BNZ phishing scam warning

Discussion in 'NZ Computing' started by Peter Huebner, Jun 7, 2006.

  1. I just got an email purporting to be from BNZ technical services - looks damn
    impressively authentic with the stationery used.

    The fact that it didn't even show my valid email address on the to: line was a
    bit of a giveaway though :)

    cheers, -Peter

    --
    =========================================
    firstname dot lastname at gmail fullstop com
     
    Peter Huebner, Jun 7, 2006
    #1
    1. Advertising

  2. Peter Huebner

    Matty F Guest

    Peter Huebner wrote:
    > I just got an email purporting to be from BNZ technical services - looks damn
    > impressively authentic with the stationery used.
    >
    > The fact that it didn't even show my valid email address on the to: line was a
    > bit of a giveaway though :)


    I am unable to find out the IP address where the link goes to.
    Does anyone know of a site that can tell that?
    http://www.dnsstuff.com/ can't find it.

    Replace "dubdubdubdot" with "www." but don't go there!
    http://dubdubdubdot
    bnz.co.nz.intenet_banking.customer.care.goverkk.biz/r1/upgrade/
     
    Matty F, Jun 7, 2006
    #2
    1. Advertising

  3. Peter Huebner

    thingy Guest

    Peter Huebner wrote:
    > I just got an email purporting to be from BNZ technical services - looks damn
    > impressively authentic with the stationery used.
    >
    > The fact that it didn't even show my valid email address on the to: line was a
    > bit of a giveaway though :)
    >
    > cheers, -Peter
    >


    not to mention a mouse over the URL showed it as .biz

    Interesting that scammers consider NZ big enough to be worth
    targetting.............

    regards

    Thing
     
    thingy, Jun 7, 2006
    #3
  4. Peter Huebner

    Nik Coughlin Guest

    Matty F wrote:
    > Peter Huebner wrote:
    >> I just got an email purporting to be from BNZ technical services -
    >> looks damn impressively authentic with the stationery used.
    >>
    >> The fact that it didn't even show my valid email address on the to:
    >> line was a bit of a giveaway though :)

    >
    > I am unable to find out the IP address where the link goes to.


    81.215.229.191

    Apparently in Turkey.
     
    Nik Coughlin, Jun 7, 2006
    #4
  5. Peter Huebner

    Rebel Guest

    Matty F wrote:

    > Peter Huebner wrote:
    >> I just got an email purporting to be from BNZ technical services - looks
    >> damn impressively authentic with the stationery used.
    >>
    >> The fact that it didn't even show my valid email address on the to: line
    >> was a bit of a giveaway though :)

    >
    > I am unable to find out the IP address where the link goes to.
    > Does anyone know of a site that can tell that?
    > http://www.dnsstuff.com/ can't find it.
    >
    > Replace "dubdubdubdot" with "www." but don't go there!
    > http://dubdubdubdot
    > bnz.co.nz.intenet_banking.customer.care.goverkk.biz/r1/upgrade/



    http://toolbar.netcraft.com/site_re....nz.intenet_banking.customer.care.goverkk.biz


    should give you the details.
     
    Rebel, Jun 7, 2006
    #5
  6. Peter Huebner

    none Guest

    > I am unable to find out the IP address where the link goes to.
    > Does anyone know of a site that can tell that?
    > http://www.dnsstuff.com/ can't find it.
    >
    > Replace "dubdubdubdot" with "www." but don't go there!
    > http://dubdubdubdot
    > bnz.co.nz.intenet_banking.customer.care.goverkk.biz/r1/upgrade/


    Looks like the goverkk.biz domain is no longer being delegated at the
    root servers.
     
    none, Jun 7, 2006
    #6
  7. Peter Huebner

    Matty F Guest

    Matty F wrote:

    > Peter Huebner wrote:
    >
    >> I just got an email purporting to be from BNZ technical services -
    >> looks damn impressively authentic with the stationery used.
    >> The fact that it didn't even show my valid email address on the to:
    >> line was a bit of a giveaway though :)

    >
    >
    > I am unable to find out the IP address where the link goes to.


    Never mind. The latest link goes to:
    Domain Name: CATNDOG.US
    Domain ID: D10227527-US
    Domain Registration Date: Tue Jun 06 20:15:32 GMT 2006
     
    Matty F, Jun 7, 2006
    #7
  8. "thingy" <> wrote in message
    news:...
    > Peter Huebner wrote:
    >> I just got an email purporting to be from BNZ technical services - looks
    >> damn impressively authentic with the stationery used. The fact that it
    >> didn't even show my valid email address on the to: line was a bit of a
    >> giveaway though :)
    >>
    >> cheers, -Peter
    >>

    >
    > not to mention a mouse over the URL showed it as .biz
    >
    > Interesting that scammers consider NZ big enough to be worth
    > targetting.............
    >
    > regards
    >
    > Thing
    >
    >
    >


    It's a numbers game... 100,000 phishing emails x 1% strike rate x $1000 per
    victim = $1,000,000. Even if it's 100th of that amount the return (i.e.
    $10,000) on investment (domain registration + mailing list + web site dev +
    hosting) is still a good one. For the record, IE7 flagged this as a known
    phishing site just after Peter's original post appeared so it looks like a
    number of users reported it early on.

    Brett Roberts
    Microsoft NZ
     
    Brett Roberts, Jun 7, 2006
    #8
  9. Peter Huebner

    Richard Guest

    Peter Huebner wrote:
    > I just got an email purporting to be from BNZ technical services - looks damn
    > impressively authentic with the stationery used.
    >
    > The fact that it didn't even show my valid email address on the to: line was a
    > bit of a giveaway though :)


    .... So what?
     
    Richard, Jun 7, 2006
    #9
  10. Peter Huebner

    SchoolTech Guest

    Brett Roberts wrote:
    > "thingy" <> wrote in message
    > news:...
    >> Peter Huebner wrote:
    >>> I just got an email purporting to be from BNZ technical services - looks
    >>> damn impressively authentic with the stationery used. The fact that it
    >>> didn't even show my valid email address on the to: line was a bit of a
    >>> giveaway though :)
    >>>
    >>> cheers, -Peter
    >>>

    >> not to mention a mouse over the URL showed it as .biz
    >>
    >> Interesting that scammers consider NZ big enough to be worth
    >> targetting.............
    >>
    >> regards
    >>
    >> Thing
    >>
    >>
    >>

    >
    > It's a numbers game... 100,000 phishing emails x 1% strike rate x $1000 per
    > victim = $1,000,000. Even if it's 100th of that amount the return (i.e.
    > $10,000) on investment (domain registration + mailing list + web site dev +
    > hosting) is still a good one. For the record, IE7 flagged this as a known
    > phishing site just after Peter's original post appeared so it looks like a
    > number of users reported it early on.
    >
    > Brett Roberts
    > Microsoft NZ


    Our spam filtering system flagged it for some of our users, that's the
    first I knew of it.
     
    SchoolTech, Jun 9, 2006
    #10
  11. On Fri, 09 Jun 2006 17:28:54 +1200, SchoolTech wrote:

    > Brett Roberts wrote:
    >> "thingy" <> wrote in message
    >> news:...
    >>> Peter Huebner wrote:
    >>>> I just got an email purporting to be from BNZ technical services - looks
    >>>> damn impressively authentic with the stationery used. The fact that it
    >>>> didn't even show my valid email address on the to: line was a bit of a
    >>>> giveaway though :)
    >>>>
    >>>> cheers, -Peter
    >>>>
    >>> not to mention a mouse over the URL showed it as .biz
    >>>
    >>> Interesting that scammers consider NZ big enough to be worth
    >>> targetting.............
    >>>
    >>> regards
    >>>
    >>> Thing
    >>>
    >>>
    >>>

    >>
    >> It's a numbers game... 100,000 phishing emails x 1% strike rate x $1000 per
    >> victim = $1,000,000. Even if it's 100th of that amount the return (i.e.
    >> $10,000) on investment (domain registration + mailing list + web site dev +
    >> hosting) is still a good one. For the record, IE7 flagged this as a known
    >> phishing site just after Peter's original post appeared so it looks like a
    >> number of users reported it early on.
    >>
    >> Brett Roberts
    >> Microsoft NZ

    >
    > Our spam filtering system flagged it for some of our users, that's the
    > first I knew of it.


    Got right throught where I work and they hadn't even changed the local DNS
    server/routing to block the website.......
     
    wogers nemesis, Jun 9, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wimbo
    Replies:
    3
    Views:
    1,518
    winged
    Feb 17, 2005
  2. Ivor Jones

    Sipgate Phishing scam found

    Ivor Jones, Mar 29, 2007, in forum: UK VOIP
    Replies:
    13
    Views:
    884
    Desk Rabbit
    Mar 31, 2007
  3. Bruce Sinclair

    BNZ Internet banking

    Bruce Sinclair, May 24, 2004, in forum: NZ Computing
    Replies:
    23
    Views:
    4,265
  4. Who Am I

    ANZ target of phishing scam

    Who Am I, Feb 16, 2006, in forum: NZ Computing
    Replies:
    0
    Views:
    338
    Who Am I
    Feb 16, 2006
  5. Mutlley
    Replies:
    9
    Views:
    395
    alastair.geek.nz
    Jun 10, 2006
Loading...

Share This Page