(function() { (function(){function c(a){this.t={};this.tick=function(a,c,b){var d=void 0!=b?b:(new Date).getTime();this.t[a]=[d,c];if(void 0==b)try{window.console.timeStamp("CSI/"+a)}catch(l){}};this.tick("start",null,a)}var a;if(window.performance)var e=(a=window.performance.timing)&&a.responseStart;var h=0=b&&(window.jstiming.srt=e-b)}if(a){var d=window.jstiming.load;0=b&&(d.tick("_wtsrt",void 0,b),d.tick("wtsrt_","_wtsrt", e),d.tick("tbsd_","wtsrt_"))}try{a=null,window.chrome&&window.chrome.csi&&(a=Math.floor(window.chrome.csi().pageT),d&&0=c&&window.jstiming.load.tick("aft")};var f=!1;function g(){f||(f=!0,window.jstiming.load.tick("firstScrollTime"))}window.addEventListener?window.addEventListener("scroll",g,!1):window.attachEvent("onscroll",g); })();

Sunday, February 18, 2007

Phishing from the Ghetto

I got yet another phishing email today:

Strange thing about this one though, the "click here" linked to a site hosted by an American company; Global Net Access, LLC. I ran another whois search of the bogus site linked in the email, and got this info:

Created On:24-Feb-2006 04:34:44 UTC
Registrant Name:Monte Wolfe
Registrant Organization:[empty]
Registrant Street1:422 Butternut Street NW Apt #13
Registrant City:Washington
Registrant State/Province:DC
Registrant Postal Code:20012
Registrant Country:US
Registrant Phone:+1.2022914599
Registrant Phone Ext.:1111
Registrant FAX:+1.2022914599
Registrant FAX Ext.:
Registrant Email:mjw_mjb@yahoo.com
Admin Name:Monte Wolfe
Admin Email:mjw_mjb@yahoo.com

Due to the wonders of the Interwebs, we can see this:

Sho' nuff looks like da' hood to me. Maybe I'm being too judgmental though, and maybe Banko de America has changed the location of their corporate offices to better underrrrstaaaaand their new customer base?

I decided to send an email to GNAX about this:

To Whom It May Concern:

Today I received an obvious phishing email supposedly from Bank of America (attached is a screen shot of the email in question). The Javascript link to “Sign in to On Line Banking” links to:


according to a whois search, www.bravesoulcollective.org is hosted by your company.

If you wish additional information, I would be happy to forward you this email, or send you the HTML source.


Thomas Masterson

It will be interesting to see if the hosting company does something about these criminals.



Anonymous mod said...

It's amazing to me, these bogus bank emails. They obviously put a lot of effort into making them seem legit, but EVERY single one I've seen has typos. This one is no exception:

"Your account might be place on restricted status."

"...meaning that you may no longer send money from your account until you have reactive your billing information on file."

Its unbelievable. If you are going to try to pull something like this off, the LEAST you could do is proof read.

2/18/2007 1:37 PM  

Post a Comment

Links to this post:

Create a Link

<< Home