Tag Archives: scam

Phishing: Votre carte bancaire est suspendue

Another email containing malicious URL used for phishing attack against MasterCard and Visa users:

Return-Path: <services@security.com>
Received: from mailrtr1.deltacom.net (mailvip.deltacom.net [72.243.252.244])
Received: from User ([66.0.110.18]) by mailrtr1.deltacom.net (MOS 4.1.10-GA)
From: "visaeurope"<services@security.com>
Subject: Votre carte bancaire est suspendue
Date: Sun, 7 Aug 2011 00:12:08 -0500
To: undisclosed-recipients:;

Email message:

Bonjour clients de visa carte,
 
Votre carte bancaire est suspendue, parce que nous avons rencontre un probleme sur votre diagramme.
Nous avons determine qu'une personne doit peut-etre utiliser votre diagramme sans votre autorisation.
Pour votre protection, nous avons suspendu votre compte bancaire a travers votre carte de credit. Pour soulever cette suspension,
 
Cliquer ici
et suivre le procede indique pour mettre a jour votre compte par la carte de credit.

Malicious URL:

hxxp:// jinwonyc.startlogic. com/vbv/visaeurope.fr/europ-pay/visaeurope/securite/login.aspx/

URLVoid Analysis:

http://www.urlvoid.com/scan/jinwonyc.startlogic.com

Phishing: New Unpaid Item Message from jxavier14: #14027471062

Phishing attack against eBay users:

Return-Path: <aw-confirm@mail.aby.fr>
Received: from mail.ktmtalk.com (mail.ktmtalk.com [173.74.246.25])
Received: from User [98.175.62.124] by mail.ktmtalk.com with ESMTP
Reply-To: <aw-confirm@mail.aby.fr>
From: "eBay Member jxavier14"<aw-confirm@mail.aby.fr>
Subject: New Unpaid Item Message from jxavier14: #14027471062 -- response required
Date: Sat, 6 Aug 2011 06:34:47 -0500
To: undisclosed-recipients:;

Email message:

Dear member,
 
eBay member charly1 has left you a message regarding item #14020078062
 
View the dispute thread to respond.

The malicious URL points to:

hxxp:// newcastlelimo .net/ebay-fr/eBayISAPI.dll.htm

Image of the phishing page:

Image

Note that the connection is NOT secure and does not use SSL (HTTPS)…

URLVoid Analysis:

http://www.urlvoid.com/scan/newcastlelimo.net
This entry was posted in Phishing and tagged , , , on by .