register
-- Home
-- Phishing Archive
-- Report Phishing
-- Events
-- APWG News
-- Resources
-- Membership
-- APWG Member Site
-- Contact Us
-- JOIN THE APWG
 
LATEST NEWS IN THE FIGHT AGAINST PHISHING:		  
 
 
     
     
     
     
 

Associated Bank- 'Online Alert: online account is blocked'
14-Apr-2005

Summary
Email title: 'Online Alert: online account is blocked'
Scam target: Associated Bank customers
Sender:

:message452@associatedbank.com
Sender spoofed/hidden? Yes
Scam goal: Getting victim's Associated Bank site username/password, credit cad information.
Phish link method a 'click here' type link
Link 'masked'? Yes
Visible link: 'Sign on to Limited Banking Account'
Actual link to: http://202.3.144.4/SITE/index.php
Phish site IP :

202.3.144.4
 
Analysis contributed by: Tumbleweed Communications - Message Protection Lab
 
Overview
 
A really common phishing attack in the last 3 days. Massively spreaded, but fortunately easy to expose.
 
E-mail
 
The email looks legitimate:
 
 

Also, the sender is spoofed. The clues to the eventual scam here should be sought for in the anonymous 'Customer' address and the strange policy described.
 
Web Site
Visible link: 'Sign on to Limited Banking Account'
Actual link to: http://202.3.144.4/SITE/index.php
Phish site IP :

202.3.144.4
 
On the website, a visibly phishy URL sits in the address bar:
 
 
The site is a typical 3 page phish (a fake sign in, a CC information request and a logout pages):
 
 

The site would not check the information entered, beyond the non-emptiness of the cells. A logout mockup page will be displayed afterwards, and the browser
will be redirected to the legitimate page.

 
WHOIS data (for IP 202.3.144.4) :

IP Location: Japan - River City Cabletv Co.ltd

netname: RCCTV
descr: River City CableTV Co.Ltd.
descr: 24-27 Saiwaichou, Koga-sh, Ibaraki
country: JP
admin-c: JNIC1-AP
tech-c: JNIC1-AP
status: ALLOCATED PORTABLE
remarks: Email address for spam or abuse complaints :
mnt-by: MAINT-JPNIC
mnt-lower: MAINT-JPNIC
changed: 20040806
source: APNIC

role: Japan Network Information Center
address: Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda
address: Chiyoda-ku, Tokyo 101-0047, Japan
country: JP
phone: +81-3-5297-2311
fax-no: +81-3-5297-2312
admin-c: SS13-AP
tech-c: SY7-AP
nic-hdl: JNIC1-AP
mnt-by: MAINT-JPNIC
changed: 20041222
changed: 20050324
source: APNIC