register
-- Home
-- Phishing Archive
-- Report Phishing
-- Events
-- APWG News
-- Resources
-- Membership
-- APWG Member Site
-- Contact Us
-- JOIN THE APWG
 
LATEST NEWS IN THE FIGHT AGAINST PHISHING:		  
 
 
     
     
     
     
 

LaSalle Bank - 'IMPORTANT: Account Verification '
22-June-2005

Summary
Email title: 'IMPORTANT: Account Verification '
Scam target: LaSalle Bank customers
Sender:

important@lasallebank.com
Sender spoofed/hidden? Spoofed
Scam goal: Getting victim's credit card information, ATM PIN number , SSN
Phish link method: URL link
Link 'masked'? Yes
Visible link: Continue
Actual link to: http://62.193.219.105/LaSalleBank.com/httpd/eewipjkwapdwajkdpdksaopdjksaopdkaopdakdopakdopakdopakdasopdj09qrwqewqkepajepekwqekwdosajkodsakdosakdosakdsaojdwqepwqjekpwqekwaopkdsapkd/update_card.htm
Phish site IP:

62.193.219.105
 
Analysis contributed by: APWG  
 
Overview
 
Phishing of a smaller regional (Chicago) bank.
 
E-mail
 
The email is quite well designed.
 
 

The sender is well spoofed, and the link is hidden. The policy described is urging, but not threatening - it could be persuasive.

Another example of a smaller regional bank being phished (LaSalle in Chicago is owned by ABN AMRO from Amsterdam).
 
Web Site
Visible link: Continue
Actual link to: http://62.193.219.105/LaSalleBank.com/httpd/eewipjkwapdwajkdpdksaopdjksaopdkaopdakdopakdopakdopakdasopdj09qrwqewqkepajepekwqekwdosajkodsakdosakdosakdsaojdwqepwqjekpwqekwaopkdsapkd/update_card.htm
Phish site IP:

62.193.219.105
 

When the phish site opens up, it looks almost exactly like the legitimate login page. However, a few important clues can be noticed:

  • The suspicious URL in the address bar - it is not hidden with any tech tricks;
  • The absence of a 'lock' icon in the status bar, indicating a secure, HTTPS session:
 
 
The phish site is hosted on a server registered in Paris:
 
WHOIS data (for IP 62.193.219.105) :

Registrant: AMEN 12 Rond-point Des Champs-elyssesPARIS 75008 FR

Domain Name: AMEN-PRO.COM

Administrative Contact: amen@amen.fr 12 Rond-point Des Champs-elysses PARIS 75008 FR 0892 55 66 77 fax: 01 40 87 76 89

Technical Contact: internic@amen.fr 12-14 rond point des Champs Elysees Paris France 75008 FR 33 892 55 66 77

Record expires on 03-Oct-2006.

Record created on 03-Oct-2001.

Database last updated on 9-Jul-2005 15: 14: 59 EDT.

Domain servers in listed order: PARIS.AMEN.FR NS2.AMEN.FR