Kiwibank phishing scams

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Mon Aug 15, 2011 10:09 pm

Today's KiwiBank phishing scam appears to be aimed at a totally different type of customer...
one who speaks fluent Chinglish.
Dear Kiwibank Customer.

Additional security on our website bring unity and combined strength to our commitment
to provide exceptional banking in the New Zealand,

it's strongly required that you should Validate your logon and security Details.
 
Validate account login




This email was sent automatically please do not respond
The phishing site is unknowingly hosted on poetryandstories.com - a well-meaning but
incompetent site out of the UK.

I've notified the site owner and their hosting company.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Mon Aug 15, 2011 11:10 pm

The hosting company - Cirtex Hosting - have taken action.
I have suspended the domain http://poetryandstories.com" onclick="window.open(this.href);return false;
This is for your kind information.
That was quick.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Kiwibank phishing scams

Post by Foggyone » Mon Sep 19, 2011 1:05 am

Another in today
You have 1 secure message alert
From: "estatement.notifications@kiwibank.co.nz" <estatement@kiwibank.co.nz>
To: undisclosed-recipients:
Date: Sun Sep 18 01:26:25 2011
 

Please be advised: Your checking account no longer has overdraft coverage.
Dear Customer,
New Federal Banking regulations took effect on Sept 14, 2011, resulting in changes to your Online account. Kiwibank is no longer able to provide overdraft coverage without your authorization. Unless you update your details and contact us, all ATM and everyday debit card transactions that exceed your available account balance will be declined at the point of sale..
If you wish to reinstate your overdraft coverage, please update your account status for further verification.
Go to Kiwibank.co.nz/overdraft
Log on to your account at Kiwibank.co.nz

Status Disclosure
Kiwibank is a trading name of Kiwibank Limited. Kiwibank Bank is authorised and regulated by the Financial Services Authority. Registered in New Zealand No: 1026167.
Kiwibank Limited, Level 6, 155 The Terrace, Private Bag 39888, Wellington 5045.

RGE-E-NR
Misspelling etc highlighted.

The phish site has already been taken down.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Fri Oct 28, 2011 4:33 am

Kiwibank phishing scams have become a regular occurrence these days, but this one is worded differently
so it's worth a mention. Slated? What bank would use that word in an email?
Dear Valued Customer,

You have an incoming payment slated for your account. This transaction cannot be completed due to errors present in your account information.

You are required to click on the Logon below to fix this problem immediately.

Log On

Please do not reply to this message. For questions, please call Customer Service at the number on the back of your card.

Yours sincerely


Kiwibank,
Digital Banking Director
Care: Live phishing site
http://cgpinhaldorei.com/templates/beez ... co.nz.html" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sat Oct 29, 2011 9:56 pm

As I mentioned above, KiwiBank phishing scams are arriving in my inbox most days. But here's another
that deserves an honourable mention, purely for its wonderfully complete incompetence. Check this out.
Dear Valued Customer :

We recently have determined that different computers have logged in your Bank of America Online Banking account, and
multiple password failures were present before the logons. We now need you to re-confirm your account information to us.

If this is not completed by November 01, 2011, we will be forced to suspend your account indefinitely, as it may have been
used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank
records, we may require some specific information from you.

To restore your account, please Sign in to Online Banking.

thank you for using Kiwi Bank Online Service.

@ KiwibankNZ
It must take a while to setup a phishing scam, even if you have existing templates. You'd have to set up the actual phishing
site (this one is based in... (drum roll) Romania! You knock up the draft email, there are thousands of compromised
computers to prep so they'll send your spam and when you finally hit the "Go" button you'd want to feel sure that it was all
going to fly.

So just imagine the bad boys sitting around in a dasha on their Saturday night... counting income from previous phishes, a
few beers sitting on the table, some European soccer on the TV and Demetri hits the "Go" button. All is good.

Then one of the other scammers has a look and says, "WTF? Bank of America? KiwiBank?"

Demitri may have very recently been demoted.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Sat Nov 05, 2011 10:02 pm

I received another couple of KiwiBank phishing emails this morning. They were sent from an
Austrian educational site while the actual phishing site was in Iran. That's unusual.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Still Around

Post by Foggyone » Sat Jan 28, 2012 11:10 pm

YOUR ONLINE BANKING IS MORE SECURED
From: KIWI BANK <updates@kiwibank.nz>
To: [Deleted]
Date: Fri Jan 27 03:20:22 2012
 

Dear Esteemed Customer,
Kiwi online banking is more secured. 
We're introducing  more secured online banking to all customers in early 2012. So expect some changes-for the better. The new service will make it faster and easier to bank with us.
Kiwi Bank is currently updating its online banking measures inorder to serve you better.

You now need to update your online banking information following the link below:

Log In To update Your Customer Identity
Please Endeavour To Open Your Account Update Link using Internet Explorer 5.5 or Above .

Thank You
Customers Service
 Kiwi Bank apologises for all inconviences arising from this Notice.
Thank you for using Kiwi  Bank !
Copyright© 2012 - Kiwi Bank. All rights reserved.

Information on updating your account detail, please update to enable you switch over to the new online banking.

Link Address showing as Web Forgery

The URL http://www.comerzde.horizon-host.com/" onclick="window.open(this.href);return false; contains details of three separate phishes.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Fri Feb 24, 2012 12:07 am

Another day... another Kiwibank phishing scam. But wait... this email was sent from a NZ IP
(ggi.net) which turns out to be and A J Park IP address! For hose who don't know, A J Park is
NZ's most prominent firm of intellectual property specialists.

How embarrassing for them!

The images on the phishing site are being stripped from the actual Kiwibank server, which should
make the scam easier to disable.

CAUTION: live phishing site
http://dgl.pt/ib.kiwibank.co.nz/" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Kiwibank phishing scams

Post by digidog » Sat Feb 25, 2012 8:35 pm

Hey... use a different IP address and we'll kill your account! Yeah, right!
Dear customer,

We noticed your online banking account was logged in from a different IP address and for this reason, we have temporarily
suspended your online banking from performing future transactions.

You are kindly advice to re-validate your account by visiting our website below

CAUTION: live phishing site
http://www.vinaenco.vn/images//upload/w ... co.nz.html" onclick="window.open(this.href);return false;

If you choose to ignore our request, you will leave us no option but to permanently suspend your internet banking profile.

Warmest regard,

Kiwi Bank
The phishing site's in Venuzuela this time.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Kiwibank phishing scams

Post by digidog » Tue Mar 13, 2012 6:46 pm

They just keep coming...

Careful - live phishing site
http://user.schule.at/kiwi.htm" onclick="window.open(this.href);return false;

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: Kiwibank phishing scams

Post by Foggyone » Wed Mar 14, 2012 3:15 am

The above has a wry sense of humour. This is the form action line.
<form name="login" method="post" action="yourkeepSafekiwi.php">
Looks like he is using javascript as part of the deal (I don't know enough about javascript)
<div class="message">
<div class="ms_error">
<h2>
<img align="bottom" alt="Error!"
src="https://www.ib.kiwibank.co.nz/images/icon_ms_error.gif"/>
Sorry, javascript is required to log in!
</h2>

<p>This site requires javascript to function correctly. Please turn on javascript in your browser's settings.</p>
</div>
</div>
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Tue Mar 27, 2012 11:21 pm

Ho hum... just another Kiwibank phishing scam from a TelstraClear address (again). Or is it?
Dear Customer,

To ensure your protection, we've now blocked access to
your accounts. You now need to verify your access
online.

In order to help us reset your security quickly and
safely, we may ask you some additional questions about
your accounts.This will only take a few moments.

Verify Your Account

Thank you,
Kiwi Bank NZ
I'm sure a lot of us go to these sites and enter false data or send little personal messages to the scammers. This group
are apparently tiring of this sort of activity which is wasting their valuable time. Check out this message at the bottom
of the phishing email!
Note: For security reasons,we will record your ip-address
the date and time,deliberate wrong inputs are criminally
pursued and indicated.
Well well! If anyone is in the mood I'm sure they'd love to hear from you. ;-)

Careful: live phishing site
http://google-adwords.com.vn/wp-content ... login.html" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Fri Apr 06, 2012 10:21 pm

I've stopped logging Kiwibank phishing scams as they're so numberous, but this one is worth noting because of
the bizarre domain that's being used for the phish. Giant-elephant.com??? Honestly! Would anyone in their right
mind ever be conned into believing that Kiwibank would use that domain for their secure emails?

Careful: Live phishing site
http://www.giant-elephant.com/wp-conten ... login.html" onclick="window.open(this.href);return false;
Once again there's that same silly warning not to mess with the scammers...
Note: For security reasons,we will record your ip-address
the date and time,deliberate wrong inputs are criminally
pursued and indicated.
Oooooh... I'm shaking in my boots!

ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: Kiwibank phishing scams

Post by ionet » Wed Apr 18, 2012 5:26 am

_


Ans a 17 April 2012 phishing message:

Subject Line: transaction alert


You have a Kiwibank Internet Banking Account Alert.
To view, click on the "ACCOUNTS"
tab and then click on "Statements" to verify your transaction.
Link:

http://www.1980s-costumes.com/wp-includ ... /index.htm" onclick="window.open(this.href);return false;

Note: this phishing site may still be active - do not visit unless you know what you are doing


M
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: Kiwibank phishing scams

Post by digidog » Mon Apr 23, 2012 11:01 pm

Careful: live phishing site
http://dealpens.com/cl/backup/kiwibank.co.nz/login.html" onclick="window.open(this.href);return false;

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest