Phish of the Day: HSBC

Today's phish has yet another variation on the theme of "reasons why you need to log in to your Internet banking account right this very minute via this link." This one was sent to a harvested ".au" address, so Australians beware -- you're probably the targets here. The message was received from 85.137.9.156 (rDNS not properly configured, but belonging to auna.net in Spain from what I can surmise) on Sun, 17 Apr 2005 21:04:25 -0000.

Dear client

[HSBC logo]

Internal mail warning You did not read our internal security message that have been dispatched last week. You have received an important internal message from our bank concerning your account status. You got this email due to the fact that all other ways of contacting you were either not specified or did not reach you. We strongly advise you to review the message as soon as possible. Read the message now Note: you have to be logged in the HSBC online banking service

Thank you for your understanding, HSBC Customer Care

The actual link is to http://202.22.193.242/onlinebanking/index.htm, which contains a copy of the original HSBC banking page, modified to suit the phisher's needs. That particular host is in Bangladesh, of all places, and it's pretty darn slow. I haven't investigated it in great detail, because the HSBC website (and consequently its phishy clone) is one of those obnoxious sites that's picky about which browser you use, and I'm not using Internet Explorer. Thus, all I get is an incompatibility notice.

Advice for the day: ignore warning messages like this. If it really is your bank, and they really do suspend your Internet banking access or such, then switch to a better bank.