[vox] [OT Fwd] US Bank Phishing Scam Hosted at 217.76.130.108 [Davis, CA?]

Bill Kendrick nbs at sonic.net
Sun Jul 18 16:40:54 PDT 2004


Donald asked me to forward this to 'vox'

---- Forwarded message from Donald Childs -----

Date: Sat, 17 Jul 2004 17:48:20 -0700
From: "Donald Childs"
Subject: FW: US Bank Phishing Scam Hosted at 217.76.130.108
To: <nbs at sonic.net>

Bill Kendrick:

I used to be on the lugod vox-general list, and thought I'd share this email
with you since it has a Davis, CA element to it, and the LUGOD community
might contain an employee who would want to know about this.

The attached message, a US Bank phishing scam hosted out of Spain, emanated
from a Cedant Web Hosting mail server,
from 66.175.0.4 (http://www.broadbandreports.com/whois/66.175.0.4) which
according to the whois, is at 216 F Street #49.

www.cedant.com shows a 530 area code fax number for sales and support on
their contacts page:
http://cedant.com/contact/contact_form.html

Below my sig is the email I sent US Bank. I have forwarded the US Bank
message and the phishing message to Cedant as well. Thought the LUGODers
might find this interesting.

Take Care,

Donald Childs
PS: if you send this on to the list, please remove or munge my email addy.

______________________________________________________
Donald Childs 01110011 01100011 01110101 01110000 01110000 01100101 01110010
PGP Info
http://www.scupper.net/pgp

My PGP Fingerprint:
http://pgp.mit.edu:11371/pks/lookup?search=donald+childs&op=index&fingerprin
t=on

  A102 0F7F 49F2 AD49 9230 5341 1724 BF93 3C85 F1D7

My PGP (Armored) Public Key 0x3C85F1D7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3C85F1D7

  dchilds.asc =>  http://www.scupper.net/pgp/dchilds.asc
______________________________________________________


> -----Original Message-----
> From: Donald Childs
> Sent: Saturday, July 17, 2004 5:26 PM
> To: fraud_help at usbank.com
> Subject: US Bank Phishing Scam Hosted at 217.76.130.108
>
>
> US Bank Fraud Unit:
>
> I am not a customer of US Bank, but I have received the attached
> email from one of my email accounts, and I report all phishing
> emails I receive.
>
> I received the attached message which contains a link to:
> https://www4.usbank.com/internetBanking/RequestRouter?requestCmdId
> =DisplayLoginPage
>
> Which is actually:
> http://www.usbanksecure.com/internetBanking/RequestRouter/DisplayL
> oginPage/login.html
>
> IP address :217.76.130.108
> whois:
> http://www.ripe.net/perl/whois?form_type=simple&full_query_string=
> &searchtext=217.76.130.108&do_search=Search
>
> Hosting Provider:
> www.arsys.es
>
> The email server, cedant3.abac.com [66.175.0.4]
> (whois for "Received" IP address in message header:
> http://www.broadbandreports.com/whois/66.175.0.4 )
>
> Email provider: Cedant Web Hosting
>
> I have also reported it to the Anti-Phishing Working Group.
>
> Q & As:
> *** Do you have an account relationship with U.S. Bank?
> No, I do not have an account with US Bank
>
> ***Have you recently enrolled for U.S. Bank Internet Banking or
> Internet Bill Pay?
> No, I have not.
>
> ***What Internet Service Provider (ISP) do you use?
> I use SBC DSL for connectivity and Interland for hosting and email
> The message attached was sent to my former hosting/email account
> with Hurricane Electric www.he.net
>
> ***What type of connection do you use to access the Internet?
> Cable, dialup, DSL or other?
> DSL via a wireless NAT router
>
> ***Do you have a firewall installed on your Personal Computer?
> Yes I do, Zone Alarm Pro
>
> ______________________________________________________
> Donald Childs 01110011 01100011 01110101 01110000 01110000
> 01100101 01110010
> PGP Info
> http://www.scupper.net/pgp
>
> My PGP Fingerprint:
> http://pgp.mit.edu:11371/pks/lookup?search=donald+childs&op=index&
fingerprint=on

  A102 0F7F 49F2 AD49 9230 5341 1724 BF93 3C85 F1D7

My PGP (Armored) Public Key 0x3C85F1D7
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3C85F1D7

  dchilds.asc =>  http://www.scupper.net/pgp/dchilds.asc
______________________________________________________

Date: Tue, 29 Jun 2004 03:21:32 -0700
From: <CustomerService at usbank.com>
Subject: U.S. Bank Verification
To: <dchilds at rcinfohouse.com>



----- End forwarded message -----

-bill!


More information about the vox mailing list