2017-11-10 - PHISHING EMAILS LINK TO FAKE ONLINE BANKING PAGES

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2017-11-10-phishing-emails-two-examples.zip   8.8 kB (8,760 bytes)
• 2017-11-10-fake-usaa-website-traffic.saz.zip   4.5 MB (4,454,165 bytes)

 

NOTES:

• Two days in a row I received phishing emails from an Outlook server, so I haved documented it.
• As of this date, hxxp[:]//autobit[.]ro/ has several open directories for phishing sites.

Shown above:  Open directories on autobit[.]ro.

 

EMAILS

THURSDAY:

• Date:  Thursday, 2017-11-09 13:48 UTC
• From:  "Chase" <r.minichello@northeastern[.]edu>
• Subject:  Alert:Dear([recipeint's email address]), Quiclkly verify Your Online Banking
• Received:  from [104.47.34[.]229] ([104.47.34[.]229:45211] helo=NAM01-BY2-obe.outbound.protection.outlook[.]com)
• Link in the email:  hxxps[:]//chasecustomerverification.chaseonline.autobit[.]ro/chaseverification

FRIDAY:

• Date:  Friday, 2017-11-10 11:38 UTC
• From:  "USAA" <d.mandel@northeastern[.]edu>
• Subject:  Alert: Usaa Banking Information For ([recipeint's email address])
• Received:  from [104.47.32[.]213] ([104.47.32[.]213:16309] helo=NAM01-SN1-obe.outbound.protection.outlook[.]com)
• Link in the email:  hxxps[:]//upgradeservicesystem.autobit[.]ro/usaasecurityservice/home/login.html

 

IMAGES

Shown above:  Phishing email from Thursday 2017-11-09.

 

Shown above:  Phishing email from Friday 2017-11-10.

 

Shown above:  Fake Chase login page from 2017-11-09 email.

 

Shown above:  Fake USAA login page from 2017-11-10 email.

 

Click here to return to the main page.