[DNS] A spot of phishing ..

[DNS] A spot of phishing ..

From: Doug Robb <doug§clarity.com.au>
Date: Sun, 26 Oct 2008 13:02:35 +0900
The good news is that if a crime has been committed it will be interesting
to see how much of all of this leads back to the perpetrators. On the
surface it all looks too easy so one would think the ACN itself must me
suspect. Another question will the be whether ASIC does enough checking if
this is indeed turns out to be the case. Also allowing a company name to be
the company ACN is a bit weird in itself?

On a logical note why did they go .com.au when they could have got the .com
and made it much harder to trace ownership?

Doug


-----Original Message-----
From: dns-bounces+doug=clarity.com.au&#167;dotau.org
[mailto:dns-bounces+doug=clarity.com.au&#167;dotau.org] On Behalf Of Ian Smith
Sent: Saturday, 25 October 2008 9:39 PM
To: dns&#167;dotau.org
Subject: [DNS] A spot of phishing ..

I won't include the whole message as it's in HTML, text version below, 
but the headers and the actual phishing links are quite interesting.

I guess many people wouldn't think 'X-Mailer: Spammer 2007' a clue :)

Here are the phishing links, de-HTMLised for your viewing pleasure:

"http://stockroutes.info/crm/jscalendar/lang/online.westpac.com.au/esis/Logi
n/SrvPage/" 
Westpac Clients Click Here

"http://stockroutes.info/crm/jscalendar/lang/www.stgeorge.com.au/InternetBan
king/welcome.jsp/"
St.George Clients Click Here

The logo links are to the actual St George and Westpac sites.

What I find fascinating is that someone could register a domain called 
'stgeorgewestpac.com.au' without anybody raising an eyebrow, since May 
this year.

I'm sure you all know how to look up who registered it, and we can all 
ponder the 'close and substantial'ness of 'A.C.N. 123 970 418 PTY LTD'

Is our slather open enough yet?

cheers, Ian

---------- Forwarded message ----------
Return-Path: <custoersmessage&#167;stgeorgewestpac.com.au>
Received: from designsbs-01 (CPE-61-9-248-65.static.wa.bigpond.net.au
    [61.9.248.65])
    by sola.nimnet.asn.au (8.14.2/8.14.2) with SMTP id m9PCSqsa009152
    for <smithi&#167;nimnet.asn.au>; Sat, 25 Oct 2008 23:28:58 +1100 (EST)
    (envelope-from custoersmessage&#167;stgeorgewestpac.com.au)
Message-Id: <200810251228.m9PCSqsa009152&#167;sola.nimnet.asn.au>
From: Stgeorge & Westpac Group <custoersmessage&#167;stgeorgewestpac.com.au>
To: smithi&#167;nimnet.asn.au
Subject: Notification To All St.George/Westpac Clients
Date: Sat, 25 Oct 2008 20:28:58 +0800
X-Mailer: Spammer 2007

[..]

[sgblogo.gif] [aln_westpac.gif]

ST.GEORGE/WESTPAC MERGER

?

St.George and Westpac have advised the market that they have signed a Merger
Implementation Agreement.
All Westpac and St.George Online Banking customers are advised to follow the
links below to help us
fasten our database updates.


Westpac Clients Click Here
St.George Clients Click Here

?

St.George and Westpac customers can now use any of the banks (Westpac or
St.George) Branch/ATM with no
extra charges. This email has been sent to both Westpac & St.George clients.

?

David Lording
Westpac Media Relations
Jeremy Griffith
St.George Corporate Relations

?

St.George Bank Limited ABN 92 055 513 070 AFS Licence No. 240997
http://www.westpac.com.au/
Westpac Banking Corporation ABN 33 007 457 141
http://www.stgeorge.com.au/
Received on Sat Oct 25 2008 - 21:02:35 UTC

This archive was generated by hypermail 2.3.0 : Tue Sep 02 2014 - 08:00:17 UTC