Phishing expedition - Westpac heads-up!
Had a friend who connect via ihug forward me an email - someone phishing for Westpac user ID's. They're blanket spamming it because he isn't even a Westpac customer. Might be an idea for all your ISP's to send out a warning message to your clients - good PR exercise.
Reply-To: Westpac <verifyXX(a)westpac.com.nz> Sender: Westpac <verifyXX(a)westpac.com.nz> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit
Dear Westpac Bank Member,
This email was sent by the Westpac server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Westpac Banking Customer ID and Password. This is done for your protection --- because some of our members no longer have access to their email addresses and we must verify it.
To verify your e-mail address and access your bank account, click on the link below. If nothing happens when you click on the link, copy and paste the link into the address bar of your web browser.
http://www.westpac.com.nz:ac-XXXXXXXXXXXXXXXXXX(a)XXXXXXXXX.Da.rU/ ?XXXXXXXXXXX
-------------------------------------------------- Thank you for using Westpac Bank! --------------------------------------------------
--On Sunday, November 02, 2003 11:43:00 -0600 Andy Gardner <andy(a)navigator.co.nz> wrote:
They're blanket spamming it because he isn't even a Westpac customer.
Might be an idea for all your ISP's to send out a warning message to your clients - good PR exercise.
Just spoke to someone at Westpac about 30 seconds after finding it in my own inbox. They're aware of it and trying to close the site. I forgot to ask if they're going to send out a warning email to all their web banking users thou ( they store your email addy for these kings of things - I hope they use it ). Mark -- "It's all in the heat of the moment, it's all in the pain..." Devy. Mark Derricutt @ mark(a)talios.com @ talios.blog-city.com
Site has been shut down. I am also a Westpac customer, and have not received ANY kind of warning. - Drew
-----Original Message----- From: Mark Derricutt [mailto:mark(a)talios.com] Sent: Monday, November 03, 2003 8:25 AM To: Andy Gardner; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Phishing expedition - Westpac heads-up!
--On Sunday, November 02, 2003 11:43:00 -0600 Andy Gardner <andy(a)navigator.co.nz> wrote:
They're blanket spamming it because he isn't even a Westpac customer.
Might be an idea for all your ISP's to send out a warning message to your clients - good PR exercise.
Just spoke to someone at Westpac about 30 seconds after finding it in my own inbox. They're aware of it and trying to close the site. I forgot to ask if they're going to send out a warning email to all their web banking users thou ( they store your email addy for these kings of things - I hope they use it ).
Mark
-- "It's all in the heat of the moment, it's all in the pain..." Devy. Mark Derricutt @ mark(a)talios.com @ talios.blog-city.com
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Most mail servers should be rejecting it as the domain "westpac.com.nz" doesn't exist. Looks like "whoever" is doing it is using lots of open mail relays around the place.. 100,000+ rejections of the email on our mail servers because of an invalid domain and it keeps going... Thanks Craig ----- Original Message ----- From: "Drew Broadley" <drew(a)iplaynz.com> To: <nznog(a)list.waikato.ac.nz> Sent: Monday, November 03, 2003 10:21 AM Subject: RE: [nznog] Phishing expedition - Westpac heads-up!
Site has been shut down.
I am also a Westpac customer, and have not received ANY kind of warning.
- Drew
-----Original Message----- From: Mark Derricutt [mailto:mark(a)talios.com] Sent: Monday, November 03, 2003 8:25 AM To: Andy Gardner; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Phishing expedition - Westpac heads-up!
--On Sunday, November 02, 2003 11:43:00 -0600 Andy Gardner <andy(a)navigator.co.nz> wrote:
They're blanket spamming it because he isn't even a Westpac customer.
Might be an idea for all your ISP's to send out a warning message to your clients - good PR exercise.
Just spoke to someone at Westpac about 30 seconds after finding it in my own inbox. They're aware of it and trying to close the site. I forgot to ask if they're going to send out a warning email to all their web banking users thou ( they store your email addy for these kings of things - I hope they use it ).
Mark
-- "It's all in the heat of the moment, it's all in the pain..." Devy. Mark Derricutt @ mark(a)talios.com @ talios.blog-city.com
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Looking at the mail logs, the spams/phishes are/have been sent from over 1000 hosts now. Looking at the hosts sending them, they don't look like open mail relays. Does anyone have a copy of the emails so I can figure out who and how soo many machines are sending them out.. Thanks Craig Whitmore Orcon Internet ----- Original Message ----- From: "Craig Whitmore" <lennon(a)orcon.net.nz> To: <nznog(a)list.waikato.ac.nz> Sent: Monday, November 03, 2003 10:53 AM Subject: Re: [nznog] Phishing expedition - Westpac heads-up!
Most mail servers should be rejecting it as the domain "westpac.com.nz" doesn't exist.
Looks like "whoever" is doing it is using lots of open mail relays around the place.. 100,000+ rejections of the email on our mail servers because of an invalid domain and it keeps going...
Thanks Craig
Looking at the mail logs, the spams/phishes are/have been sent from over 1000 hosts now. Looking at the hosts sending them, they don't look like open
Indeed, mail relays aren't being used. This one was sent from a telus.net (.ca) directly to my domain's MX.
mail relays. Does anyone have a copy of the emails so I can figure out who
I'll forward you a copy off list shortly.
Most mail servers should be rejecting it as the domain "westpac.com.nz" doesn't exist.
I guess Xtra isn't included here. The message was redirected to an xtra mail account, and Xtra quite happily accepted it for delivery. Dave.
Almost word for word : http://lists.insecure.org/lists/fulldisclosure/2003/Oct/1415.html Cheers, Blair On Sun, 2 Nov 2003 11:43:00 -0600 Andy Gardner <andy(a)navigator.co.nz> wrote:
Had a friend who connect via ihug forward me an email - someone phishing for Westpac user ID's.
They're blanket spamming it because he isn't even a Westpac customer.
Might be an idea for all your ISP's to send out a warning message to your clients - good PR exercise.
participants (6)
-
Andy Gardner -
Blair Harrison -
Craig Whitmore -
David Miller -
Drew Broadley -
Mark Derricutt