About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

07 January 2013

Good Phishing Email

I like coming across really good phishing emails; primarily because I try to think on how to actually identify the email correctly. This morning, I got the following, reputedly from ABSA bank:

Your registeration with us has been cancelled due to our new terms and conditions, please read below to view how to re-register or visit your branch

Read Here

 It had all the hallmarks. Let's start with the sender, sent from a legitimately sounding address "absamail.co.za", which was not detected by Google as a bad domain. The mail relay is "Vodamail", which is somewhat suspicious - but Vodacom's ISP does have a large set of corporate customers, so a Bank is not too surprising. And lastly, all the sending address ( seems to be a South African IP range. I looked on some registration records, but couldn't get much beyond the hosting ISP.

Aside from the sender details, the text itself is short and sweet; and even has a friendly "visit your branch", to give it some credibility. And for the "Read Here" bit, I didn't get a URL overlay (although I can't find any direct bugs; other than a misplaced "HREF=3D", which is apparently a MIME encoding component (from a casual Google search).

The URL has off course nothing to do with ABSA, and is hosted in Romania. I assume it has a drive by download and other nice things - I didn't go and check.

No comments: