I got an email today that looks like the archetypal phishing spam – a message from the Federal Reserve with a warning about a ‘large scale phishing attack’ and threats about restrictions being placed on wire transfers through March – a link at the bottom has a domain name that could just possibly be real; ‘bank-net.us’.
This is, if anything, better than average – nice domain name, well written email message (albeit with a few grammatical and spelling errors [“and has been still lasting”]), on the whole, believable….. so the link……
FEDERAL RESERVE BANK
You’re getting this letter in connection with new directions issued by U.S. Treasury Department. The directions concern U.S. Federal Wire and ACH online payments.
On February 17, 2009 a large-scaled phishing attack started and has been still lasting. A great number of banks and credit unions is affected by this attack and quantity of illegal bank transfers has reached an extremely high level.
U.S. Treasury Department, Federal Reserve, America Bankers Association (ABA) and Federal Deposit Insurance Corporation (FDIC) in common worked out a complex of immediate actions for the highest possible reduction of fraudulent operations. We regret to inform you that definite restrictions will be applied to all Federal Wire and ACH transfers from February 23, 2009 till March 6, 2009.
Here you can get more detailed information regarding the affected banks and U.S. Treasury Department restrictions:
Federal Reserve Bank System Administration
takes you to an ineptly written web page with a US flag banner and an input box and some hidden dot graphics… and then, after a few seconds, takes you to a porn site.
So, I visited the site again a few minutes later and the US flag page is gone and there is a completely blank page instead.
The site is hosted in Guangdong, China but the domain name is registered to Edward Rosales in Hartford, CT. The domain name was registered today, 23rd Feb 2009.
So…. a pathetic spam switch and bait to get people to go to a porn site, or a fledgling phishing site? or maybe a cunning combination of the two? whichever, I think it’s safe to say that nothing good will come out of bank-net.us anytime soon. If you see anything scammy, let me know, or better still, report it to PhishTank.