Various bits of flotsam that washed up on our computers, before we moved to a better blog system in November 2004. Now a repository for YouTube videos and testing new tools. Go to http://www.b12partners.net/wp/ for more recent content.

Sunday, July 04, 2004

Spam

almost clever enough spam, received today in my Eudora "junk" folder, allegedly from "U.S. Bank"

Dear U.S. Bank valued customer:

In an effort to protect your U.S. Bank account from fraudulent activities, we
have upgraded our security software.

Your account will be automatically upgraded once you enter your security
information in order to verify your identity. Access to your bank account will
not be interrupted and will continue as normal. However, failure to do this may
result in your account suspension for a certain period of time.

Please fill in your account information below:



The link says:
U.S Bank Internet Banking
but the IP number you are sent to if you are foolish enough to click is 193.251.140.195

Lookup has started ...

Non-authoritative answer:
195.140.251.193.in-addr.arpa name = mail.mbs.mg.


traceroute led to:
traceroute to 193.251.140.195 (193.251.140.195), 30 hops max, 40 byte packets
...
4 ord3-core3-pos5-0.atlas.algx.net (165.117.56.13) 10.09 ms 16.143 ms 6.521 ms
5 ord3-core10-pos6-0.atlas.algx.net (165.117.48.86) 6.525 ms 6.531 ms 6.672 ms
6 ord3-peer11-pos7-0.atlas.algx.net (165.117.48.38) 9.076 ms 8.378 ms 6.163 ms
7 206.111.2.5 (206.111.2.5) 6.886 ms 7.22 ms 8.484 ms
8 p5-0-0.rar2.chicago-il.us.xo.net (65.106.6.137) 6.965 ms 7.767 ms 7.148 ms
9 p6-0-0.rar1.nyc-ny.us.xo.net (65.106.0.30) 32.311 ms 32.546 ms 32.453 ms
10 p0-0.ir1.nyc-ny.us.xo.net (65.106.3.38) 36.709 ms 32.133 ms 32.391 ms
11 206.111.13.10.ptr.us.xo.net (206.111.13.10) 32.12 ms 32.549 ms 33.428 ms
12 p2-0.nykcr3.new-york.opentransit.net (193.251.241.241) 32.663 ms 32.532 ms 32.58 ms
13 p4-0.pascr1.pastourelle.opentransit.net (193.251.241.133) 116.422 ms 108.985 ms 108.354 ms
14 p12-0.pascr2.pastourelle.opentransit.net (193.251.241.98) 108.08 ms 111.482 ms 108.162 ms
15 p8-0.bagbb2.bagnolet.opentransit.net (193.251.241.118) 118.447 ms 109.05 ms 108.49 ms
16 p6-0-0.bcnar1.bercenay.opentransit.net (193.251.242.146) 144.127 ms 267.191 ms 208.658 ms
17 dts-madagascar.gw.opentransit.net (193.251.252.110) 653.22 ms 654.954 ms 652.117 ms
18 193.251.141.248 (193.251.141.248) 653.786 ms 653.848 ms 653.105 ms
19 10.10.10.14 (10.10.10.14) 672.944 ms 787.767 ms 656.367 ms
20 mail.mbs.mg (193.251.140.195) 962.878 ms 845.888 ms 833.412 ms


I'm guessing that this site is located somewhere in Madagascar. Maybe that's U.S. Bank's new tax dodge location, but I doubt it.

The actual U.S. Bancorp lookup:
Lookup has started ...

Non-authoritative answer:
usbank.com nameserver = ns3.usbank.com.
usbank.com nameserver = ns1.usbank.com.

Authoritative answers can be found from:
ns1.usbank.com internet address = 156.36.1.18
ns3.usbank.com internet address = 170.135.240.25


I wonder how successful such 'phishing' is? I suppose I would have looked more carefully if I was an actual U.S. Bank customer.

I guess all it would take to be profitable is a few suckers a month who respond....

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home