Anti-Phishing Working Group: eBay- 'Account Suspension Notice

LATEST NEWS IN THE FIGHT AGAINST PHISHING:

Bank One- 'Bank One security upgrade'
24-Nov-2004

Summary

Email title:	Various subjects, including 'bank one security upgrade', 'urgent bank one notice', 'notice for bankone customers', etc.
Scam target:	Bank One customers
Email format:	HTML email
Sender:	support@futurtech.net
Sender spoofed?	No
Scam call to action:	'You Have Mail! Please check your secured inbox for detailed information...Please login to your account and go to the Account Maintenance to read your secured mail...'
Scam goal:	Getting victim's Bank One username/password
Phish link method	A button in the HTML e-mail
Visible link:	a 'Log in' button
Actual link to	http://www.futurtech.net/clientszone.php
Phish website hosted on:	futuretech.net - a legitimate enterprise domain, obviously trojanned

E-mail

This particular phish was massivly sent in a wave the last couple of days. It is basically a HTML email designed to look like the Bank One legitimate site. It tells you that you have a new mail, and urges you to 'log in':

As nice as it looks, it is still an email, and not the legitimate site. The sender looks suspicious, too. Remember - never enter sensitive information in an email, unless it is specifically secured (and mass e-mail IS NOT). The legitimate institutions will never demand such data in an email - they will use a HTTPS secured session instead.

Web Site

Visible link:	a 'Log in' button
Actual link to	http://www.futurtech.net/clientszone.php
Phish website hosted on:	futuretech.net - a legitimate enterprise domain, obviously trojanned

In this case, the phish site is just a 'mailbox' - a data collector for the phished information. It uses a legitimate company's site - most probably trojanned.