Morning
If anyone from Westpac Security monitors NZNOG, and for those that want
to update their mail rulesets appropriately, there appears to be a new
phish this morning for Westpac. I've received 6 in the last 10 minutes.
All originate from 219.128.152.213, a Chinanet host or 82.229.209.178.
The body refers people to http://secwestpac.com/IOLB/newSession .
The hostname is similar to their correct "sec.westpac.co.nz". The
domain hasn't yet been pushed into WHOIS, but is in the GTLD servers.
The body of the message is HTML, with Westpac graphics. The text is:
Processing error
We were unable to process your recent transactions on your account. To
ensure that your account is not suspended, please update your information
Headers below.
aj
From - Mon Sep 19 10:28:31 2005
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path:
X-Original-To: aj(a)sonic.sneep.net
Delivered-To: aj(a)sonic.sneep.net
Received: by sonic.sneep.net (Postfix, from userid 668)
id 8E13A21CFB; Mon, 19 Sep 2005 10:19:50 +1200 (NZST)
Received: from smtp01.maxnet.net.nz (smtp01.maxnet.net.nz [202.89.32.6])
by sonic.sneep.net (Postfix) with ESMTP id B9D3E21CEE
for ; Mon, 19 Sep 2005 10:19:39 +1200 (NZST)
Received: from mailfilter01.maxnet.net.nz (mailfilter01.maxnet.net.nz
[202.89.32.8])
by smtp01.maxnet.net.nz (Postfix) with ESMTP id 323D2406A2E
for ; Mon, 19 Sep 2005 10:21:14 +1200 (NZST)
Received: from stolichnaya.maxnet.net.nz (stolichnaya.maxnet.net.nz
[209.123.221.169])
by mailfilter01.maxnet.net.nz (Postfix) with ESMTP id CF02384E40
for ; Mon, 19 Sep 2005 10:21:55 +1200 (NZST)
Received: from -1211395320 (cha92-7-82-229-209-178.fbx.proxad.net
[82.229.209.178])
by stolichnaya.maxnet.net.nz (Postfix) with SMTP id DA3B65325E0
for ; Mon, 19 Sep 2005 10:19:37 +1200 (NZST)
Received: from westpac.co.nz (142870456 [137878400])
by cha92-7-82-229-209-178.fbx.proxad.net (Qmailv1) with ESMTP id A18855DD6F
for ; Sun, 18 Sep 2005 14:46:52 -0700
Date: Sun, 18 Sep 2005 14:46:52 -0700
From: Update
X-Mailer: The Bat! (v2.00.6) Personal
X-Priority: 3
Message-ID: <4793089069.20050918144652(a)westpac.co.nz>
To: Aj
Subject: Anti-fraud notification
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----------572BB2C4F688976"