2017-11-10 - PHISHING EMAILS LINK TO FAKE ONLINE BANKING PAGES
ASSOCIATED FILES:
- Zip archive of the two emails I received: 2017-11-10-phishing-emails.zip 8.4 kB (8,392 bytes)
- Saz file of HTTPS traffic to fake USAA website: 2017-11-10-fake-usaa-website-traffic.saz 4.5 MB (4,486,247 bytes)
NOTES:
- Two days in a row I received phishing emails from an Outlook server, so I'm documeting it.
- Go to hxxp://autobit.ro/ and you'll find several open directories for phishing sites.
Shown above: Open directories on autobit.ro.
EMAILS
THURSDAY:
- Date: Thursday, 2017-11-09 13:48 UTC
- From: "Chase" <r.minichello@northeastern.edu>
- Subject: Alert:Dear([recipeint's email address]), Quiclkly verify Your Online Banking
- Received: from [104.47.34.229] ([104.47.34.229:45211] helo=NAM01-BY2-obe.outbound.protection.outlook.com)
- Link in the email: hxxps://chasecustomerverification.chaseonline.autobit.ro/chaseverification
FRIDAY:
- Date: Friday, 2017-11-10 11:38 UTC
- From: "USAA" <d.mandel@northeastern.edu>
- Subject: Alert: Usaa Banking Information For ([recipeint's email address])
- Received: from [104.47.32.213] ([104.47.32.213:16309] helo=NAM01-SN1-obe.outbound.protection.outlook.com)
- Link in the email: hxxps://upgradeservicesystem.autobit.ro/usaasecurityservice/home/login.html
IMAGES
Shown above: Phishing email from Thursday 2017-11-09.
Shown above: Phishing email from Friday 2017-11-10.
Shown above: Fake Chase login page from 2017-11-09 email.
Shown above: Fake USAA login page from 2017-11-10 email.
FINAL NOTES
Once again, here are the associated files:
- Zip archive of the two emails I received: 2017-11-10-phishing-emails.zip 8.4 kB (8,392 bytes)
- Saz file of HTTPS traffic to fake USAA website: 2017-11-10-fake-usaa-website-traffic.saz 4.5 MB (4,486,247 bytes)
Zip and saz files are password-protected with the standard password. If you don't know it, look at the "about" page of this website.
Click here to return to the main page.