ASB phishing scams

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

ASB phishing scams

Post by digidog » Mon Apr 25, 2011 12:28 am

From: "ASB Bank"<email.service@asbbank.co.nz>
To: undisclosed-recipients:;
Subject: {Spam?} You have 1 important message alert

You have 1 new Security Mail Message Alert!

Log In into your account to resolve the problem.

Click here to Log In
The link leads to...

Beware: live phishing site
http://www.spinalresource.com/inc/emoti ... access.php" onclick="window.open(this.href);return false;

Google is already on the case warning FireFox users of the scam.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ASB phishing scam

Post by Foggyone » Mon Apr 25, 2011 3:15 am

Looks like the phish has bitten the dust.

Comprised of four files which I grabbed.
index.htm
processing.php
confirm.php
finish.php
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Mon Jun 13, 2011 8:10 pm

This morning's ASB phish relies on an image hosted at Imageshack.

[image subsequently removed by ImageShack]

The actual phishing code is on an educational server in Taiwan.

Careful: live phishing site
http://IP-88-9.cs.nctu.edu.tw/aviranortondefender.html" onclick="window.open(this.href);return false;

Interestingly, the phishing email came from an Xtra account.

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Wed Jun 15, 2011 9:34 pm

Another day... another three ASB phishing emails. All of these came from the same
compromised Xtra IP address - 210.86.29.152 - I would have expected Xtra to have
taken action by now lest they find that entire IP range on blacklists.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Makes You Laugh

Post by Foggyone » Wed Jun 15, 2011 10:37 pm

The latest ASB phish is funny. They have cocked up the coding somehow. The login appears at http://ip-88-9.cs.nctu.edu.tw/aaviranortondefender.html" onclick="window.open(this.href);return false; but the required file poste.php is incorrect..

They won't drum up much business with quality Labour Party like coding.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Thu Jun 16, 2011 10:58 pm

Today's two ASB phishing emails have a slight variation.
Dear valued customer,

You need to renew your phone number as soon as possible as our system will auto close your
online account for a period of time for security purposes.
The link goes to a Hungarian warez site which redirects to
http://asb.co.nz.logonuser.update-verif ... /login.php" onclick="window.open(this.href);return false;
Caution: live phishing site

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Thu Jun 16, 2011 11:01 pm

I've now received FOUR copies of this phish, all to the same email address. I'm not sure
if the scammers think that by filling my inbox they will motivate me to click on their link
or what. Personally I think that it would alert most people to the fact they're being
scammed.

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ASB phishing scams

Post by Foggyone » Thu Jun 16, 2011 11:11 pm

The link above now drops one onto ASB page.

Shamefully, the page DOES NOT COMMENT ON THE FACT YOU HAVE JUST VISITED A PHISHING PAGE.
The only indication that you have had a near miss is:
You have entered an invalid Fastnet Access Code or password.
Please try again.
That's astoundingly remiss of the ASB.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ASB phishing scams

Post by Foggyone » Sun Aug 14, 2011 2:22 am

Two in, both identical, to the same url. Both caught in spam trap.
ASB Bank - Important Message !
From:
ASB Bank <service@asb.co.nz>
To:
Date:
Sat Aug 13 13:58:56 2011
 
ASB Bank



Dear ASB Bank Customer,
Our Technical Service department has recently updated our online services, due to this upgrade we sincerely call your attention to follow below link and reconfirm your online account details. Failure to confirm your ASB Bank account details will permanently suspend you from accessing your account online.

Extreme Care - Live Phishing Site!
Click Here


We use the latest security measures to ensure that your ASB Bank account is safe and secure. The administration asks you to accept our apologies for the inconvenience caused and expresses gratitude for cooperation



Thanks for choosing ASB Bank
ASB Bank Customer Service



© Copyright 2011 ASB Bank, Inc., All rights reserved.
After you have entered your access code and password you are asked to wait for about three minutes. I wonder if the crooks access your account in that time?

There are a whole bunch of javascripts here for this site.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Another ASB Phish

Post by Foggyone » Wed Aug 17, 2011 8:04 am

ASB Bank - Important Message !
From:
ASB Bank <no-reply@asb.co.nz>
To:
Date:
Wed Aug 17 10:10:39 2011
 
ASB Bank



Dear ASB Bank Customer,
Our Technical Service department has recently updated our online services, due to this upgrade we sincerely call your attention to follow below link and reconfirm your online account details. Failure to confirm your ASB Bank account details will permanently suspend you from accessing your account online.

Extreme Care - Live Phishing Site
Click Here


We use the latest security measures to ensure that your ASB Bank account is safe and secure. The administration asks you to accept our apologies for the inconvenience caused and expresses gratitude for cooperation



Thanks for choosing ASB Bank
ASB Bank Customer Service



© Copyright 2011 ASB Bank, Inc., All rights reserved.
Entering Access Code & Password drops you straight through to ASB Privacy Page.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Yeah - Right!

Post by Foggyone » Tue Nov 15, 2011 2:45 am

ASB Bank will add 35.00 NZD credit to your account just for taking part in our quick 5 question survey. It`s fast and easy!
Choose one question from each list below.

Have you recently noticed changes to ASB Bank Online web page surfing speed?

How would you rate ASB Bank Online Website?

Are you happy with the services ASB Bank provides compared with other banks?

In the last 6 months have you considered changing banks?

Overall, How Satisfied are you with ASB Bank?





Personal Information


First Name
Middle Name

Last Name
E-mail Address
name@email.com
Address
Suburb

City

Postal Code


Mother's Maiden Name

Date of birth
0 0 19 mm/dd/yyyy
Driver's License Number
5b Code

Debit Card


Card Number

Expiration Date
/ 20 mm/yyyy
Cvv Number


Credit Amount AUD 35.00
See the mistake?


NZ$35 ==>> AUD35.00

Sends your cc details to http://adsl-065-013-233-177.sip.clt.bel ... /index.php" onclick="window.open(this.href);return false;
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Mon Nov 28, 2011 3:55 am

Here's another variation on the ASB phishing scam that's so badly written it's worth recording.
Dear Online Holder,

Your account was thoroughly used to the abuse of our service
It determine a true owner to adhere the simple instruction given below to re-gain online access.

Click here to Login and confirm in one simple step.


Thank you
© 2011 ASB Bank Limited.
The moral must be, if you're going to the trouble to set up a phish, don't use Google translate to knock
out your email text. Sheeesh!

Caution: live phishing site
http://adultnews.imhost.com/wp-content/ ... ol/asb.htm" onclick="window.open(this.href);return false;

User avatar
Foggyone
Site Admin
Posts: 9880
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

In Yesterday ... Still Live

Post by Foggyone » Sun Dec 18, 2011 7:54 pm

This one turned up yesterday.
Customer Care: Notification
From: ASB Bank <asb-fastnet@clear.net.nz>
To:
Date: Sun Dec 18 15:33:53 2011
Attachments: 
 ASB - New Notification.htm
 
Please read the Notification attached below for changes that impact your ASB FastNet account activity
The phish is in an attached document...

Dear ASB FastNet Customer,

We are currently performing a full customer database backup, to improve our security measures and reduce the number of inactive accounts. Please follow the link provided in this message and confirm your personal information.

Confirm your information now>>

Your account will be limited and eventually deleted if not confirmed within the next 24 hours. We apologize for any inconvenience this may have caused.

© 2011 ASB Bank Limited. All Rights Reserved.
Care: Link is Live!

Interestingly, this shows as coming from IP 202.78.138.12 which is a NZ Telstra Clear IP.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: ASB phishing scams

Post by digidog » Wed Mar 14, 2012 9:27 pm

Dear Customers,

We detected irregular activity on your ASB Bank account on 14/03/2012. For your protection,
you must update your details before you can continue using your online banking. Please visit
the ASB Bank website in this message and validate your details on our new server.

As a result, we require you to confirm and verify your account information by Clicking Here
and completing the confirmation process.

P.S. The Link in this message will expire within 48 hours. Netcode will be required during update.

Thank you,


© 2009 ASB Bank Ltd
Just look at the date on that copyright notice! The actual phishing site is hosted in Oz via a referal from Ghana.
How international.

Careful: Live phishing site
http://ghanaluxuryrentals.com/wp-conten ... access.php" onclick="window.open(this.href);return false;

refers to: http://www.tickets4events.com.au/images/big/LogOn.htm" onclick="window.open(this.href);return false;

User avatar
digidog
Site Admin
Posts: 15014
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Post by digidog » Thu Mar 29, 2012 1:00 am

There have been a rash of ASB phishing emails recently. I'll list them in this post rather than create a
new one each time.

Careful - these are live phishing sites
http://ipv.org.ua/asb/LogOn.htm" onclick="window.open(this.href);return false; (29 March)

http://www.geart.com.br/imagens/asb/LogOn.htm" onclick="window.open(this.href);return false; (30 March)

http://www.ajansoft.com/page/asb/LogOn.htm" onclick="window.open(this.href);return false; (3 April)

http://bluebananahair.com.au/wp-content/asb/LogOn.htm" onclick="window.open(this.href);return false; (3 April)

http://aaagraphs.com/asb/LogOn.htm" onclick="window.open(this.href);return false; (6 April)

http://www.harbigaming.com/resimler/asb/LogOn.htm" onclick="window.open(this.href);return false; (16 April)

http://mouth-media.com/asbnz/asb/LogOn.htm" onclick="window.open(this.href);return false; (20 April)

http://www.harbigaming.com/ts3/asb/LogOn.htm(17" onclick="window.open(this.href);return false; April)

They're coming in thick and fast today:

http://checkfirst.co/asb/LogOn.htm" onclick="window.open(this.href);return false; (23 April) (so far today I've received three copies of this one)
http://checkfirst.co/faq/asb/LogOn.htm" onclick="window.open(this.href);return false; (a minor directory variation)

And another two emails - the scammers are going crazy with emails today!
http://krim.org/zbbs/data/board30/asb/LogOn.htm" onclick="window.open(this.href);return false; (23 April)

http://qzworld.net/asb/LogOn.htm" onclick="window.open(this.href);return false; (24 April)

http://www.393.ch/temp_fm/393.php" onclick="window.open(this.href);return false; (24 April)

http://orzband.ru/media/asb/LogOn.htm" onclick="window.open(this.href);return false; (2 emails - 2nd May)
[These two emails came from "ASB Bak" - yeah right!]

http://varnostnavrecka.com/wp-includes/asb/LogOn.htm" onclick="window.open(this.href);return false; (3 May)

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest