Target:Elevations Credit Union
Date discovered:13/07/2006

 General The goal is to get the following information:
    • Bank account
    • Credit card
    • Personal data


Phishing method:
    • URL link

 Email Details From: uofcfcuonline@bank.uofcfcu.com
Subject: U of C Federal Credit Union Notification

Visible link: https://bank.uofcfcu.com/UOFCFCU/Login.aspx
Actual link: http://www.google.com/url?sa=U&start=4&q=http://fredagspils.no/Login/...
IP address: 195.159.38.107


The email is designed to avoid detection from Antispam and Antiphishing. The technique is:
    • The Body of the email contains HTML content.


The phishing page contains the following trick:
    • Link redirection by means of a well known domain name



This screenshot is how the phishing email looks like:


 Page Details Visible URL: http://fredagspils.no/Login/bank.uofcfcu.com/UOFCFCU/login.php?_nfpb=true
Actual URL: http://fredagspils.no/Login/bank.uofcfcu.com/UOFCFCU/login.php?_nfpb=true
IP address: 195.159.38.107


The phishing page will look like the following:



Description inserted by Dominik Auerbach on Friday, July 14, 2006

Back . . . .