[OWASP-Bangalore] Fwd: Reporting a phishing mail information.

Vinod Duggirala Naga nagavinod at gmail.com
Fri Jul 2 16:40:24 EDT 2010


FYI.

If you receive any phishing mail, please report to
phishing-report at us-cert.gov .

Regards,
Vinod Duggirala
+91 9886196477
---------- Forwarded message ----------
From: Vinod DN <nagavinod at yahoo.com>
Date: Sat, Jul 3, 2010 at 1:59 AM
Subject: Reporting a phishing mail information.
To: phishing-report at us-cert.gov
Cc: nagavinod at gmail.com


  Hi,

I received a Phishing Mail. Feel like reporting the same to you as I found
it's a risk to the respective banker users. Please do the needful. I am
forwaring the received mail below along with the header information.

I tried accessing the below URL and found that it's phishing site which
simulates the ICICI Bank. * *

http://artinfusion.com/images/onlineverification/index.html ... Attached the
page.

Here is the host details, in my initial study.


*Host of the IP:*

artinfusion.com [Whois]
<http://www.ip-adress.com/whois/artinfusion.com> [Reverse
IP] <http://www.ip-adress.com/reverse_ip/artinfusion.com>

*Host IP [? <http://www.ip-adress.com/host/>]:*

*66.116.148.167* [Copy]
[Whois]<http://www.ip-adress.com/whois/66.116.148.167> [Reverse
IP] <http://www.ip-adress.com/reverse_ip/66.116.148.167>

*IP country code:*

US

*IP address country:*

United States

*IP address state:*

Ohio

*IP address city:*

Columbus

*IP postcode:*

43228

*IP address latitude:*

39.9649

*IP address longitude:*

-83.1383

*ISP of this IP [? <http://www.ip-adress.com/isp>]:*

Ecommerce Corporation

*Organization:*

Ecommerce Corporation

*Local time in United States:*

2010-07-02 16:04

I believe atleast 1% of the users will get trapped into these phishing sites
even enough education happening from banker.

Regards,
Vinod Duggirala
+91 9886196477


----- Forwarded Message ----
*From:* ICICI BANK <customerservice at icicibank.com>
*Sent:* Wed, 30 June, 2010 1:21:49 PM
*Subject:* ICICI BANK: Online Verification!!!









Your account have been flagged for security issues

Log In into your account to resolve the problem.

   *Click here to Log In <http://artinfusion.com/images/icici.php>*
------------------------------

ICICI BANK apologizes for any inconvenience arising from this action.

Thank you for using ICICI BANK.
© ICICI Bank. All rights reserved.

Information on protecting yourself from fraud, please review the Security
Tips in our Security  Center.



*Full Message Headers:*

**

>From ICICI BANK Wed Jun 30 07:51:49 2010
X-Apparently-To: nagavinod at yahoo.com via 203.104.17.144; Wed, 30 Jun 2010
06:32:32 -0700
Return-Path: <customerservice at icicibank.com>
X-YahooFilteredBulk: 200.26.159.42
Received-SPF: fail (mta1012.mail.sp2.yahoo.com: domain of
customerservice at icicibank.com does not designate 200.26.159.42 as permitted
sender)
X-YMailISG: z0Zdd3McZAojpKLZythQN02QNifMvC6uSEU.3Tdg4Dp.0bWB
 MVqw3fF3I4CMEmUUIz6scgwy.P3e872JqlewTkxqa8Wdc76YbzioViNIhHzu
 35787Qq5tVQdEU07FKGZpgc_r9nQCSctdgUhg0Yl8VxsSo0hlXXs_NUlSv4r
 BhnRtXnWeIMe6kxBh4Z_s1OzFPv3PSgb0Cb08VRJ8_elcOt2sZ21zMb1l3lX
 c6YNOsab3w5b0ZormsIO4CyO0Awmy.gZnThGwyerHf2JxxrF5WWaYPZW_hBv
 at49.Rk2UFAwF7J.bGGs2ECKkK_Y1S58Ye.BmYKwh5Rs4.O8o0wMfmeS8VWf
 mjnsJ3N9XsgydI7Y5Ea.vHosMZuUsRDblqMgpQKYGnhPgFoaLsaVsRIzd594
 wyIn0zgMAO8vDzveEiwMHdPh2vjt6qUyPgQo949tfGKQfnlqHHdd_pEkq22p
 5Sy1E3qPrnfUdq_X55mf_O2rybV8ZIwq.GPgHTynWUEhthvtLFSbD1r28VNm
 y3QLJ28MfKkZxGqWj3_Kogd5eU6rxMqPQYS83KaadKRgU8SjbD_tWnu_ERTS
 KU0Bz8XTJAM1MA1Zm9mX6v.pYuD05reBLF1lwfonvBdqs1m7V_PeCux_cSeL
 1pWgkxXTD8nM2Vm5NkTdZT6FunI7wt7lfj8L.TFLV535u4KKhKDxEpfvGnW_
 yILukhqnjM2YXbPh1hEDZYp4cz1EBfzZYfEpOgmINKdhzYbWAEOw7XrlG.3F
 JfAijrr17vsq.l3sWdYgBj8ncxvuhGbaNIKztq.yF_VtkaiJqwP86478PUOR
&nbs p;76l6KrS5wkfU2_g78Vm_jsvsNfXkB_cTQrN04hsLI6KifNgj6UgajpARSHGP
 63m4xAGAOnu1W4WX5REh7jYdvhQVHRBN6r_4xlhTnh64rVdWyrH_ylSXmYWX
 daNTHE6lEMj.ezjEbf_nBUSZYsGDZkumi_M765fKy6sa9aJx_tXGJ3ODlNah
 9HeDOzcD2U9EGUkCdZq7DKZTCkpDUqRr3wfHAqs5RCC9a5srE8qzvd5MEovY
 nZRdrUo8VIm4havM2BmacU9mubY8ETLAuXXlWfSnVqXooVGJGdHfvlDdGRQ-
X-Originating-IP: [200.26.159.42]
Authentication-Results: mta1012.mail.sp2.yahoo.com  from=icicibank.com;
domainkeys=neutral (no sig);  from=icicibank.com; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO correo.motovalle.com) (200.26.159.42)
  by mta1012.mail.sp2.yahoo.com with SMTP; Wed, 30 Jun 2010 06:32:30 -0700
Received: from localhost (localhost [127.0.0.1])
 by correo.motovalle.com (Postfix) with ESMTP id 0B56B4DA60;
 Wed, 30 Jun 2010 03:40:04 -0500 (COT)
X-Virus-Scanned: amavisd-new at motovalle.com
Received: from correo.motovalle.com ([127.0.0.1])
 by localhost (randall.motovalle.com [127.0.0.1]) (amavisd-new, port 10024)
 with SMTP id Y7W4x8IMYHgU; Wed, 30 Jun 2010 03:40:02 -0500 (COT)
Received: from User (host-187.0.143.73.win.psi.br [187.0.143.73])
 by correo.motovalle.com (Postfix) with ESMTPA id 4E8C54ECAB;
 Wed, 30 Jun 2010 03:05:53 -0500 (COT)
From: "ICICI BANK"<customerservice at icicibank.com>
Subject: ICICI BANK: Online Verification!!!
Date: Wed, 30 Jun 2010 08:51:49 +0100
MIME-Version: 1.0
Content-Type: text/html;
 charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20100630084005.0B56B4DA60 at correo.motovalle.com>
To: undisclosed-recipients:;
Content-Length: 1938
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100703/725fc643/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ICICI Bank Phishing Site.JPG
Type: image/jpeg
Size: 84195 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100703/725fc643/attachment-0001.jpe 


More information about the OWASP-Bangalore mailing list