Good Afternon All, It should be noted that there are two quite separate issues here: Issue One: A company has registered "stgeorgewestpac.com.au" which may be in breach of policy. Issue Two: A phisher has used the domain name "stgeorgewestpac.com.au" as a "From:" email address in a phish email. I have not seen any evidence that connects: A: the company who registered the domain name "stgeorgewestpac.com.au" with B: the entity that sent the phish email below. The nature of the email standards (SMTP) means that phishers can fake the "From:" email messsage field to be any domain name of their choosing. Therefore, without evidence demonstrating a link between the two, the company which registered "stgeorgewestpac.com.au" and the phisher are NOT the same entity. Regards Josh -- http://josh.id.au/ On Sun, Oct 26, 2008 at 12:38:48AM +1100, Ian Smith wrote: > I won't include the whole message as it's in HTML, text version below, > but the headers and the actual phishing links are quite interesting. > > I guess many people wouldn't think 'X-Mailer: Spammer 2007' a clue :) > > Here are the phishing links, de-HTMLised for your viewing pleasure: > > "http://stockroutes.info/crm/jscalendar/lang/online.westpac.com.au/esis/Login/SrvPage/" > Westpac Clients Click Here > > "http://stockroutes.info/crm/jscalendar/lang/www.stgeorge.com.au/InternetBanking/welcome.jsp/" > St.George Clients Click Here > > The logo links are to the actual St George and Westpac sites. > > What I find fascinating is that someone could register a domain called > 'stgeorgewestpac.com.au' without anybody raising an eyebrow, since May > this year. > > I'm sure you all know how to look up who registered it, and we can all > ponder the 'close and substantial'ness of 'A.C.N. 123 970 418 PTY LTD' > > Is our slather open enough yet? > > cheers, Ian > > ---------- Forwarded message ---------- > Return-Path: <custoersmessage§stgeorgewestpac.com.au> > Received: from designsbs-01 (CPE-61-9-248-65.static.wa.bigpond.net.au > [61.9.248.65]) > by sola.nimnet.asn.au (8.14.2/8.14.2) with SMTP id m9PCSqsa009152 > for <smithi§nimnet.asn.au>; Sat, 25 Oct 2008 23:28:58 +1100 (EST) > (envelope-from custoersmessage§stgeorgewestpac.com.au) > Message-Id: <200810251228.m9PCSqsa009152§sola.nimnet.asn.au> > From: Stgeorge & Westpac Group <custoersmessage§stgeorgewestpac.com.au> > To: smithi§nimnet.asn.au > Subject: Notification To All St.George/Westpac Clients > Date: Sat, 25 Oct 2008 20:28:58 +0800 > X-Mailer: Spammer 2007 [snip-snip]Received on Mon Oct 27 2008 - 00:41:38 UTC
This archive was generated by hypermail 2.3.0 : Sat Sep 09 2017 - 22:00:09 UTC