Need help? Ask the community or hire an expert.
Go to Avira Answers
Target:Flagstar Bank
Date discovered:03/08/2006

 General The goal is to get the following information:
    • Bank account
    • Credit card


Phishing method:
    • 'text' link

 Email Details From: ozzjq@omega314.co.uk
Subject: NOTICE FROM Flagstar Corp.

Visible link: Renew Now
Actual link: http://rds.yahoo.com/S=44831148:D1/CS=44831148/SS=44831166/...
IP address: 65.15.22.235


The email is designed to avoid detection from Antispam and Antiphishing. Such techniques are:
    • The Body of the email contains random characters.
    • The Body of the email contains HTML content.


The phishing page contains the following trick:
    • Link redirection by means of a well known domain name



This screenshot is how the phishing email looks like:


 Page Details Visible URL: http://65.15.22.235:84/page/flagonlinebanking/index.php
Actual URL: http://65.15.22.235:84/page/flagonlinebanking/index.php
IP address: 65.15.22.235


The phishing page will look like the following:




Description inserted by Dominik Auerbach on Thursday, August 3, 2006

Back . . . .