register
-- Home
-- Phishing Archive
-- Report Phishing
-- Events
-- APWG News
-- Resources
-- Membership
-- APWG Member Site
-- Contact Us
-- JOIN THE APWG
 
LATEST NEWS IN THE FIGHT AGAINST PHISHING:		  
 
 
     
     
     
     
 

Sky- 'Sky Informs You!'
28-June-2005

Summary
Email title: 'Sky Informs You!'
Scam target: Sky Financial customers
Sender:

"Sky Bank"

Sender spoofed/hidden? Spoofed
Scam goal: Getting victim's credit card information, ATM PIN number, social security #, etc.
Phish link method: URL link
Link 'masked'? Yes
Visible link: SIGN IN
Actual link to: http://61.129.33.105/secured_site/www.skyfi.com/index.html?MfcISAPICommand=SignInFPP&UsingSSL=1
Phish site IP:

61.129.33.105
 
Analysis contributed by: APWG  
 
Overview
 
Phishing the customers of a smaller bank.
 
E-mail
 
The email is quite well designed.
 
 

The sender is well spoofed, and the link is hidden. The policy described is urging, but not threatening - it could be persuasive.

Another example of much smaller companies being phished.
 
Web Site
Visible link: SIGN IN
Actual link to: http://61.129.33.105/secured_site/www.skyfi.com/index.html?MfcISAPICommand=SignInFPP&UsingSSL=1
Phish site IP:

61.129.33.105 (Still online as of July 9, 2005)
 

When the phish site opens up, it looks almost exactly like the legitimate login page. However, a few important clues can be noticed:

  • The suspicious URL in the address bar - it is not hidden with any tech tricks;
  • The absence of a 'lock' icon in the status bar, indicating a secure, HTTPS session:
 
Once you provide login credentials, the site asks you for a whole range of personal information.