Something Smells Phishy To Me…

++++++++++++++++++++++++++++++++++++++++++

From: security.alert@colonial.com
Sent: 8/8/2008 7:52:04 P.M. Central Daylight Time
Subj: Important Security Alert!!!

Dear Customer,

During Our Security Maintenance and SSL Secure Servers Upgrade, Our technical services team noticed a slight error on your personal information. This might be due to either of the following reasons :

1) A recent change in your personal information.

2) Your Account has been accessed from a Foreign IP.

3) Submitting invalid information during initial sign in process.

Due to this, you are requested to Update and Verify your information by following the link below.

To get started, please click the link below:

colonialbank.com/
*Important*

We have asked few additional information which is going to be the part of secure login process. These additional information will be asked during your future login security so, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Colonial Bank Customers Support Service.
++++++++++++++++++++++++++++++++++++++++++

Investigator Notes:

1.  The email was sent without a “To” field so that additional recipients could not be identified.  Most legitimate emails to account holders and customers are sent directly to the recipient’s email address and are often personalized with the account holder’s name in the email.

2.  The included link, colonialbank.com, points to a URL which is obviously not a Colonial Bank website:

sign-art.co.kr/board/data/new3/col.html

It should be noted that this was one of the best “knock-off” websites that I have seen to date.  All links point to Colonial Bank’s actual website with the exception of the Username and Password Login form.  Once login information is entered the visitor is taken to an “identitiy confirmation” page where the scammers also attempt to get answers to common security questions.  This South Korea based fake website is one of the longer-lived ones I’ve come across, too, having been online now for several days.

3.  Bank accounts are the most desireable accounts to phishermen.  Extra precaution should always be taken when receiving suspicious emails ragarding bank accounts.

4.  Spelling and/or grammatical errors.

Tags: bank account, phishing attempt

This entry was posted on Tuesday, August 12th, 2008 at 9:03 am and is filed under Phish Bait (Scam Emails). You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.