Author |
Message |
undertowz
Stooge
Joined: 13 Nov 2008
Posts: 283
Location: location location
|
Posted:
Tue Jan 06, 2009 2:09 am |
|
This just landed in my catcher account and I'm not a RBC custie....BUT....any of the many grannies
and pedestrian users that are will read one line that will
scare the hair off their spaniel. The more I get into this cesspool
of online scamming human detritus the more ugly it gets.
As a baiter-with-heart I suppose I'll have to forward the email to
the fraud watchers at the RBC?????? That would be one small kick
at the cat and if I'm the real deal then I have to follow through????
n'est ce pas? ugh...
anyway...here's the pitch, complete with Royal Bank of Canada colours and logo:
Quote: |
Your RBC Royal Bank eStatement is ready
Online Banking
Dear Royal Bank Member,
We'd like to inform you that your Message Center has 1 new message.
Please log in immediately and read the message. The Message Center
contains only important information about your account and online banking.
Please follow this link in order to read your message:
http://wuwuwu.rbc.com/online-services.htmlulul33ted
ME: OK HERE'S #1 WHAT'S SCAREY
Choosing to ignore this message will result in a temporary suspension of
your account within 24 hours, until you will choose to solve this unpleasant situation.
Sincerely,
Royal Bank of Canada Online Banking
Please do not reply to this e-mail. Mail sent to this address cannot be
answered.
To receive email notifications in plain text instead of HTML, update your
preferences. |
#TWO What's scarey - that "RBC" link surprise surprise isn't hypertext.
You have to paste it in and it redirects to the IP address:
href="http://ip194-102-2OO9-87.adsl2.static.versatel.nl/user/.mrtg
/bin/online-services.html-l33ted The original mail was sent from
61.1OO.5.33 Korea, Republic of, Seoul. Grans reads the line saying
her account will be temporarily suspended and the
spaniel craps. She logs into the Dutch server and bangs in all her
numbers...ewwwww. She and the spaniel get clipped.
Being from Canada one gets to know how ultra conservo banks do things.
A Canuck bank would NEVVVER think of sending an email to warn a
customer that their acct will be suspended if they "ignore a [email]
message" . noooop never ever ever ---
add to this the wording is almost perfect - almost - until you hit the line
saying
Quote: |
result in a temporary suspension of your account within 24 hours,
until you will choose to solve this unpleasant situation. |
Not the Queen's English - "until you will solve"? nonsense...especially
from the Royal Bank. It would read "until you choose to solve" IF it was
an authentic RBC doc. Then
Quote: |
this unpleasant situation |
Can you imagine ANY bank referring to ANY banking matter as an "unpleasant situation"?
It could all be a groggy dream though. Ironic however, I'll run it past the
RBC security peeps using a catcher account because they'd likely think
I was in on the shite. caveat emptor
well blow my lips off |
_________________
D3rrick Blar3 M7CN - 2414 boxes, 68 refreshments, 2 months
"we want to avoid the puzzle thing again because it was really hard for my assistant to do it. And also it takes a lot of time"
Lords0n K0phy
"The method of playing scrabble to generate M7CN cannot be accepted by this company"
"How can Western Union ask a custormer whether he or she has been in witch craft and voodoo"
TOM SL0C0CK:
"After receiving your ID thou it was not that visable but with the use of our ultra-veiw mechain we can see the registration number"
3 oinks + I r.i.p'd 2 httpz
|
|
|
|
JumpinJayJay
Elite Baiter
Joined: 25 May 2007
Posts: 1762
Location: 'Straya
|
Posted:
Tue Jan 06, 2009 2:24 am |
|
|
|
|
Tsnerd
Not quite a Newb
Joined: 14 Jul 2005
Posts: 41
|
Posted:
Tue Jan 06, 2009 2:31 am |
|
Quote: |
repost in the fake bank forum |
Please don't.
It's a phishing email. We don't do anything with those.
Just delete it or report it to the RBC.
For helpful info as to which sites are for the FB, please read, starting here:
http://forum.419eater.com/forum/viewtopic.php?p=598185#598185 |
_________________
Fakers: many, many, lots; an SSL and a couple of Resellers.
x 6
AH, AH, AH! Two little ! |
|
|
|
JumpinJayJay
Elite Baiter
Joined: 25 May 2007
Posts: 1762
Location: 'Straya
|
Posted:
Tue Jan 06, 2009 3:13 am |
|
|
|
|
undertowz
Stooge
Joined: 13 Nov 2008
Posts: 283
Location: location location
|
Posted:
Tue Jan 06, 2009 4:10 am |
|
ts wrote
Quote: |
report it to the RBC. |
holy sheeot, not news I guess I'll google potential crap b4
I post must be 4 jillion for RBC alone
fwd'd it to their security thingie
live n learn |
_________________
D3rrick Blar3 M7CN - 2414 boxes, 68 refreshments, 2 months
"we want to avoid the puzzle thing again because it was really hard for my assistant to do it. And also it takes a lot of time"
Lords0n K0phy
"The method of playing scrabble to generate M7CN cannot be accepted by this company"
"How can Western Union ask a custormer whether he or she has been in witch craft and voodoo"
TOM SL0C0CK:
"After receiving your ID thou it was not that visable but with the use of our ultra-veiw mechain we can see the registration number"
3 oinks + I r.i.p'd 2 httpz
|
|
|
|
dh_mac
419Eater is my life
Joined: 21 Nov 2007
Posts: 289
Location: Vancouver.. or AM I?!?
|
Posted:
Tue Jan 06, 2009 4:12 am |
|
If anything.. its good that the phish is so amateur (cutting & pasting/ no hyper linkie..)
Email RBC and if you really want to do a good deed.. report them to the Consumer Information of Canada and they have a link on the left to file a complaint. Then there is the [email protected] & [email protected]
Don't hold your breath for any big arrests. But you do get the warm fuzzy feeling of trying to do something right.. |
_________________ "what do you want from me.. i can kill you if you don't stop writing me.. i can perform african wonders that will drop you death." Dr-Y-Qasi3y
"..SCAN ME THE BANK RECEIPT AGAIN AND MAKE SURE YOU SCAN IT PROPERLY SO THAT IT CAN BE SEEINGABLE." Mr_Berkley
"...WHAT DO YOU WANT ME TO DO UNH, TO KILL MY SELF BECAUSE OF A PARCKAGE.." Androse V1ncent-another satisfied customer of ParcelDirect
"..I AM TOTALY DISAPONTED THE WAY YOU ARE TAKING THIS TRANSACTION ...IF I HAVE KNEW YOU ARE GOING TO TAKE THIS TRANSACTRION THIS WAY ..I WIL NOT CONTACT YOU FOR THE FIRST TIME"-DR_Usman
|
|
|
|
grooble
Master Baiter
Joined: 01 Dec 2008
Posts: 127
Location: drifting in the cloud
|
Posted:
Tue Jan 06, 2009 11:17 am |
|
You might want to report it here too:
http://www.phishtank.com/ |
_________________ Time on my hands, lets have fun...
"Please i very angry with you John.You disrespect me very bad.I no happy." - p@k5w@ng Dec 2008
"WE WISH TO CONFIRM IF YOUR SERIOUS OR NOT BECAUSE YOUR MAILS SOUNDS AS SOME ONE WHO DOESN’T KNOW AND UNDERSTAND WHAT HE IS DOING" - Fr3d D4n13ls Jan 2009
At me from it already the head to break up - N4t0li4n4 gives her testimonial to M7CN S3cur3. 649 clicks and counting
you’re a great liar and sounds like a criminal too - Fr3d D4n13ls - Feb 2009
Not to worry as soon as we get it rolling everything go according to plan - p@k5w@ng Feb 2009 (that's what you think m8 ) |
|
|
|
pablo
419Eater is my life
Joined: 10 Jul 2008
Posts: 366
|
Posted:
Tue Jan 06, 2009 2:39 pm |
|
Phishing emails looking for bank access information are among the most dangereous to the innocent victims. My RL email address has been valid for many years. I post to news groups using my RL email address. I get phishing emails several times a week.
From a baiting perspective they are no fun. Their success depends on them harvesting as many bank acoounts as possible until they are shut down. I often get phishing emails friday evenings and this year 4 on Christmas eve, times when victims are likely to be on line and security may be at home.
The scripts and fake web pages are on hacked web sites. The general phishing script points to a fake web page and often to a second web page.
Recently I have started to see a new form of phishing that sends out a second visually identical phishing email after the first one the only difference is the links. The scammers are hopping it will be ignored after the first sites are shut down. The first I saw like this was about October, nine minutes after I got the first email the first site was dead, I don't know why I even looked at the duplicate email that had just arrived in detail but six minutes later it too was dead. I now check them all.
The hacked websites are innocent victims often limited access club websites for hobbists. Normal access to these websites usually doesn't change, just the addition of an extra web page accessable by a URL.
Banks have email addresses to forward a phishing email to. (Sometimes hard to find on their websites.) Time is of the essence. The website owners and ISP providers are very co-operative in killing the hacked pages.
p. |
|
|
|
|
undertowz
Stooge
Joined: 13 Nov 2008
Posts: 283
Location: location location
|
Posted:
Tue Jan 06, 2009 5:47 pm |
|
Thanks all for replies and advice. I did forward the scam and link to the
bank's security link. As I said it appears the RBC has been a target for years
and the sheer volume of reports from a google search seems overwhelming.
It's all news to me since I just started down the road to baiting ruin so
I'll soon streamline where I want to go with it all.
Worst part of the entire baiter exercise for me? I'm finding the amount
of time I'm burning up to make reports, baiting phuqs, follow threads etc etc.
is huge.
I'll have to narrow it all down and concentrate on one or two.
or..quit work and leave my brain to science.
|
_________________
D3rrick Blar3 M7CN - 2414 boxes, 68 refreshments, 2 months
"we want to avoid the puzzle thing again because it was really hard for my assistant to do it. And also it takes a lot of time"
Lords0n K0phy
"The method of playing scrabble to generate M7CN cannot be accepted by this company"
"How can Western Union ask a custormer whether he or she has been in witch craft and voodoo"
TOM SL0C0CK:
"After receiving your ID thou it was not that visable but with the use of our ultra-veiw mechain we can see the registration number"
3 oinks + I r.i.p'd 2 httpz
|
|
|
|
undertowz
Stooge
Joined: 13 Nov 2008
Posts: 283
Location: location location
|
Posted:
Wed Jan 07, 2009 6:37 am |
|
Bada Bing!!!
That didn't take too long. A visit to the hacked site link in the original
RBC email I posted reveals the following message tonight.
Worth a look - nice scarey coloured warning page...
http://ip194-102-209-87.adsl2.static.versatel.nl/user/.mrtg/bin/online-services.html
Quote: |
Reported Web Forgery!
This web site at ip194-102-209-87.adsl2.static.versatel.nl has been
reported as a web forgery and has been blocked based on your security
preferences.
Web forgeries are designed to trick you into revealing personal or
financial information by imitating sources you may trust.
Entering any information on this web page may result in identity theft or other fraud.
|
my first kill |
_________________
D3rrick Blar3 M7CN - 2414 boxes, 68 refreshments, 2 months
"we want to avoid the puzzle thing again because it was really hard for my assistant to do it. And also it takes a lot of time"
Lords0n K0phy
"The method of playing scrabble to generate M7CN cannot be accepted by this company"
"How can Western Union ask a custormer whether he or she has been in witch craft and voodoo"
TOM SL0C0CK:
"After receiving your ID thou it was not that visable but with the use of our ultra-veiw mechain we can see the registration number"
3 oinks + I r.i.p'd 2 httpz
|
|
|
|
grooble
Master Baiter
Joined: 01 Dec 2008
Posts: 127
Location: drifting in the cloud
|
Posted:
Wed Jan 07, 2009 9:55 am |
|
Sorry to say undertowz - it is still there (09:50 GMT 07Jan2009) but you have got to step 1.
The message you are getting is from your browser that is now detecting it as a Phishing site. (I'm guessing firefox?) The poor fools who are using MSIE will still go straight there without a warning...try it.
Somewhere on that message you might find and 'ignore' button that will still open the page...
Have you reported to abuse[at]versatel.nl? |
_________________ Time on my hands, lets have fun...
"Please i very angry with you John.You disrespect me very bad.I no happy." - p@k5w@ng Dec 2008
"WE WISH TO CONFIRM IF YOUR SERIOUS OR NOT BECAUSE YOUR MAILS SOUNDS AS SOME ONE WHO DOESN’T KNOW AND UNDERSTAND WHAT HE IS DOING" - Fr3d D4n13ls Jan 2009
At me from it already the head to break up - N4t0li4n4 gives her testimonial to M7CN S3cur3. 649 clicks and counting
you’re a great liar and sounds like a criminal too - Fr3d D4n13ls - Feb 2009
Not to worry as soon as we get it rolling everything go according to plan - p@k5w@ng Feb 2009 (that's what you think m8 ) |
|
|
|
Dutch
Baiting Guru
Joined: 22 Nov 2007
Posts: 4204
Location: Dislocated
|
Posted:
Wed Jan 07, 2009 10:39 am |
|
^ should be abuse<at>versatel.net. I've just sent them an abuse report. |
_________________ deadified fake websites) x 374
x11 x a couple
Yes we can! (with a bit of help) |
|
|
|
pablo
419Eater is my life
Joined: 10 Jul 2008
Posts: 366
|
Posted:
Wed Jan 07, 2009 12:29 pm |
|
This site is still live. I sent email to the RBC security and to the hosting ISP.
EDIT: I have had a generic response from RBC not from the ISP It is still up.
p. |
|
|
|
|
undertowz
Stooge
Joined: 13 Nov 2008
Posts: 283
Location: location location
|
Posted:
Wed Jan 07, 2009 5:33 pm |
|
Quote: |
Sorry to say undertowz - it is still there |
argh right you are didn't realise it was a Fox notice
sent report to RBC yesterday and got same generic reply as pablo
also sent to versatel.net and versatel.nl
noticed versatel listed in dns records to many suspect sites
and wonder if they're not an indifferent ISP to begin with
oh well...we've led the horse to water
thanks for followupz |
_________________
D3rrick Blar3 M7CN - 2414 boxes, 68 refreshments, 2 months
"we want to avoid the puzzle thing again because it was really hard for my assistant to do it. And also it takes a lot of time"
Lords0n K0phy
"The method of playing scrabble to generate M7CN cannot be accepted by this company"
"How can Western Union ask a custormer whether he or she has been in witch craft and voodoo"
TOM SL0C0CK:
"After receiving your ID thou it was not that visable but with the use of our ultra-veiw mechain we can see the registration number"
3 oinks + I r.i.p'd 2 httpz
|
|
|
|
|