We received a bunch for Royal Bank of Canada accounts as well this week, trying to take advantage of the major software glitch RB experienced last week no doubt.
Richard Edge Senior Systems Administrator Technology Services Department TRINITY WESTERN UNIVERSITY Voice: 604-513-2089 E-mail: [EMAIL PROTECTED] WWW: http://www.twu.ca/technology -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Tuesday, June 08, 2004 2:23 PM To: Kami Razvan Subject: Re: [Declude.JunkMail] Phishing attempt- site is live We've had this one in Sniffer for a while. They were originally going after Sun Trust: Rule ID - 99546 Created - 2004-03-22 >From Source - http://200.97.91. Rule Type - Numbered Link Origin - Spam Trap Original Rule Name - suntrust phishing Current Strength - 2.68760205 _M On Tuesday, June 8, 2004, 4:11:28 PM, Kami wrote: KR> Hi; KR> The site is live.. a definite phishing attempt. KR> � KR> http://200.97.91.210/citi/";>Activate KR> � KR> Regards, KR> Kami KR> =========================== KR> � KR> Received: from 82-33-98-143.cable.ubr10.azte.blueyonder.co.uk KR> [82.33.98.143] by foroosh.com KR> � (SMTPD32-8.11) id A0842A350272; Tue, 08 Jun 2004 14:08:04 -0400 KR> Received: from 50.106.132.64 by 82.33.98.143; Tue, 08 Jun 2004 KR> 13:00:46 -0600 KR> Message-ID: <[EMAIL PROTECTED]> KR> From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> KR> Reply-To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> KR> To: ********************* KR> Subject: [35~]Activate Bill Pay KR> Date: Tue, 08 Jun 2004 20:05:46 +0100 KR> MIME-Version: 1.0 KR> Content-Type: multipart/alternative; KR> �boundary="--23927787921753605107" KR> X-Originating-IP: 12.5.20.80 KR> X-RBL-Warning: IPNOTINMX: KR> X-RBL-Warning: NOLEGITCONTENT: No content unique to legitimate E-mail detected. KR> X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. KR> X-RBL-Warning: FIVETEN-SPAM: KR> 143.98.33.82.blackholes.five-ten-sg.com. KR> X-RBL-Warning: NOABUSE: "Not supporting [EMAIL PROTECTED]" KR> X-RBL-Warning: BROADBAND: Message failed BROADBAND test (line 236, KR> weight 9) KR> X-RBL-Warning: COUNTRY: Message failed COUNTRY test (line 221, KR> weight 1) KR> X-RBL-Warning: IPLINKED: Message failed IPLINKED test (line 187, KR> weight 13) KR> X-Declude-Sender: [EMAIL PROTECTED] [82.33.98.143] KR> X-Declude-Spoolname: D00832a350272ffb3.SMD KR> X-Note: KR> ================================================================== KR> X-Note: Spam Score: 35 [BLOCKED ON 20+ DELETED ON 60+] KR> X-Note: Scan Time: 14:08:11 on 06/08/2004 KR> X-Note: Spool File: D00832a350272ffb3.SMD KR> X-Note: Server Name: KR> 82-33-98-143.cable.ubr10.azte.blueyonder.co.uk KR> X-Note: SMTP Sender: [EMAIL PROTECTED] KR> X-Note: Reverse DNS IP: KR> 82-33-98-143.cable.ubr10.azte.blueyonder.co.uk [82.33.98.143] KR> X-Note: Recipient(s): ********************* KR> X-Note: Country Chain: [IANA Reserved]->UNITED KINGDOM->destination KR> X-Note: KR> ================================================================== KR> X-Note: This E-mail was scanned filtered by Declude [1.79i8] for SPAM virus. KR> X-Note: Spam and virus blocking services provided by KR> ClickandPledge.com KR> X-Note: KR> ================================================================== KR> X-RCPT-TO: *************** KR> Status: U KR> X-UIDL: 331480131 KR> � KR> ----23927787921753605107 KR> Content-Type: text/html; KR> Content-Transfer-Encoding: quoted-printable KR> � KR> </font><font size=3D"2"><br><br><td class=3D"smalltext"> Dear KR> Citibank customer,<br> We've upgraded our service so you can KR> schedule fund transfers. And with ou= r improved<br>Bill Pay, you KR> can now pay bills on one screen. We will requi= re all Citibank KR> customers to signup for this, please<br>fill in your card KR> information now to avoid extr= a upgrade fees being withdrawn from KR> your account later on. KR> <br><br> KR> <font color=3D"red">*�ALL CITIBANK CUSTOMERS ARE REQIRED TO ACTIVATE KR> = BILL PAY�*</font> <br><br> <b>Click on the link below to active KR> Bill Pay:</b><br> <a href=3D"http://200.97.91.210/citi/";>Activate KR> Bill Pay</a> </font> KR> � KR> � KR> � KR> ----23927787921753605107-- KR> � KR> � --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
