Need help? Ask the community or hire an expert.
Go to Avira Answers
Target:NationalCity
Date discovered:28/05/2007

 General The goal is to get the following information:
     Bank account
     Personal data


Phishing method:
     URL link

 Email Details From: service.ref8030222.cm@nationalcity.com
Subject: Dear National City customer! (mess_id: **********)

Visible link: http://session-**********.nationalcity.com/corporate/onlineservices/...
Actual link: http://session-**********.nationalcity.com.userpro.io/corporate/...
IP address: 222.105.127.158


The email is designed to avoid detection from Antispam and Antiphishing. Such techniques are:
     The Subject of the email contains random characters.
     The Body contains invisible Text.
     The Body of the email contains HTML content.



This screenshot is how the phishing email looks like:


 Page Details Visible URL: http://session-**********.nationalcity.com.userpro.io/corporate/...
Actual URL: http://session-**********.nationalcity.com.userpro.io/corporate/...
IP address: 222.105.127.158


The phishing page will look like the following:


설명 삽입자 Dominik Auerbach   2007년 5월 28일 월요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.