Salin Bank Account Phishing Attempt- with a Twist!
This one is a really interesting scam as the phishing attempt does not use a fake website in an attempt to elicit bank account information, but rather a toll free telephone number and an automated system in an effort to collect Salin Bank credit card numbers, expiration date and PIN code data. This is certainly an escalation of effort and a savvy use of technology from the fraudsters who are probably using a VOIP / Linux application. Since it used a telephone as part of the scam this could further be identified as a “vishing” attempt.
The email appears to have been routed through Amundsen Food Equipment mail servers in an effort to obfuscate the email sender’s originating IP address.
++++++++++++++++++++++++++++++++++++++++++
From: Salin Bank [mailto:memberservice@salin.com]
Sent: Saturday, August 02, 2008 10:15 PM
Subject: This is not a promotional e-mail.
|
|
|
|
||
|
|
Dear CardHolder, This is not a promotional e-mail. Please call us immediately at 1-(800) 805-7110 regarding recent activity on your account. We’re available 24/7 to take your call. Please disregard this e-mail if you’ve already call us since the date this e-mail was sent. We appreciate your prompt attention to this matter. Thank you
|
|
++++++++++++++++++++++++++++++++++++++++++
Investigator Notes:
1. The email was sent without a “To” field so that additional recipients could not be identified. Most legitimate emails to account holders and customers are sent directly to the recipient and are often personalized with the account holder’s name in the email.
2. The recipient of the email does not have an account with Salin Bank.
3. The 800 number provided in the email could not be identified as a legitimate Salin Bank telephone number and is not listed on the Salin Bank website.
4. When calling the provided telephone number, (800) 805-7110, the message and voice prompts do not identify the bank by name before asking for credit card account information. It should be noted that the message heard when calling the number provided on the Salin Bank website is professionally recorded while the message and prompts heard when calling the fake telephone number sound like they were recorded using crude text to speech software; a lack of expected quality is generally a huge red flag when investigating fake corporate identity claims and counterfeit products.
5. Advanced investigation techiniques: The email’s originating IP is 98.174.167.159, which is assigned to Amundsen Food Equipment’s mail server, mail.afeok.com. There is no reasonable or legitimate explanation why Salin Bank would route email through another company’s email server. Fraudsters will often exploit weaknesses in mail servers in order to hide their identities.
Tags: phishing attempt, vishing
August 20th, 2008 at 10:04 am
[...] card numbers, expiration date and PIN code data. More accurately a "vishing" attempt.http://www.smellsphishytome.com/2008/08/salin-bank-account-phishing-attempt-with-a-twist/From CouncilThe Fort Wayne Common Council appointed Thom Obergfell and Casey Cox to serve on the [...]
October 10th, 2008 at 11:41 am
[...] free telephone number and an automated system in an effort to collect salin bank credit card numbhttp://www.smellsphishytome.com/2008/08/salin-bank-account-phishing-attempt-with-a-twist/Consumers Again Inundated with Calls from Salin Bank - eNews Park ForestThe scam was targeted [...]
October 21st, 2009 at 9:10 am
I manage the network at Amundsen Food Equipment. We became aware of this problem shortly after it began. Noticing a sudden drastic increase in outbound email traffic, we investigated and found that one of our PCs had been compromised with several viruses. Upon removing the PC from the network for maintenance, the fraudulent emails stopped immediately.
I imagine we were not the only company to be used in this scheme, so be careful, there’s plenty of fraud still out there.