2017-11-10 - PHISHING EMAILS LINK TO FAKE ONLINE BANKING PAGES

ASSOCIATED FILES:

• Zip archive of the two emails I received:  2017-11-10-phishing-emails.zip   8.4 kB (8,392 bytes)
• Saz file of HTTPS traffic to fake USAA website:  2017-11-10-fake-usaa-website-traffic.saz   4.5 MB (4,486,247 bytes)

 

NOTES:

• Two days in a row I received phishing emails from an Outlook server, so I'm documeting it.
• Go to hxxp://autobit.ro/ and you'll find several open directories for phishing sites.

Shown above:  Open directories on autobit.ro.

 

EMAILS

THURSDAY:

• Date:  Thursday, 2017-11-09 13:48 UTC
• From:  "Chase" <r.minichello@northeastern.edu>
• Subject:  Alert:Dear([recipeint's email address]), Quiclkly verify Your Online Banking
• Received:  from [104.47.34.229] ([104.47.34.229:45211] helo=NAM01-BY2-obe.outbound.protection.outlook.com)
• Link in the email:  hxxps://chasecustomerverification.chaseonline.autobit.ro/chaseverification

FRIDAY:

• Date:  Friday, 2017-11-10 11:38 UTC
• From:  "USAA" <d.mandel@northeastern.edu>
• Subject:  Alert: Usaa Banking Information For ([recipeint's email address])
• Received:  from [104.47.32.213] ([104.47.32.213:16309] helo=NAM01-SN1-obe.outbound.protection.outlook.com)
• Link in the email:  hxxps://upgradeservicesystem.autobit.ro/usaasecurityservice/home/login.html

 

IMAGES

Shown above:  Phishing email from Thursday 2017-11-09.

 

Shown above:  Phishing email from Friday 2017-11-10.

 

Shown above:  Fake Chase login page from 2017-11-09 email.

 

Shown above:  Fake USAA login page from 2017-11-10 email.

 

FINAL NOTES

Once again, here are the associated files:

• Zip archive of the two emails I received:  2017-11-10-phishing-emails.zip   8.4 kB (8,392 bytes)
• Saz file of HTTPS traffic to fake USAA website:  2017-11-10-fake-usaa-website-traffic.saz   4.5 MB (4,486,247 bytes)

Zip and saz files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.