[nznog] Bankdirect phish

Just got a phish for BankDirect. The telling part: "<a href="http://www.bankdlrect.co.nz/index_secure.asp" >" - notice the 'l' where the I should be. Hopefully as this is inside .nz DNS we can get this one shut down quickly. The domain is registered with DiscountDomains.co.nz to a RODNEY GUISTWITE. admin_contact_name: RODNEY GUISTWITE admin_contact_address1: 9740 CONIFER LANE admin_contact_city: MURRELLS INLET admin_contact_country: US (UNITED STATES) admin_contact_phone: +84 3 6501641 admin_contact_email: directmain(a)yahoo.com The email headers: Received: from firewall.itpartners.co.nz ([10.7.0.254]) by penfold.itpartners.co.nz with Microsoft SMTPSVC(6.0.3790.1830); Fri, 30 Sep 2005 08:46:23 +1200 Received: from [218.233.125.18] (helo=-1208382648) by firewall.itpartners.co.nz with smtp (Exim 4.34) id 1EL5Iv-0007GJ-5u for craig(a)itpartners.co.nz; Fri, 30 Sep 2005 08:47:04 +1200 Received: from bankdirect.co.nz (-1208528168 [-1208791160]) by google.com (Qmailv1) with ESMTP id 554E5D0054 for ; Thu, 29 Sep 2005 13:13:12 -0700 Date: Thu, 29 Sep 2005 13:13:12 -0700 From: Bankdirect Accounts X-Mailer: The Bat! (v2.00.8) Personal X-Priority: 3 Message-ID: <5432025998.20050929131312(a)bankdirect.co.nz> To: Craig Subject: New Fraud-Prevention system. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----------C0723C19AFB5862" X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Spam-Score: -5.8 {-----} X-Spam-Report: No, hits=-5.8 required=5.0 tests=ALL_TRUSTED,BAYES_00,HTML_MESSAGE,HTML_TAG_EXIST_TBODY autolearn=ham version=3.0.2 Return-Path: accounts(a)bankdirect.co.nz X-OriginalArrivalTime: 29 Sep 2005 20:46:23.0798 (UTC) FILETIME=[DAB2BD60:01C5C536] Craig Box Phone 07 957 2653 IT Partners Ltd Fax 07 957 2659 PO Box 9361 Mobile 021 475 869 Hamilton, New Zealand _________________________________________________________________ #include _________________________________________________________________