Morning If anyone from Westpac Security monitors NZNOG, and for those that want to update their mail rulesets appropriately, there appears to be a new phish this morning for Westpac. I've received 6 in the last 10 minutes. All originate from 219.128.152.213, a Chinanet host or 82.229.209.178. The body refers people to http://secwestpac.com/IOLB/newSession . The hostname is similar to their correct "sec.westpac.co.nz". The domain hasn't yet been pushed into WHOIS, but is in the GTLD servers. The body of the message is HTML, with Westpac graphics. The text is: Processing error We were unable to process your recent transactions on your account. To ensure that your account is not suspended, please update your information Headers below. aj From - Mon Sep 19 10:28:31 2005 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 Return-Path: <update(a)westpac.co.nz> X-Original-To: aj(a)sonic.sneep.net Delivered-To: aj(a)sonic.sneep.net Received: by sonic.sneep.net (Postfix, from userid 668) id 8E13A21CFB; Mon, 19 Sep 2005 10:19:50 +1200 (NZST) Received: from smtp01.maxnet.net.nz (smtp01.maxnet.net.nz [202.89.32.6]) by sonic.sneep.net (Postfix) with ESMTP id B9D3E21CEE for <aj(a)sneep.net>; Mon, 19 Sep 2005 10:19:39 +1200 (NZST) Received: from mailfilter01.maxnet.net.nz (mailfilter01.maxnet.net.nz [202.89.32.8]) by smtp01.maxnet.net.nz (Postfix) with ESMTP id 323D2406A2E for <aj(a)sneep.net>; Mon, 19 Sep 2005 10:21:14 +1200 (NZST) Received: from stolichnaya.maxnet.net.nz (stolichnaya.maxnet.net.nz [209.123.221.169]) by mailfilter01.maxnet.net.nz (Postfix) with ESMTP id CF02384E40 for <aj(a)win.co.nz>; Mon, 19 Sep 2005 10:21:55 +1200 (NZST) Received: from -1211395320 (cha92-7-82-229-209-178.fbx.proxad.net [82.229.209.178]) by stolichnaya.maxnet.net.nz (Postfix) with SMTP id DA3B65325E0 for <aj(a)win.co.nz>; Mon, 19 Sep 2005 10:19:37 +1200 (NZST) Received: from westpac.co.nz (142870456 [137878400]) by cha92-7-82-229-209-178.fbx.proxad.net (Qmailv1) with ESMTP id A18855DD6F for <aj(a)win.co.nz>; Sun, 18 Sep 2005 14:46:52 -0700 Date: Sun, 18 Sep 2005 14:46:52 -0700 From: Update <update(a)westpac.co.nz> X-Mailer: The Bat! (v2.00.6) Personal X-Priority: 3 Message-ID: <4793089069.20050918144652(a)westpac.co.nz> To: Aj <aj(a)win.co.nz> Subject: Anti-fraud notification MIME-Version: 1.0 Content-Type: multipart/related; boundary="----------572BB2C4F688976"