[38697] in bugtraq
Regions bank phishing scam
daemon@ATHENA.MIT.EDU (Ryan S)
Mon May 2 17:49:49 2005
Date: Fri, 29 Apr 2005 22:05:07 -0400
Reply-To: Ryan S <r.st@comcast.net>
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
To: bugtraq@securityfocus.com, phishing@regions.com
Mime-Version: 1.0
From: Ryan S <r.st@comcast.net>
Message-Id: <1114826845.B425532@bb12.dngr.org>
Content-Transfer-Encoding: 8bit
Forgive me if this is not the best place to foward this report.
Today, April 29, I received a Regions online banking ("RegionsNET")
e-mail phishing scam attempt. The "scam site" was still active prior
to this mailing. I have included the e-mail I received and removed my
e-mail addresses and session IDs from the header. This e-mail was sent
to phishing@regions.com and bugtraq@securityfocus.com .
Regards,
Ryan
R|dot|ST|at|COMCAST|dot|NET
### BEGIN EMAIL ###
-----Original Message-----
X-Original-UID: id:1 [SNIP]@mail.comcast.net:110 20050429185807s[SNIP]
Received: from mail.comcast.net ([SNIP]@mail.comcast.net) by
[SNIP].[SNIP].org;
for <[SNIP]@[SNIP].com>; Fri, 29 Apr 2005 12:19:41 PDT
Received: from user-10cm3ku.cable.mindspring.com ([64.203.14.158])
by sccrmxc23.comcast.net (sccrmxc23) with SMTP
id <20050429185[SNIP]>; Fri, 29 Apr 2005 18:58:06 +0000
X-Originating-IP: [64.203.14.158]
From: "Regions Bank" <support@regions.com>
Reply-To: "Regions Bank" <support@regions.com>
Subject: Important Fraud Alert
Date: Sat, 30 Apr 2005 00:45:31 +0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--8304697945013558"
Dear valued RegionsNETŠ member,
Due to concerns, for the safety and integrity of the online banking
community we have issued the following warning message.
It has come to our attention that your RegionsNETŠ bank account
information needs to be updated as part of our continuing commitment to
protect your account and to reduce the instance of fraud on our website.
If you could please take 5-10 minutes out of your online experience and
renew your records you will not run into any future problems with the
online service. However, failure to confirm your records will result in
your account suspension.
You can confirm your account records by logging in to your internet
banking account. Once you have confirmed your account records your
internet banking service will not be interrupted and will continue as
normal.
To confirm your bank account records please click here.
[http://regionsnet.account-central.com/ebanking/logon/index.php]
--------------------
Thank you for your time,
RegionsNETŠ Billing Department.
### END EMAIL ###
