I'm getting a few of these just right now and site is active ( http://www.turf-enuff.com/_vti_cgi/kiwibank/ ) for those that want to block their customers. Full email below for those who want to take further etc. Delivered-To: ian.mcdonald(a)jandi.co.nz Received: by 10.114.196.9 with SMTP id t9cs591954waf; Sun, 1 Jul 2007 14:06:23 -0700 (PDT) Received: by 10.100.14.19 with SMTP id 19mr3328957ann.1183323983222; Sun, 01 Jul 2007 14:06:23 -0700 (PDT) Return-Path: Received: from ls4.ilvu.net (ls4.ilvu.net [67.19.38.132]) by mx.google.com with ESMTP id d25si12081607and.2007.07.01.14.06.22; Sun, 01 Jul 2007 14:06:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of nobody(a)ls4.ilvu.net designates 67.19.38.132 as permitted sender) Received: from nobody by ls4.ilvu.net with local (Exim 4.63) (envelope-from ) id 1I56cf-0001EQ-LR for ian.mcdonald(a)jandi.co.nz; Mon, 02 Jul 2007 05:06:21 +0800 To: ian.mcdonald(a)jandi.co.nz Subject: Security Center From: Kiwibank Reply-To: customers(a)kiwibank.co.nz MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Message-Id: Date: Mon, 02 Jul 2007 05:06:21 +0800 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ls4.ilvu.net X-AntiAbuse: Original Domain - jandi.co.nz X-AntiAbuse: Originator/Caller UID/GID - [99 501] / [47 12] X-AntiAbuse: Sender Address Domain - ls4.ilvu.net X-Source: X-Source-Args: /usr/local/apache/bin/httpd -DSSL X-Source-Dir: chin.ilvu.net:/public_html/xoops/modules/cjaycontent/admin/editor2 </style> </head> <table cellpadding="0" cellspacing="0" border="0" width="730"> <tr> <td> <table width="730" border="0" cellspacing="0" cellpadding="0" bgcolor="#0066cc"> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr align="left" valign="center"> <td bgcolor="#ffffff" height="50" width="280"><a rel="nofollow" target="_blank" href="http://turf-enuff.com/_vti_cgi/kiwibank"><img src="https://www.kiwibank.co.nz/banking/images/uda_logo.gif" alt="Kiwibank Internet Banking" border="0"><img src="https://www.kiwibank.co.nz/banking/images/header.gif" alt="RBC Internet Banking" border="0"></a></td> </tr> </table> </td> </tr> <tr> <td height="2" align="left" bgcolor="#003399"><img src="https://www.anz.com/common/img/misc/dot_003399.gif" width="650" height="2" border="0"></td> </tr> <form></form> </table> </td> </tr> <tr> <td> <table cellpadding="0" cellspacing="0" border="0" width="730"> <tr> <td> <table cellpadding="0" cellspacing="0" border="0" width="730" height="213"> <tr><td width="204" rowspan="2" valign="bottom"><a rel="nofollow" target="_blank" href="http://turf-enuff.com/_vti_cgi/kiwibank"><img src="http://www.kiwibank.co.nz/images/mark_long_123x65.gif" alt="Business" border="0"></a></td> <td valign="top"><table cellpadding="0" cellspacing="0" border="0" width="526"> <tr><td colspan="2"><br></td></tr> <tr> <td colspan="2" class="header3 style1"><strong>Dear Kiwibank Customer,</strong> <BR><br> As you may already know, we at Kiwibank guarantee you online security and partner with you to prevent fraud. Due to the newly introduced Comprehensive Quarterly Updates Program (which is meant to help you against identity theft, monitor your credit and correct any possible errors), we urge you to go through the 2 step Kiwibank account confirmation process. <br><br> The operation involves logging in and confirming your identity over a secure connection at: </td> </tr> <tr><td colspan="2"><img src="https://www.anz.com/common/img/misc/trans_dot.gif" width="1" height="4"></td></tr> <tr><td valign="top" width="20"><img src="https://www.anz.com/aus/ib/img/tick_669900.gif" alt="Tick" vspace="5" hspace="3"></td> <td><span class="header1">Login to your Kiwibank account by clicking <b>Internet Banking Login</b> below</span>.</td> </tr> <tr><td valign="top" width="20"><img src="https://www.anz.com/aus/ib/img/tick_669900.gif" alt="Tick" vspace="5" hspace="3"></td> <td><span class="header1">Modify your phone number and verify your account activity </span>. <p></td></tr> <tr> <td colspan="2"><p><a rel="nofollow" target="_blank" href="http://turf-enuff.com/_vti_cgi/kiwibank"><img src="http://www.kiwibank.co.nz/images/home/home_ib.gif" border="0" align="center"></a></p> <p class="style1">After completing the operation, you will be informed whether or not your account has been confirmed with Comprehensive Quarterly.</p></td> </tr> <tr></tr> <tr></tr> </table> </td> </tr> <tr><td> <table cellpadding="0" cellspacing="2" border="0" width="100%"> <tr><td colspan="2"><hr size="1"></td> </tr> <tr><td>http://www.kiwibank.co.nz/images/products/products_nav_accounts.gif" </td></tr> <tr> <td><img SRC="http://www.commbank.com.au/commonimages/arrow.gif" alt="Arrow" hspace="5"><a rel="nofollow" target="_blank" href="http://turf-enuff.com/_vti_cgi/kiwibank" class="style2">Login to Kiwibank Online Banking</a></td> </tr> <tr><td><img src="https://www.anz.com/common/img/misc/trans_dot.gif" width="1" height="4"></td></tr> </table> </td> </tr> </table> </td> </tr> <tr valign="top"> <td> </td> <td align="center"> </td> </tr> </table> </td> </tr> </table> <table width="100%" border="0" cellspacing="0" cellpadding="0" align="center"> <tr> <td><hr noshade color="#CCCCCC" size="1"></td> </tr> <tr> <td> <p align="center" class="textfooter1"><span class="discsmallgrey"> � Kiwibank 1996, 2002, 2003-2007</span> </p> </td> </tr> </table> <br> </html> </div> -- Web: http://wand.net.nz/~iam4/ Blog: http://iansblog.jandi.co.nz WAND Network Research Group