Target:TIB
Date discovered:25/06/2006

 General The goal is to get the following information:
    • Credit card
    • Personal data


Phishing method:
    • URL link

 Email Details From: security@tibsite.com
Subject: Resolution Center: Your account is limited. (Your case ID for this reason is...

Visible link: https://atl01.seba.com/webconnect.nsf/loginpage?openform&RTN=90021234;
Actual link: http://219-84-119-16-adsl-tan.static.so-net.net.tw/im/loginpage.htm
IP address: 219.84.119.16


The email is designed to avoid detection from Antispam and Antiphishing. Such techniques are:
    • The Subject of the email contains random characters.
    • The Body of the email contains random characters.
    • The Body of the email contains HTML content.



This screenshot is how the phishing email looks like:


 Page Details Visible URL: http://sebam.us/webconnectnsf/loginpage.htm?openform&RTN=90021234
Actual URL: http://sebam.us/webconnectnsf/loginpage.htm?openform&RTN=90021234
IP address: 68.142.212.96


The phishing page will look like the following:


Description inserted by Dominik Auerbach on Sunday, June 25, 2006
Description updated by Dominik Auerbach on Sunday, June 25, 2006

Back . . . .