SmartFeedSmartFeed          



WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 publicbanksecurity.com

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Baitsamurai
Baiting Guru


Joined: 30 Mar 2010
Posts: 2186
Location: in the mind of my pet-lad


PostPosted: Mon Apr 19, 2010 5:47 am Reply with quoteBack to top

Here is something nasty for the Sitekillers.

http://www.publicbanksecurity.com/

Got is with a ASEM this morning.

Quote:
Your Public Bank Internet Banking has been locked due to some internal issues.
In order to unlock your Internet Banking, follow these steps:

1. Visit our website: http://www.publicbanksecurity.com 2. Logon to the Internet Banking using your username and password.
3. Confirm your mobile phone number by entering the TAC you receive.
4. After confirming your account, log out. Your account access will be restored.


Thank you for using Public Bank.



from [email protected]

All links are going back to PBeBank.com which seems genuine.

_________________
PROTECT VICTIMS - POST SCAMMAILS: SCAMWARNERS

"u dis fucking ingrate, *DELETED*!"
"YOU ARE VERY VERY STPEID MAN FUK YOU WITH YOUR MONEY"
"you are a thief i know you ....fbi is coming for you"
"YOU WILL RUST IN HELL YOU BASTERD"
"I don't mean no disrespect but i don't like that word cunning,I mean this is a charity work for Christ's sake"
Easter Egg 2011 Closed lad accounts x84 x124 Mortar United KingdomGermanyUnited States
Safari C0nv0y/P4tr1ck Co-Bait with Boris_YELLsome: Lagos-Abuja-Lagos-Cotonou

Don't ever worry about seeming stupid. We're baiters. We do a lot of silly things in our baits. (Ima Baeder)
View user's profileSend private message
Loge
Not quite a Newb


Joined: 10 Apr 2010
Posts: 62
Location: under the snake


PostPosted: Mon Apr 19, 2010 10:05 am Reply with quoteBack to top

IP Address: 98.136.50.138
IP Location: California - Sunnyvale - Yahoo! Inc

WHOIS
Quote:
Domain Name.......... publicbanksecurity.com
Creation Date........ 2010-04-19
Registration Date.... 2010-04-19
Expiry Date.......... 2011-04-19
Organisation Name.... Chris Twarogowski
Organisation Address. 9146 Richards dr.
Organisation Address.
Organisation Address. Mentor
Organisation Address. 44060
Organisation Address. OH
Organisation Address. UNITED STATES

Admin Name........... Chris Twarogowski
Admin Address........ 9146 Richards dr.
Admin Address........
Admin Address........ Mentor
Admin Address........ 44060
Admin Address........ OH
Admin Address........ UNITED STATES
Admin Email..........
Admin Phone.......... +1.4402576117
Admin Fax............

Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email...........
Tech Phone........... +1.4089162124
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com


The site claims to be VeriSign secured. Not sure how exactly this can be proven false, but as far as I understand the VeriSign link should be javascript like for example on this site:
https://www.trustthecheck.com/trustthecheck/ssl/default.aspx

Quote:
<script src=https://seal.verisign.com/getseal?host_name=www.trustthecheck.com&size=S&use_flash=YES&use_transparent=YES&lang=en></script>


But publicbanksecurity.com uses a simple anker tag for the link that looks very suspicious to me:
Quote:
href="https://servicecenter.verisign.com/cgi-bin/Xquery.exe?Template=authCertByIssuer&amp;remote_host=https://digitalid.msctrustgate.com/secure/cgi-bin/haydn.exe&amp;form_file=../fdf/authCertByIssuer.fdf&amp;issuerSerial=6fad9ec0b33468c07a48e3db47f67818"
target="_blank"><img src="login_data/login_trustgate.gif" width="73"
border="0" height="41">


justjay once said:
Quote:
Go to the verifying authority's website and check the verification. VeriSign verification should be done at http://www.verisignsecured.com/. Do not rely on the popup from the website you are investigating!


But http://www.verisignsecured.com does forward to https://www.trustthecheck.com/. Not sure how to actually verify it...

Also according to the source some of the links go to http://www.cpbebank.com and this site also looks suspicious after a short look:

Quote:
Registration Service Provided By: RESELL.BIZ
Contact: +1.0000000000
Website: http://Resell.biz

Domain Name: CPBEBANK.COM

Registrant:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000

Creation Date: 30-Jun-2009
Expiration Date: 30-Jun-2010

Domain servers in listed order:
ns2.cpbebank.com
ns1.cpbebank.com

Administrative Contact:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000

Technical Contact:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000

Billing Contact:
Not Applicable
Public Bank Berhad ([email protected])
No 1, Jln Air Hitam Kaw Institusi B. Baru Bangi
Kajang
Selangor,43000
MY
Tel. +1.0389268418
Fax. +00.0000000

Status:ACTIVE


EDIT:
Ok, cpbebank.com seems to be a legit subbranch of PBEBANK.COM.

EDIT2:
Hmmmm, both pbebank.com and cpbebank.com use the same anker link for VeriSign verification as described above (both are on the pbebank server):
https://www2.pbebank.com/cpmain.html
https://www2.pbebank.com/main.html

So they seem to use an alternate verifying mechanism (msctrustgate.com)?

Either way this certificate is only valid for pbebank.com (because of this the cpbebank.com login site is actually on pbebank.com) and certainly not for publicbanksecurity.com.
View user's profileSend private message
fashmo
Elite Baiter


Joined: 01 May 2006
Posts: 1692


PostPosted: Mon Apr 19, 2010 11:04 am Reply with quoteBack to top

Phising only no content
Testing his/hers handywork
http://www.publicbanksecurity.com/main_files/fuckkk$.txt

Report to phishtank/ Netcraft
http://www.phishtank.com/ <<<<<<< Done
Win an ipod <<<< Done

Changed state to n/a as we dont deal with phishers here

_________________
Easter 2015 Win an ipod
Why the insult you are raining on me

The correction regarding your gender is noted.
The word sir is an official rerm used as a mark of respect irrespective of sex

Send to me your private phone number so as to enable me talk to you earball to earbell

Easter Egg 2013United Kingdom x 2
Italy x 1 Wheel of Rome
Netherlands x 1


Last edited by fashmo on Mon Apr 19, 2010 11:40 am; edited 1 time in total
View user's profileSend private message
Loge
Not quite a Newb


Joined: 10 Apr 2010
Posts: 62
Location: under the snake


PostPosted: Mon Apr 19, 2010 11:16 am Reply with quoteBack to top

fashmo wrote:

Testing his/hers handywork
http://www.publicbanksecurity.com/main_files/fuckkk$.txt

Shocked

Just out of curiosity: how did you find this file?
View user's profileSend private message
fashmo
Elite Baiter


Joined: 01 May 2006
Posts: 1692


PostPosted: Mon Apr 19, 2010 11:38 am Reply with quoteBack to top

The phising page loads from a frame
http://www.publicbanksecurity.com/main_files/login.htm

Knock off the login.htm
and goto
http://www.publicbanksecurity.com/main_files/

All deaded now Very Happy

_________________
Easter 2015 Win an ipod
Why the insult you are raining on me

The correction regarding your gender is noted.
The word sir is an official rerm used as a mark of respect irrespective of sex

Send to me your private phone number so as to enable me talk to you earball to earbell

Easter Egg 2013United Kingdom x 2
Italy x 1 Wheel of Rome
Netherlands x 1
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT