:05-Jun-2008 13:43:56 UTC Sponsoring Registrar:Register.com (R140-LRMS) Status:TRANSFER PROHIBITED Registrant ID:6A01930D5CDF7C71 Registrant Name:Colin McMillan Registrant Organization:Colin McMillan Registrant Street1:402SanchezStreet Registrant Street2: Registrant Street3: Registrant City:SanFrancisco Registrant State/Province:CA Registrant Postal Code:94114 Registrant Country:US Registrant Phone:+1.4158124526 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:[EMAIL PROTECTED] Admin ID:6A01930D5CDF7C71 Admin Name:Colin McMillan Admin Organization:Colin McMillan Admin Street1:402SanchezStreet Admin Street2: Admin Street3: Admin City:SanFrancisco Admin State/Province:CA Admin Postal Code:94114 Admin Country:US Admin Phone:+1.4158124526 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:[EMAIL PROTECTED] Billing ID:6A01930D5CDF7C71 Billing Name:Colin McMillan Billing Organization:Colin McMillan Billing Street1:402SanchezStreet Billing Street2: Billing Street3: Billing City:SanFrancisco Billing State/Province:CA Billing Postal Code:94114 Billing Country:US Billing Phone:+1.4158124526 Billing Phone Ext.: Billing FAX: Billing FAX Ext.: Billing Email:[EMAIL PROTECTED] Tech ID:6A01930D5CDF7C71 Tech Name:Colin McMillan Tech Organization:Colin McMillan Tech Street1:402SanchezStreet Tech Street2: Tech Street3: Tech City:SanFrancisco Tech State/Province:CA Tech Postal Code:94114 Tech Country:US Tech Phone:+1.4158124526 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:[EMAIL PROTECTED] Name Server:NS6.1MAY-DAY.CN Name Server:NS3.1MAY-DAY.CN Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: John Holan IS Analyst -Original Message- From: Steve Pirk [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 06, 2007 10:52 AM To: phishing@whitestar.linuxbox.org Subject: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd) WaMu phshing site (soon?) at: http://treasury.wamu.com.ibswamu.ssid23pyfnxrooebhd.mcmaccoy.info/conf ir m/cmserver/welcome/default/verify.cfm whois does not return anything for mcmaccoy.info, so it could be a new domain being set up, or it has already been taken down. -- Steve -- Forwarded message -- Return-Path: [EMAIL PROTECTED] Received: from amd-dfmtil7kjsn (200.161.62.58.broad.gz.gd.dynamic.163data.com.cn [58.62.161.200] (may be forged)) by mail.pirk.com (8.13.7/8.12.0.Beta19) with SMTP id l56DIEMc023124 for [EMAIL PROTECTED]; Wed, 6 Jun 2007 06:18:15 -0700 Message-ID: [EMAIL PROTECTED] From: WaMu Bank US Treasury Cash Management'2007 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Washington Mutual Bank US : Urgent Banking Service Email Date: Wed, 06 Jun 2007 21:17:09 +0900 MIME-Version: 1.0 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_0016_01C7A880.0AAB57B0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 [IMAGE] Dear WaMu Treasury Management client! Our Technical Unit is running a scheduled software upgrade. By clicking on the link below you will start the procedure of the client details confirmation: http://treasury.wamu.com.ibswamu.sess23pyfnxrooebhd/confirm/cmserver/w el come/default/verify.cfm These directions are to be mailed and followed by all Commercial Treasury Services members of the WaMu . WaMu USA does apologize for the inconveniences caused to you, and is very grateful for your help. If you are not user of the Washington Mutual US please delete this notice! Copyright (c) 2007 WaMu : All Rights
Re: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd)
Steve ... Several factors here: The e-mail address for the scammer is either already terminated, a data drop addy, or one that's just not ever monitored. I wouldn't ever encourage a previous victim to contact the scammer .. just saying that e-mail addy *is* valid. That gives the scammer a valid e-mail addy to play with and that's not a 'good thing.' And third, most of these victims don't have the computer knowledge to even begin to understand what's going on. I've contacted them and they don't even know what a 'phishing scam' is. There is a *HUGE* failure of the entire system/community in the field of consumer education. Most recent publications .. including those from the government and consumer advocate groups .. still say that 'https' is safe along with the little yellow lock. So .. the best I can do is notify the registrant and walk them thru all the specific 'credit protection' steps they need to follow. You can't leave any of them out. I also do the 'education' part of what to watch for in the future. But .. I can't save 'em all. I have worked with a few groups and am getting website info updated. The major players, tho,' are stuck in the mud. ew On 6 Jun 2007 at 16:41, Steve Pirk wrote: I know this is probably illegal as all get out, but I just realized that since the registrant info is forged, could someone not contact the forged victim via email and have them say ok to a domain transfer? I know this one is transfer prohibited, but on some domains it may not be. Then again, maybe the admin could email Register.com and request a deletion of the domain... Ok, Steve, time to shut up :-) -- Steve On Wed, 6 Jun 2007 [EMAIL PROTECTED] wrote: On these rockphish all the registrants are forged. They are the victims of a previous ID theft phishing scam. It's also true for domains registered expressly for the purpose of phishing .. as opposed to a hacked legit site. ew On 6 Jun 2007 at 14:43, John Holan wrote: Hi Here comes the info Look at the email address for techs. Domain ID:D18267039-LRMS Domain Name:MCMACCOY.INFO Created On:05-Jun-2007 13:43:56 UTC Last Updated On:05-Jun-2007 13:55:41 UTC Expiration Date:05-Jun-2008 13:43:56 UTC Sponsoring Registrar:Register.com (R140-LRMS) Status:TRANSFER PROHIBITED Registrant ID:6A01930D5CDF7C71 Registrant Name:Colin McMillan Registrant Organization:Colin McMillan Registrant Street1:402SanchezStreet Registrant Street2: Registrant Street3: Registrant City:SanFrancisco Registrant State/Province:CA Registrant Postal Code:94114 Registrant Country:US Registrant Phone:+1.4158124526 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:[EMAIL PROTECTED] Admin ID:6A01930D5CDF7C71 Admin Name:Colin McMillan Admin Organization:Colin McMillan Admin Street1:402SanchezStreet Admin Street2: Admin Street3: Admin City:SanFrancisco Admin State/Province:CA Admin Postal Code:94114 Admin Country:US Admin Phone:+1.4158124526 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:[EMAIL PROTECTED] Billing ID:6A01930D5CDF7C71 Billing Name:Colin McMillan Billing Organization:Colin McMillan Billing Street1:402SanchezStreet Billing Street2: Billing Street3: Billing City:SanFrancisco Billing State/Province:CA Billing Postal Code:94114 Billing Country:US Billing Phone:+1.4158124526 Billing Phone Ext.: Billing FAX: Billing FAX Ext.: Billing Email:[EMAIL PROTECTED] Tech ID:6A01930D5CDF7C71 Tech Name:Colin McMillan Tech Organization:Colin McMillan Tech Street1:402SanchezStreet Tech Street2: Tech Street3: Tech City:SanFrancisco Tech State/Province:CA Tech Postal Code:94114 Tech Country:US Tech Phone:+1.4158124526 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:[EMAIL PROTECTED] Name Server:NS6.1MAY-DAY.CN Name Server:NS3.1MAY-DAY.CN Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: John Holan IS Analyst -Original Message- From: Steve Pirk [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 06, 2007 10:52 AM To: phishing@whitestar.linuxbox.org Subject: [phishing] Washington Mutual Bank US : Urgent Banking Service Email(fwd) WaMu phshing site (soon?) at: http://treasury.wamu.com.ibswamu.ssid23pyfnxrooebhd.mcmaccoy.info/ conf ir m/cmserver/welcome/default/verify.cfm whois does not return anything for mcmaccoy.info, so it could be a new domain being set up, or it has already been taken down. -- Steve -- Forwarded message -- Return-Path: [EMAIL PROTECTED] Received: from amd-dfmtil7kjsn (200.161.62.58.broad.gz.gd.dynamic.163data.com.cn [58.62.161.200]