Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2005-04-30

Phish of the Day: SouthTrust

Received a nasty little phish from 83.197.153.171 (AMontpellier-252-1-21-171.w83-197.abo.wanadoo.fr.) on Fri, 29 Apr 2005 20:23:42 +0000. This is of the variety that presents the whole text as a GIF image, and uses a HTML "imagemap" trick to cover up the real URL. The text was as follows.

Dear SouthTrust bank customer,

Technical services of the SouthTrust bank are carrying out a planned software
upgrade. We earnestly ask you to visit the following link to start the procedure of
confirmation of customers' data.

https://www.southtrust.com/st/PersonalBanking/custdetailsconfirmation

Please do not answer this email -- follow the instructions given above.

We present our apologies and thank you for co-operating.

The actual link was to http://confinfodll.com, which was well and truly unreachable by the time I got around to checking it, thankfully. I've seen reports of this particular phish elsewhere, and those reports said that the site contained malicious payload that would try to compromise your computer, if it was using a vulnerable version of Internet Explorer. Be aware of the danger, folks!

1 comment:

Daniel Lam (Hong Kong) said...

Hey,

My advice to avoid being damaged by this type of maliculous hoax is to use Opera. I have recieved one today and as I pointed my mouse to the gif image, the link to the "http://confinfodll.com" site was not 'blocked' as you mentioned. Instead, it pops right up next to the pointer. Also, since the target was IE, nothing would happen when you access the site with Opera. Besides that, I always believe that using a browser that has the options to disable Java, Java Script and block pop-ups is always better than using IE.