phishing
Eric "Shubes"
plug at shubes.net
Thu Jan 11 09:29:33 MST 2007
I won't answer your question, but would like to point out that clamav
rejected a similar (possibly the same) email as containing a virus, so I
never received it. I happened to see a message in the log last night:
01-10 20:31:00
simscan:[31231]:VIRUS:0.2670s:HTML.Phishing.Bank-553:66.34.204.100:service at bankofamerica.com:plug at shubes.net
I'm liking clamav.
keith smith wrote:
> Good Morning to all you guru's out there in PLUG land!
>
> I received an email this morning:
>
> From : Bank of America
> Subject : Account Authentication Required
>
> Saying I needed to verify my account. It contained a link that took me to
>
> http://203.199.124.235/bankofamerica.com/
>
> Obviously this is fraudulent. My first clue was I do not have a BofA
> account :)
>
> So this form asks for account numbers, social security number, date of
> birth, mothers maiden name .... ETC.
>
> This is the second time I have received this type of email. Both times
> I have reported it to BofA.
>
> So now I'm curious. I would like to do a little detective work here. I
> went to DNSStuff.com and did a reverse lookup and the IP shows it is in
> India City....
>
> I know there must be a Linux command that I can run to learn more about
> this IP. I'm wondering just how much information I might be able to
> learn from just having this limited amount of information and how I
> would go about it.
>
> Any Ideas?
>
> Thanks,
> Keith
>
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list