U.S. Bank - 'U.S. Bank Online Access Blocked User Compromised'
15-Jul-2004
Summary
Email subject:
'U.S. Bank Online Access Blocked User Compromised'
Scam target:
U.S. Bank customers
Email format:
HTML email
Sender:
'service@usbank.com'
Sender spoofed?
Yes
Scam call to action:
'We regret to inform you, that we had to lock your U.S. Bank, Online Access...To reactivate your account, click on the link below and confirm your identity...'
Scam goal:
US Bank websete username/password, credit/debit card PIN and expiration date.
Another phish that relies on simple and casual looking design and low profile to slip by unnoticed. The phish message is simple and to the point. The sender looks OK (the phishers usually spoof the senders), and the link looks fine too (it is, in fact, a text, looking like the usbank.com login page, associated with another URL).
The site is an almost perfect replica of the legitimate US Bank site. The path in the URL looks nice, but the domain is NOT usbank.com :
However, the site does look nice, and could fool inexperienced users - many people don't take time to decipher the URL they see.
The next page keeps a low profile, too. It does not require a lot of information, and therefore is not too suspicious:
A nice looking login screen follows. Notice, again the phishy URL. Another clue of phishing - you don't get the usual 'entering a secure zone' type notification from your browser. Using secure sites is a standard with established companies.
_email.jpg)
_site1.jpg)
_site2.jpg)
_site3.jpg)