Phishing E-Mail

If you have been defrauded, or suspect some fraud, that is NOT escrow related, then please air your comments here. The more that's here, the more people can be informed.

Moderators: georg, suziecue, JaxHot

Phishing E-Mail

Postby thecleaner » Thu Jan 20, 2005 2:11 pm

Phishing E-Mail

Here?s an example of a Phishing E-mail I received this and My SPAM filters immediately placed it into my SPAM Folders After further research here is what I found.
The Body of the E-Mail was an Image with the following code attached.
_____________________________________________________________
map name=\"FPMap0\" area coords=\"0, 0, 639, 336\" shape=\"rect\" href=\"http://217.99.151.231:87/s/index.htm\" /map img src=\"/gmail?view=att&disp=attd&attid=0.1&th=1018f4dc27947de6\" border=\"0\" /a /font /p p font color=\"#FFFFF1\" as well as Leonardo Di Caprio in 1817 Majora\'s Mask Congress to /font /p
_________________________________________________
The image was made to look like TEXT with a link in the middle the Image can be seen at http://www.thecleanerpc.com/phishing.htm
After looking at the source notice the words?.
______________________________________________________________________
as well as Leonardo Di Caprio in 1817 Majora\'s Mask Congress to
______________________________________________________________________
Most Phishing E-Mails have these attched in some way and are considered some sort of Code Or Lexicon.

Also notice the href of the Image Map points to an IP address. This is in fact the true IP address where the Image will take you to when clicked ?..Although the Picture indicates it goes to Smith Barney.

An Internic Lookup of the IP address revealed a Company in Amsterdam

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 217.0.0.0 - 217.255.255.255
CIDR: 217.0.0.0/8
NetName: 217-RIPE
NetHandle: NET-217-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: AUTH00.NS.UU.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2000-06-05
Updated: 2004-03-16

This is a breakdown of the Phishing e-mail and gives you an idea of what to look for.

Remember the first thing to look at is if you have an account with the company in question. If you do have an account with the bank or company in question, GO to there Web Site by typing the URL in your address bar and then attempt to contact them directly. DO NOT CLICK ON ANY IMAGE OR LINK THAT COMES IN YOUR E-MAIL.
thecleaner
Infant
 
Posts: 7
Joined: Tue Jan 11, 2005 5:01 pm
Location: Tampa Florida

Return to Other internet Frauds and Scams

Who is online

Users browsing this forum: No registered users and 4 guests

cron