Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2005-04-05

Phish of the Day: Regions

At a casual glance, I'm doubtful as to whether this phish comes from the same hive of scum and villainy as the previous one. This one was received from 207.234.145.115 (dns1.dexma.it, mail.dexma.it) on Tue, 05 Apr 2005 16:53:40 +0000. Text as follows, minus the Regions bank image, which I don't want to use without permission.

<img src="http://www.regions.com/images/header_right.gif">
          Dear customer,

due to concerns, for the safety and integrity of the Internet Banking community we have issued this warning message. It has come to our attention that your account information needs to be updated due to inactivity.

 
If you could please take 5-10 minutes of your online experience and renew your records you will not run into any future problems with the online service. However, if you choose to ignore our request, you leave as no choice but to temporary suspend your account.
Please use the link below to access our mainframe database verification system and confirm the information we have on file for your account.

https://secure.regionsnet.com/EBanking/logon/user

 

Note: Requests for information will be initiated by Regions Business Development; this process cannot be externally requested through Customer Support.

If you have any questions, feel free to contact our customer support department any time at:
- support@regions.com

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire system.

 

Sincerely,
Regions Bank Management.

The actual link was to http://allvisions.com/secure.regionsnet.com/EBanking/logon/index.html, which is interesting, because allvisions.com has IP address 207.234.145.140, making it a close neighbour of the host from which the email was sent. I suspect that allvisions.com has had their hosting account compromised by this phisher, and I've alerted them to the problem.

No comments: