Author |
Message |
suckemsillysheri
Master of Master Baiters
Joined: 25 Sep 2008
Posts: 785
|
Posted:
Mon Dec 15, 2008 8:25 pm |
|
I got the following e-mail appearing to be cimb bank.
Quote: |
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtTQ0w9Mg==
X-Message-Status: n:0
X-SID-PRA: Cimb Bank <[email protected]>
X-Message-Info: JGTYoYF78jFoFIPhvciEhGVi79ryW3S4dN2lVljGOP2jEAm6CMzWDb8brjL5tDpDCdXNmea7+Z0/8qfsX9qcujyxx7SrmDJC
Received: from tahan.mschosting.com ([202.75.42.30]) by bay0-mc1-f17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Sun, 14 Dec 2008 23:59:52 -0800
Received: from nobody by tahan.mschosting.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1LC8Mj-0007xa-EQ
for @hotmail.com; Mon, 15 Dec 2008 15:59:45 +0800
To: @hotmail.com
Subject: URGENT : Your account has been locked!
X-PHP-Script: www.sindora.com.my/Publication/Image/Promo/sendme.php for 72.4.242.166
From: Cimb Bank <[email protected]>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <[email protected]>
Date: Mon, 15 Dec 2008 15:59:45 +0800
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - tahan.mschosting.com
X-AntiAbuse: Original Domain - hotmail.com
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - tahan.mschosting.com
X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: sindora.com.my:/public_html/Publication/Image/Promo
Return-Path: [email protected]
X-OriginalArrivalTime: 15 Dec 2008 07:59:53.0574 (UTC) FILETIME=[1CF03860:01C95E8B]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body link="#CC3300" vlink="#CC3300" alink="#CC3300"><font face="Verdana, Geneva, sans-serif" size="-1">
<p><strong><font color="#CC0000">Dear CIMB Bank customer,</font></strong><br />
</p>
<p>We are hereby notifying you that we've recently suffered a DDos-Attack on one of our's Internet Banking server. For security reasons you must complete the next steps to verify the integrity of your CIMBClicks account. If you fail to complete the verification in the next 24 hours your account will be suspended.</p>
<p>Here's how to get started:</p>
<p><strong>1. </strong>Log in to <strong>CIMBClicks</strong> online account <strong><a href="https://www.cimbclicks.com.my/wps/portal/!ut/p/c0/04_SB8K8xLLM9MSSzPy8xBz9QJ_89Mw8_YJ0RUUAk9OZqw!!/">(click here)</a></strong>.</p>
<p><strong>2. </strong>You must request for <strong>TAC</strong> online via CIMBClicks - your TAC will be sent via SMS to the mobile phone number you registered at the ATM. <br />
( you can find the "<strong>request TAC</strong>" button in the left menu of your account )</p>
<p><strong>3.</strong> Logout from your account and close the browser.</p>
<p><strong>4.</strong> When you have received the <strong>TAC (Transaction Authorization Code)</strong> on your mobile phone, <strong>Log in to our secured verification server</strong> and submit the requested information(Account user ID, password and TAC).<a href="http://www.liftandlock.com/cmsimages/CIMB/CIMB-Secured-Server/command/VerifyTAC/Login/"><strong>CLICK HERE</strong> to go on our secured server.</a></p>
<p><strong>5.</strong> Please allow 48 hours for processing.<br />
</p>
<p><font color="#666666">Please comply and thanks for understanding.<br />
© 2008 CIMB Bank</font></p>
<p> </p>
<p><font color="#666666" size="1">Note: Please do not reply to this email. <br />
This mailbox is not monitored and you will not receive a response.</font></p>
<p></p></font>
</body>
</html> |
I do not understand this. It looks like the real bank, but I am sure that this link sent to my catcher account is bogus.
Real site:http://www.cimbclicks.com.my/
Fake site:[url]https://www.cimbclicks.com.my/wps/portal/!ut/p/c0/04_SB8K8xLLM9MSSzPy8xBz9QJ_89Mw8_YJ0RUUAk9OZqw!!/[/url]
Whois climbclicks.com.my
Quote: |
a [Domain Name] cimbclicks.com.my
b [MYNIC Registration No.] D1A068079
c [Record Created] 22-AUG-2006
d [Record Expired] 22-AUG-2009
e [Record Last Modified] 07-AUG-2008
|
The site was created 3 years ago.
Also, CIMB bank is listed in Old Coaster's List in Malaysia. |
_________________ 38 Fake Checks / Money Orders worth $393,970.79 USD
Prince otubor Kwabena - Accra, Ghana to Abidjan, Cote d'Ivoire
Barr. Kofi Williams Lome, Togo to Accra, Ghana (Wimped) Lome, Togo to Lagos, Nigeria
Mohammad Tofiki Accra, Ghana to Lagos, Nigeria
x15 x4 X3 x54 x6 x2 x3 x3
x3 x90 |
|
|
|
bill2
Baiting Guru
Joined: 10 Sep 2006
Posts: 5495
Location: Yeah who can tell me where I am?
|
Posted:
Mon Dec 15, 2008 8:57 pm |
|
IP Information for 203.153.95.27
IP Location: Malaysia Malaysia Vads Berhad Internet Service Provider Kuala Lumpur Malaysia
IP Address: 203.153.95.27 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]
SSL Cert: www.cimbclicks.com.my expires in 261 days.
Blacklist Status: Clear
Quote: |
Network Whois record
Queried whois.apnic.net with "203.153.95.27"...
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 203.153.80.0 - 203.153.95.255
netname: VPIS
descr: Vads Berhad, Internet Service Provider, Kuala Lumpur, Malaysia
country: MY
admin-c: BT162-AP
tech-c: BT162-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-MY-VADS
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20060405
source: APNIC
person: Boon Hock Tei
nic-hdl: BT162-AP
e-mail: [email protected]
address: 1st Floor, AHP Building
address: Jalan Tun Mohd Fuad 3
address: Taman Tun Dr Ismail
address: 60000 Kuala Lumpur
country: MY
phone: +6-03-7712-8888
fax-no: +603-77282584
mnt-by: MAINT-MY-VADS
changed: [email protected] 20060117
source: APNIC
|
|
_________________ I don't do bling, I just do lads |
|
|
|
Freddy
Elite Baiter
Joined: 11 Dec 2007
Posts: 1783
Location: Getting a nice "cofee", before I'm in a grave
|
Posted:
Mon Dec 15, 2008 9:07 pm |
|
This looks like phishing. |
_________________ Fake sites killed: x715
x3
THIS IS THE END OF YOUR LIFE. YOU HAVE ONLY 3 DAYS TO BE IN GRAVE. JUST GO AND GET YOUR SELF A NICE COFEE
Lion will soon consume you and you will have sex as you delight more on that with the dead |
|
|
|
Akai Ryu
Chuck Norris
Joined: 11 Jun 2007
Posts: 1369
|
Posted:
Mon Dec 15, 2008 9:08 pm |
|
It is phishing. I got the same exact message this morning.
There was a second link in the email which has already been killed. |
_________________ Several hundred fake escrows (and others) deaded--no longer counting.
aa419.org --dead a fake site today.
No, Akai, you're a wonderful bitch. --Reaper |
|
|
|
Ima Baeder
Baiting Guru
Joined: 03 May 2007
Posts: 18313
|
Posted:
Mon Dec 15, 2008 9:52 pm |
|
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|