Need help? Ask the community or hire an expert.
Go to Avira Answers
Target:First National Bank
Date discovered:31/07/2006

 General The goal is to get the following information:
     Bank account
     Credit card


Phishing method:
     URL link

 Email Details From: security@infosyssec.com
Subject: Re: Credit Card - Temporaly suspend

Visible link: https://businessconnex.fnbsf.com/PBI_PBI1961/pbi1961.asp?Rt=...
Actual link: http://rds.yahoo.com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;_ylu=...
IP address: 203.199.135.47


The email is designed to avoid detection from Antispam and Antiphishing. The technique is:
     The Body of the email contains HTML content.


The phishing page contains the following trick:
     Link redirection by means of a well known domain name



This screenshot is how the phishing email looks like:


 Page Details Visible URL: http://203.199.135.47/FirstNationalBank/
Actual URL: http://203.199.135.47/FirstNationalBank/
IP address: 203.199.135.47


The phishing page will look like the following:



Description inserted by Dominik Auerbach on Monday, July 31, 2006

Back . . . .