Phish of the Day: Macquarie Bank

I don't usually bother reporting phish, but this one appears to be from the same rats that are bringing us the current spate of employment scams. The image in the spam is a link to http://www.macquarie.com.au.retail.customercare.korinc.org/r1/conf/ (note that it's a subdomain of "korinc.org", registered 17-Jul-2006 19:29:25 UTC). The aspect which suggests a tie back to the employment scam rats is the pattern of filter-buster text used in conjunction with the image: "are but, how best you, very good best why of" and so on. This is the same pattern as reported earlier for various job scams.

In case you're not familiar with why these would be sent by the same gang, the scam goes like this. The rats gain access to various online bank accounts by sending out phishing spam. Then they send out employment spam which involves other parties acting as "payment processors". Using their ill-gotten access to online bank accounts, they transfer money from the phishing victims to the employment scam victims. The employment scam victims then forward the money via Western Union or Money Gram, and the rats have their profit. Meanwhile, the phishing victim finds that his money has gone to the employment scam victim, and they get to argue over who gets their money back.