Target:NationalCity
Date discovered:28/05/2007

 General The goal is to get the following information:
    • Bank account
    • Personal data


Phishing method:
    • URL link

 Email Details From: service.ref8030222.cm@nationalcity.com
Subject: Dear National City customer! (mess_id: **********)

Visible link: http://session-**********.nationalcity.com/corporate/onlineservices/...
Actual link: http://session-**********.nationalcity.com.userpro.io/corporate/...
IP address: 222.105.127.158


The email is designed to avoid detection from Antispam and Antiphishing. Such techniques are:
    • The Subject of the email contains random characters.
    • The Body contains invisible Text.
    • The Body of the email contains HTML content.



This screenshot is how the phishing email looks like:


 Page Details Visible URL: http://session-**********.nationalcity.com.userpro.io/corporate/...
Actual URL: http://session-**********.nationalcity.com.userpro.io/corporate/...
IP address: 222.105.127.158


The phishing page will look like the following:


Description inserted by Dominik Auerbach on 28 Mayıs 2007 Pazartesi

Geri . . . .

© 2013 Avira Operations GmbH & Co. KG. Her hakkı saklıdır.

Hesabım

https:// Bu pencere güvenlik amacıyla şifrelenmiştir.