Headsup!! ANZ phishing spam :-(

Discussion in 'NZ Computing' started by Adam, Mar 23, 2006.

  1. Adam

    Adam Guest

    I've just been spammed by a not very convincing e-mail that appears to
    come from "support_ref_ [daft number here] at anz.com".

    The attached gif image tries to send you to:

    http _www.anz.com.inetbankmain.isapdl.com_a_.htm

    but shows in the gif as:

    https://wwwDOTanzDOTcom/inetbank/bankmain/custdetailsconfirmation/do.asp

    (DOTS replaced in case someone clicks the link here).

    The usual "software upgrade" - we wish you to confirm your bank
    details!

    Grrrrrrrrrrrrrrrrrrrrrrrr ...

    Adam.
     
    Adam, Mar 23, 2006
    #1
    1. Advertising

  2. Adam

    Matty F Guest

    Adam wrote:
    > I've just been spammed by a not very convincing e-mail that appears to
    > come from "support_ref_ [daft number here] at anz.com".
    >
    > The attached gif image tries to send you to:
    >
    > http _www.anz.com.inetbankmain.isapdl.com_a_.htm
    >
    > but shows in the gif as:
    >
    > https://wwwDOTanzDOTcom/inetbank/bankmain/custdetailsconfirmation/do.asp
    >
    > (DOTS replaced in case someone clicks the link here).
    >
    > The usual "software upgrade" - we wish you to confirm your bank
    > details!
    >
    > Grrrrrrrrrrrrrrrrrrrrrrrr ...


    Yes I just got five of them. The last 3 were labelled by xtra as
    [SPAM]. Why doesn't a Whois work on that URL?
     
    Matty F, Mar 23, 2006
    #2
    1. Advertising

  3. Adam

    Brendon Guest

    Yeh, got mine this morning - great - nearly clicked on it....considering I
    am not a member of ANZ bank....I don't think so!
    :)

    twats!!

    "Matty F" <> wrote in message
    news:U3DUf.8192$...
    > Adam wrote:
    >> I've just been spammed by a not very convincing e-mail that appears to
    >> come from "support_ref_ [daft number here] at anz.com".
    >>
    >> The attached gif image tries to send you to:
    >>
    >> http _www.anz.com.inetbankmain.isapdl.com_a_.htm
    >>
    >> but shows in the gif as:
    >>
    >> https://wwwDOTanzDOTcom/inetbank/bankmain/custdetailsconfirmation/do.asp
    >>
    >> (DOTS replaced in case someone clicks the link here).
    >>
    >> The usual "software upgrade" - we wish you to confirm your bank
    >> details!
    >>
    >> Grrrrrrrrrrrrrrrrrrrrrrrr ...

    >
    > Yes I just got five of them. The last 3 were labelled by xtra as [SPAM].
    > Why doesn't a Whois work on that URL?
    >
     
    Brendon, Mar 23, 2006
    #3
  4. Adam

    Guest

    Received and spamcopped
     
    , Mar 23, 2006
    #4
  5. Matty F wrote:
    > Adam wrote:
    >> I've just been spammed by a not very convincing e-mail that appears to
    >> come from "support_ref_ [daft number here] at anz.com".
    >>
    >> The attached gif image tries to send you to:
    >>
    >> http _www.anz.com.inetbankmain.isapdl.com_a_.htm
    >>
    >> but shows in the gif as:
    >>
    >> https://wwwDOTanzDOTcom/inetbank/bankmain/custdetailsconfirmation/do.asp
    >>
    >> (DOTS replaced in case someone clicks the link here).
    >>
    >> The usual "software upgrade" - we wish you to confirm your bank
    >> details!
    >>
    >> Grrrrrrrrrrrrrrrrrrrrrrrr ...

    >
    > Yes I just got five of them. The last 3 were labelled by xtra as [SPAM].
    > Why doesn't a Whois work on that URL?
    >


    Interesting question.

    ANZ are reported on Radio NZ news as having "shut down the illegal website" so
    perhaps they've had it clobbered at the whois level.

    However it's still in the DNS via paradise (whois results follow in order) :

    > www.anz.com.inetbankmain.isapdlls.net has address 24.11.143.205
    > www.anz.com.inetbankmain.isapdlls.net has address 66.65.19.24
    > www.anz.com.inetbankmain.isapdlls.net has address 67.189.241.161
    > www.anz.com.inetbankmain.isapdlls.net has address 69.76.88.225
    > www.anz.com.inetbankmain.isapdlls.net has address 69.245.111.39
    > ==============================================================================
    >
    > OrgName: Road Runner
    > OrgID: RRNY
    > Address: 13241 Woodland Park Road
    > City: Herndon
    > StateProv: VA
    > PostalCode: 20171
    > Country: US
    >
    > ReferralServer: rwhois://ipmt.rr.com:4321
    >
    > NetRange: 66.65.0.0 - 66.65.255.255
    > CIDR: 66.65.0.0/16
    > NetName: RR-NYC-1BLK
    > NetHandle: NET-66-65-0-0-1
    > Parent: NET-66-0-0-0-0
    > NetType: Direct Allocation
    > NameServer: DNS1.RR.COM
    > NameServer: DNS2.RR.COM
    > NameServer: DNS3.RR.COM
    > NameServer: DNS4.RR.COM
    > Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
    > RegDate: 2001-01-19
    > Updated: 2002-11-25
    >
    > RTechHandle: ZS30-ARIN
    > RTechName: ServiceCo LLC
    > RTechPhone: +1-703-345-3416
    > RTechEmail:
    >
    > OrgAbuseHandle: ABUSE10-ARIN
    > OrgAbuseName: Abuse
    > OrgAbusePhone: +1-703-345-3416
    > OrgAbuseEmail:
    >
    > OrgTechHandle: IPTEC-ARIN
    > OrgTechName: IP Tech
    > OrgTechPhone: +1-703-345-3416
    > OrgTechEmail:
    >
    > # ARIN WHOIS database, last updated 2006-03-22 19:10
    > # Enter ? for additional hints on searching ARIN's WHOIS database.
    >
    >
    > Found a referral to ipmt.rr.com:4321.
    >
    > %rwhois V-1.5:003fff:00 ipmt-01.rr.com (by Network Solutions, Inc. V-1.5.7.3)
    > network:Class-Name:network
    > network:ID:NETBLK-isrr-66.65.16.0-21
    > network:Auth-Area:66.65.16.0/21
    > network:Network-Name:isrr-66.65.16.0
    > network:IP-Network:66.65.16.0/21
    > network:IP-Network-Block:66.65.16.0 - 66.65.23.255
    > network:Organization;I:Road Runner
    > network:Tech-Contact;I:
    > network:Admin-Contact;I:IPADD-ARIN
    > network:Created:20060323
    > network:Updated:20060323
    > network:Updated-By:
    >
    > network:Class-Name:network
    > network:ID:NETBLK-ISRR-66.65.0.0/17
    > network:Auth-Area:66.65.0.0/17
    > network:Network-Name:ISRR-66.65.0.0
    > network:IP-Network:66.65.0.0/17
    > network:IP-Network-Block:66.65.0.0 - 66.65.127.255
    > network:Organization;I:Road Runner
    > network:Tech-Contact;I:
    > network:Admin-Contact;I:IPADD-ARIN
    > network:Created:20060323
    > network:Updated:20060323
    > network:Updated-By:
    >
    > %ok
    > ==============================================================================
    > Comcast Cable Communications, IP Services ATT-COMCAST (NET-67-160-0-0-1)
    > 67.160.0.0 - 67.191.255.255
    > Comcast Cable Communications, Inc. BOSTON-9 (NET-67-189-128-0-1)
    > 67.189.128.0 - 67.189.255.255
    >
    > # ARIN WHOIS database, last updated 2006-03-22 19:10
    > # Enter ? for additional hints on searching ARIN's WHOIS database.
    > ==============================================================================
    >
    > OrgName: Road Runner
    > OrgID: RRWE
    > Address: 13241 Woodland Park Road
    > City: Herndon
    > StateProv: VA
    > PostalCode: 20171
    > Country: US
    >
    > ReferralServer: rwhois://ipmt.rr.com:4321
    >
    > NetRange: 69.75.0.0 - 69.76.255.255
    > CIDR: 69.75.0.0/16, 69.76.0.0/16
    > NetName: RRWE
    > NetHandle: NET-69-75-0-0-1
    > Parent: NET-69-0-0-0-0
    > NetType: Direct Allocation
    > NameServer: DNS1.RR.COM
    > NameServer: DNS2.RR.COM
    > NameServer: DNS3.RR.COM
    > NameServer: DNS4.RR.COM
    > Comment:
    > RegDate: 2003-09-08
    > Updated: 2004-05-03
    >
    > OrgAbuseHandle: ABUSE10-ARIN
    > OrgAbuseName: Abuse
    > OrgAbusePhone: +1-703-345-3416
    > OrgAbuseEmail:
    >
    > OrgTechHandle: IPTEC-ARIN
    > OrgTechName: IP Tech
    > OrgTechPhone: +1-703-345-3416
    > OrgTechEmail:
    >
    > # ARIN WHOIS database, last updated 2006-03-22 19:10
    > # Enter ? for additional hints on searching ARIN's WHOIS database.
    >
    >
    > Found a referral to ipmt.rr.com:4321.
    >
    > %rwhois V-1.5:003fff:00 ipmt-01.rr.com (by Network Solutions, Inc. V-1.5.7.3)
    > network:Class-Name:network
    > network:ID:NETBLK-isrr-69.76.88.0-21
    > network:Auth-Area:69.76.88.0/21
    > network:Network-Name:isrr-69.76.88.0
    > network:IP-Network:69.76.88.0/21
    > network:IP-Network-Block:69.76.88.0 - 69.76.95.255
    > network:Organization;I:Road Runner
    > network:Tech-Contact;I:
    > network:Admin-Contact;I:IPADD-ARIN
    > network:Created:20060323
    > network:Updated:20060323
    > network:Updated-By:
    >
    > network:Class-Name:network
    > network:ID:NETBLK-ISRR-69.76.0.0/16
    > network:Auth-Area:69.76.0.0/16
    > network:Network-Name:ISRR-69.76.0.0
    > network:IP-Network:69.76.0.0/16
    > network:IP-Network-Block:69.76.0.0 - 69.76.255.255
    > network:Organization;I:Road Runner
    > network:Tech-Contact;I:
    > network:Admin-Contact;I:IPADD-ARIN
    > network:Created:20060323
    > network:Updated:20060323
    > network:Updated-By:
    >
    > %ok
    > ==============================================================================
    > Comcast Cable Communications, Inc. JUMPSTART-4 (NET-69-240-0-0-1)
    > 69.240.0.0 - 69.255.255.255
    > Comcast Cable Communications, Inc MICHIGAN-17 (NET-69-245-64-0-1)
    > 69.245.64.0 - 69.245.127.255
    >
    > # ARIN WHOIS database, last updated 2006-03-22 19:10
    > # Enter ? for additional hints on searching ARIN's WHOIS database.
    > ==============================================================================
    > Comcast Cable Communications, IP Services EASTERNSHORE-1 (NET-24-0-0-0-1)
    > 24.0.0.0 - 24.15.255.255
    > Comcast Cable Communications MICHIGAN-G-5 (NET-24-11-128-0-1)
    > 24.11.128.0 - 24.11.143.255
    >
    > # ARIN WHOIS database, last updated 2006-03-22 19:10
    > # Enter ? for additional hints on searching ARIN's WHOIS database.
    > ==============================================================================
     
    Mark Robinson, Mar 23, 2006
    #5
  6. Adam

    k Guest

    wrote:
    > Received and spamcopped
    >


    Thunderbird's built in spam detection managed to catch this one pretty
    well for me :)
     
    k, Mar 24, 2006
    #6
  7. Adam

    Mutlley Guest

    k <> wrote:

    > wrote:
    >> Received and spamcopped
    >>

    >
    >Thunderbird's built in spam detection managed to catch this one pretty
    >well for me :)


    Been getting these things all day. Don't even have an ANZ account.
    Fortunately our exchange server puts them in the spam folder.
     
    Mutlley, Mar 24, 2006
    #7
  8. Adam

    Adam Guest

    On Fri, 24 Mar 2006 14:48:12 +1200, k wrote:

    > wrote:
    >> Received and spamcopped
    >>

    >
    >Thunderbird's built in spam detection managed to catch this one pretty
    >well for me :)


    Hmmm - my TB seems to let them in :-(( - I've received them from about
    5 different "pseudo" addresses now.

    Any general hints as to where/how my spam filter is (mis)configured)?

    Adam.
     
    Adam, Mar 24, 2006
    #8
  9. Adam

    Ross Guest

    On Fri, 24 Mar 2006 01:16:42 +1200, Adam wrote:

    >I've just been spammed by a not very convincing e-mail that appears to
    >come from "support_ref_ [daft number here] at anz.com".
    >
    >The attached gif image tries to send you to:
    >
    >http _www.anz.com.inetbankmain.isapdl.com_a_.htm
    >
    >but shows in the gif as:
    >
    >https://wwwDOTanzDOTcom/inetbank/bankmain/custdetailsconfirmation/do.asp
    >
    >(DOTS replaced in case someone clicks the link here).
    >
    >The usual "software upgrade" - we wish you to confirm your bank
    >details!
    >
    >Grrrrrrrrrrrrrrrrrrrrrrrr ...
    >
    >Adam.


    Followed the link and put in details for them.
    Unfortunately, if they try them they aren't going to get into my
    account :)
     
    Ross, Mar 24, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. blah

    Best Spam / Phishing Filter

    blah, Dec 18, 2006, in forum: Computer Security
    Replies:
    7
    Views:
    524
  2. Who Am I

    ANZ target of phishing scam

    Who Am I, Feb 16, 2006, in forum: NZ Computing
    Replies:
    0
    Views:
    357
    Who Am I
    Feb 16, 2006
  3. Robin Halligan

    spam? phishing? whats it doing?

    Robin Halligan, Nov 4, 2006, in forum: NZ Computing
    Replies:
    4
    Views:
    606
    Who Am I
    Nov 6, 2006
  4. Collector»NZ

    Telescum Spam or Phishing

    Collector»NZ, Jun 28, 2007, in forum: NZ Computing
    Replies:
    6
    Views:
    351
    Collector»NZ
    Jun 30, 2007
  5. Theo Markettos

    Betamax phishing/spam

    Theo Markettos, Sep 9, 2010, in forum: UK VOIP
    Replies:
    1
    Views:
    801
    Graham.
    Sep 9, 2010
Loading...

Share This Page