register
-- Home
-- Phishing Archive
-- Report Phishing
-- Events
-- APWG News
-- Resources
-- Membership
-- APWG Member Site
-- Contact Us
-- JOIN THE APWG
 
LATEST NEWS IN THE FIGHT AGAINST PHISHING:		  
 
 
     
     
     
     
 

Keybank - 'KeyBank Customer Confirm Your Identity'
17-Mar-2005

Summary
Email title: 'KeyBank Customer Confirm Your Identity'
Scam target: KeyBank customers
Sender:

Key Team <support@keybank.com>
Sender spoofed/hidden? Spoofed
Scam goal: Getting victim's KeyBank username/password, ATM/Debit card information
Phish link method URL link
Link 'masked'? Yes
Visible link: 'http://accounts.keybank.com/ConfirmHelp?start=yes'
Actual link to: http://218.55.77.130/accounts2.keybank.com/ib2/Controllerrequester=signon&CookieID=11985569885&pageType...(truncated)
Phish website IP: 218.55.77.130
 
Overview
 
A simple, one-page phish.
 
E-mail
 

Recently, a trend toward proliferation of simpler, yet more voluminously mailed phish attacks is observed. This one is an example of this trend.

The email is, as usually, well designed:

 
 
Having this in mind, with the addition of the spoofed sender and the 'masked' link, the site
 
Web Site
Visible link: 'http://accounts.keybank.com/ConfirmHelp?start=yes'
Actual link to: http://218.55.77.130/accounts2.keybank.com/ib2/Controllerrequester=signon&CookieID=11985569885&pageType...(truncated)
Phish website IP: 218.55.77.130
 
The website is simple, too:
 
 
The phishy URL (the domain name is not keybank.com), the lack of a secure session and a login screen all point to a phishing taking place.
 
WHOIS data (for IP 218.55.77.130) :

IP Location: Korea, Republic Of - Hanaro Telecom Co
inetnum: 218.50.0.0 - 218.55.255.255
netname: HANANET
descr: Hanaro Telecom Co.
descr: Kukje Electornics Cneter Bldg. 1445-3 Seocho-Dong Seocho-Ku
country: KR
admin-c: IS37-AP
tech-c: SH243-AP
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: 20011122
status: ALLOCATED PORTABLE
changed: 20041007
source: APNIC

person: Inyup Sung
address: Hanaro Telecom Co.
address: Kukje Electornics Cneter Bldg. 1445-3 Seocho-Dong Seocho-Ku
address: SEOUL
address: 137-070
country: KR
phone: +82-2-106
fax-no: +82-2-6266-6483
nic-hdl: IS37-AP
mnt-by: MNT-KRNIC-AP
changed: 20010523
source: APNIC

person: Seungchul Hwang
address: Hanaro Telecom Co.
address: Kukje Electornics Cneter Bldg., 1445-3 Seocho-Dong Seocho-Ku
address: SEOUL
address: 137-070
country: KR
phone: +82-2-106
fax-no: +82-2-6266-6483
nic-hdl: SH243-AP
mnt-by: MNT-KRNIC-AP
changed: 20010523
source: APNIC