| Author |
Message |
leonsumbitches
Elite Baiter
Joined: 15 Oct 2010
Posts: 1046
Location: I'm out there, where every man wants to be
|
 Posted:
Tue Dec 07, 2010 5:03 am |
  |
Please add to DB. I would like to report this on behalf of all of Sven Tanstaafl.
URL: http://mail.callem.com.sa/scotiaonline/ca/start.jsplanguage=/
IP: Callem.com.sa resolves to 212.12.172.85 located in Saudi Arabia
Pretends to be Scotiabank's login page. The email was sent from a domain which obviously pretends to be Scotiabank's login. I'm posting on both at the same time, maybe a mod will want to split them up. I searched for both domains here and didn't get any hits.
Hotlinked image: [img]http://mail.callem.com.sa/scotiaonline/ca/start.jsplanguage=/sol-75-phlv2.png[/img]
The email it shows up in (bold indicates a possible fake domain for another report):
| Quote: |
Delivered-To:
Received: by 10.229.186.137 with SMTP id cs9cs123371qcb;
Mon, 6 Dec 2010 11:28:57 -0800 (PST)
Received: by 10.231.34.130 with SMTP id l2mr6304469ibd.181.1291663735793;
Mon, 06 Dec 2010 11:28:55 -0800 (PST)
Return-Path: <[email protected]>
Received: from mta21.charter.net (mta21.charter.net [216.33.127.81])
by mx.google.com with ESMTP id hj39si14832751ibb.76.2010.12.06.11.28.13;
Mon, 06 Dec 2010 11:28:55 -0800 (PST)
Received-SPF: neutral (google.com: 216.33.127.81 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=216.33.127.81;
Authentication-Results: mx.google.com; spf=neutral (google.com: 216.33.127.81 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from imp09 ([10.20.200.9]) by mta21.charter.net
(InterMail vM.7.09.02.04 201-2219-117-106-20090629) with ESMTP
id <20101206192813.EGQV3705.mta21.charter.net@imp09>;
Mon, 6 Dec 2010 14:28:13 -0500
Received: from User ([97.84.147.130])
by imp09 with smtp.charter.net
id fvTz1f00E2p25xt05vU3cx; Mon, 06 Dec 2010 14:28:12 -0500
X-Authority-Analysis: v=1.0 c=1 a=Dyoqhi_TatcA:10 a=6IE0RmV4oIkA:10
a=YteiUXKBuaUA:10 a=Cfj4BQAnxiAA:10 a=lbC3vhxWAAAA:8 a=lb2m5bMLvbbGLVY98KAA:9
a=yPcANCB_iL25XRJHtgsA:7 a=C_wf--BzreTJ48PtFHRfooOTIxUA:4 a=Ft8UYL4EG9YA:10
a=OpTPbuIaOIEo3rAK:21 a=TIImVrE_yl7jiyvD:21
Message-ID: <[email protected]>
Reply-To: [email protected]
From: ScotiaBank<[email protected]>
Subject: Error in your information on file
Date: Mon, 6 Dec 2010 12:28:11 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
During our regulary schedule account maintenance and verification we have detected a slight error in your information on file with us.
This usually happens for the following reasons:
- A recent change in your personal information (i.e. change of address)
- Submitting invalid information during the initial sign up process.
- An inability to accurately verify your selected option of payment due an internal error within our processors.
Please update your information by visiting Scotiabank at:
http://mail.callem.com.sa/scotiaonline/ca/start.jsplanguage=/
If your account information is not updated, your Scotiabankl account access will be limited.
____________________________________________
You are receiving this email notification because this email address is listed as the administrative contact email for your Scotiabank account. |
The email seems to originate from Vancouver.
This site uses images hotlinked from the real scotiabank.com, yet is clearly not the real domain.
The domain that this mail comes from, scotiamedia.com, only gets 318 Google hits and contains only this boilerplate:
| Quote: |
ScotiaBankMedia.com
For more information, please contact Congo Communications at:
1-877-772-6646
or
[email protected]
© Congo Communications 2007 All Rights Reserved
|
This site resolves to 64.40.108.111 and is located in Vancouver. It seems to have been around for a long time and looks legit, but the site itself looks fishy to me. Maybe I'm just new at this.
This would be my first site kill if real, so I may need some guidance. |
_________________
I DON'T. Buy the tomatoes with. The stems. On them. They don't. Degrade. They go. Down the sink. And into the WATER. Then. They get lodged in the throats of little. OTTERS.
GYV::Tanstaafl::Abiga::Game-theory::Church-Sites 
 x 18 (10 from Tanstaafl baits)  x 5  x 2     x 2 
 SW Bait - Cl3tus Orof3 Accra->8auchi->Accra->Lagos, co-bait with Nowhere Man, Bravo, The Dane & psychicbait
insults and more
How to kill a Badger |
|
|
|
|
Lachesis
** SUSPENDED **
Joined: 01 Nov 2010
Posts: 1161
|
| Posted:
Tue Dec 07, 2010 5:05 am |
|
Don't think we handle phishing sites here.
Not sure about phishing email domains though. |
_________________
Site killer, scam baiter, shit poster.
Baiting/sitekilling numbers:
x 56  x 6  x 2  x 2 x 5  x 8 x 8  x 2  x 3    x 2  x 2   
x 21
Photo trophies x 2, Forms filled x 11, Baited domains x 9, Writing pieces x 2
"Ok i want to be addressed like felon Musa Songo." - Musa Songo
"This your transaction is giving me heart failure" - EFCC
"YOU ARE A BIG FOOL AND AN IDIOT. DO NOT EVER CONTACT ME AGAIN. YOU ANIMAL." - Kojo Smith
"STOP FOULING YOURSELF JOHN." - Rodney Lloyd |
|
|
|
|
leonsumbitches
Elite Baiter
Joined: 15 Oct 2010
Posts: 1046
Location: I'm out there, where every man wants to be
|
| Posted:
Tue Dec 07, 2010 5:12 am |
|
I didn't think so either, but coupled with the email coming from scotiamedia.com, I thought they would be a package deal. The email clearly tries to sound like it is coming from a valid domain for Scotiabank, it just happens to send the reader, perhaps bolstered by the offical-looking domain, to a phishing site. |
_________________
I DON'T. Buy the tomatoes with. The stems. On them. They don't. Degrade. They go. Down the sink. And into the WATER. Then. They get lodged in the throats of little. OTTERS.
GYV::Tanstaafl::Abiga::Game-theory::Church-Sites
x 18 (10 from Tanstaafl baits) x 5 x 2 x 2
SW Bait - Cl3tus Orof3 Accra->8auchi->Accra->Lagos, co-bait with Nowhere Man, Bravo, The Dane & psychicbait
insults and more
How to kill a Badger |
|
|
|
|
DoraTheExplorer
Baiting Guru
Joined: 18 Nov 2008
Posts: 9263
Location: Magnolia, Mississippi
|
| Posted:
Tue Dec 07, 2010 5:30 am |
|
leon, we don't do phishing emails here as the banks are better at handling those.
Forward the email with headers to: [email protected]
scotiamedia.com looks to be legit and is probably just being spoofed by the phishers. It looks like the sending IP is 97.84.147.130 which is Saginaw, MI USA
I'll mark this N/A.  |
_________________
          
             x 2714
          
 Paga John Paga Willie Paga Kingsley James
The Dynamic Duo Travels!  |
|
|
|
|
leonsumbitches
Elite Baiter
Joined: 15 Oct 2010
Posts: 1046
Location: I'm out there, where every man wants to be
|
| Posted:
Tue Dec 07, 2010 6:08 am |
|
^^^ Ah, thanks.
Sven, migraine and all, will have to wait til another day to claim a flag. |
_________________
I DON'T. Buy the tomatoes with. The stems. On them. They don't. Degrade. They go. Down the sink. And into the WATER. Then. They get lodged in the throats of little. OTTERS.
GYV::Tanstaafl::Abiga::Game-theory::Church-Sites
x 18 (10 from Tanstaafl baits) x 5 x 2 x 2
SW Bait - Cl3tus Orof3 Accra->8auchi->Accra->Lagos, co-bait with Nowhere Man, Bravo, The Dane & psychicbait
insults and more
How to kill a Badger |
|
|
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
SmartFeed
