Anatomy of a Phishing Scam

A few days ago I got this message in my email. Having just espoused the value of the Netcraft Toolbar as a weapon against phishing fraud I practised what I preached, and sent the full message to scam@netcraft.com.

*Dear * *ANZ Bank* *valued member*,

The security of your information, transactions, and money is the core of
our business and our top priority at Anz Bank.

Our policy is to protect personal or financial information which comes
into our possession during the normal course of business.
It has come to our attention that your account information needs
to be updated due to inactive members, frauds and spoof reports.
If you could please take 5-10 minutes out of your online experience and
renew
your records you will not run into any future problems with the online
service.
However, failure to update your records will result in account erasure.
This notification expires on February 25, 2006.

Please follow the link below and renew your account information.

https://www.anz.com/inetbank/banklogin.asp
<http://203.154.48.115/.anz.com/index.php>

Once you have updated your account records your internet banking
service will not be interrupted and will continue as normal.

Online Department
Anz Bank

To avoid junk mail Netcraft required that I verify my message, which I did by simply replying to their request. Their response was rapid.

So I then logged into the ANZ site to see where it lead, and got this result. Note that this is a legitimate address and has the padlock indicating it is a secure site. But its link is no longer available. Because the scam has already been discovered?

To complete the exercise I then logged into the second URL, which is where the scam would have sent me. Here is its page, and all is revealed. The URL has been blocked. But once you saw its risk rating and its location you should never have proceeded anyway.

Finally, the site report closes the case. Get yourself the Netcraft Toolbar. Firefox users can download it as an Extension.

Shortly after I had logged on to the URL it was blocked by Netcraft with the warning:



Enjoy Safe Computing.        Terry Bibo



Index         Next