ANZ Phishing Email

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
Post Reply
kjbasiljohn
Members
Posts: 1
Joined: Tue Jul 07, 2015 1:59 am
First Name: Basil

ANZ Phishing Email

Post by kjbasiljohn » Tue Jul 07, 2015 2:47 am

I have received following email. It is a phishing email.

Dear Customer

Great benefits and deals just for banking with us!
Activate your accumulative reward points of your spending with your Cards. Join the Rewards Programme.

Click below to activate your points, your account will be credit on your monthly statement.
Activate Here ( http://mattjanisse.com/xmlfiles/00inpact797.php/ )

Sincerely,
ANZ Reward Services

User avatar
digidog
Site Admin
Posts: 15008
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: ANZ Phishing Email

Post by digidog » Tue Jul 07, 2015 3:07 am

Hi Basil -- welcome to ScamBusters and the wonderful world of phishing emails.

There must be thousands of little scammers hunched over laptops somewhere in the world, judging by the sheer number of phishing emails we see these days. It's got to the stage where we only list them here when something about the email is unique, such as a new variant on the theme. Here's how I now treat all phishing emails.

1. Report them to SpamCop - they track scam email sources and help to compile blacklists of "bad" email addresses. These blacklists are used by ISPs worldwide to filter out spam. When I'm filing SpamCop reports I also copy the bank's abuse department into the report by adding abuse@(name of bank).co.nz into the box at the bottom. It's handy for the bank to know when a phishing site is targeting them and they have fraud officers who usually get the site taken down pretty quickly.

2. Report them to Google - if you're using Firefox it's easy... when you're viewing the phishing page, just click on the Help menu then Report Web Forgery.

While we're never going to eliminate this sort of spam, at least we can make it harder for the bad guys wherever possible.

Thanks for your input.

User avatar
Foggyone
Site Admin
Posts: 9881
Joined: Sat May 22, 2004 8:16 pm
First Name: Peter
Location: Lower Hutt
Contact:

Re: ANZ Phishing Email

Post by Foggyone » Tue Jul 07, 2015 9:51 pm

When the address devolves to http://chuckscroggs.com it's pretty obvious to the wary that this is bogus.

However, there are plenty of inexperienced or people that don't check who could be caught.

The site is now being flagged as a Web Forgery in Firefox.

Chuck Scroggs site runs
Apache web server
Joomla 1.5 CMS (seriously out of date)
Mootools Javascript framework
PHP 5.3.1.3 (Not the latest version)
SWFObject (open-source JavaScript library used to embed Adobe Flash content onto Web pages)
Youtube video player

Additionally, the url in the email goes to http://mattjanisse.com, this site is not well secured (see http://mattjanisse.com/xmlfiles/ ). This site is being used to forward to chuck scroggs. Now that chucks page is flagged the scammer only needs to change the forwarder to the next site to have the emails work again.

So, this phish is using two hacked sites.

To look at the software being used on a site use Firefox browser and wappalyzer add on.
Google, the answer to so many questions!
-----------------------------------------------------

User avatar
digidog
Site Admin
Posts: 15008
Joined: Wed May 05, 2004 2:25 am
First Name: Alfie
Location: Otago
Contact:

Re: ANZ Phishing Email

Post by digidog » Wed Jul 08, 2015 8:52 pm

Further to Foggy's analysis, a glance at the site's front page shows that this is a neglected area of the internet. The 'news' items run from January to February 2011, and the site has languished, unloved, ever since. A perfect target for hackers.

ionet
Members
Posts: 2156
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: ANZ Phishing Email

Post by ionet » Tue Sep 15, 2015 9:29 am

_

14.9.2015:

3 Log on Phishes:


Phishing Site:

Be careful - this phishing site may still be active:


http://civilwarstuff.com/lile/6/login.htm

http://civilwarstuff.com/lile/15/login.htm


11.9.15:

Phishing Site:


Be careful - this phishing site may still be active:


http://mailanzsecure.medicalsupplyline.com/login.htm


9.9.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://newfoundmarketing.ca/nz4/anz/login.htm


http://www.thai3d.net/posttukphut/aspx.htm


http://best-laundry.net/check/9/Anz/zooka/love10.php



6.9.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://bioeden.cl/xx/2/login.htm



28.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://yamdecky.com/knw/12/www.anz.co.nz/index.htm


27.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://amotriallawyers.com/niag/www.anz ... /index.htm



26.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://johnnyjustcum.com/lng/vi/index.htm

http://johnnyjustcum.com/vpn/vii/index.htm


25.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://johnnyjustcum.com/securednz/Latest%20Anz%20NZ


17.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://almaz-36.ru/wp-includes/images/redir.php


16.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://lushcarolplc.com/x/2/index.htm

http://lushcarolplc.com/anz/7/www.anz.co.nz/index.htm



12.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://robertsonsuperspar.co.za/wp-admi ... ir-anz.php


7.8.15:


Phishing Sites:


Be careful - these phishing sites may still be active:


http://srcivil.co.za/op/index.htm



M

_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

ionet
Members
Posts: 2156
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: ANZ Phishing Email

Post by ionet » Sat Jan 16, 2016 5:26 am

_

From: ANZ Transactive
Subject: ANZ Transactive website changes


Dear Customer,

We would like to announce that the design of our website is going to change in the nearest future. The final changes will be applied on Monday, 18 of January 2016. Until the end of this week you can review the upcoming changes.
While mostly everything will function the same, the look and feel of our website will change.
We understand that this can be an adjustment so we have prepared some frequently asked questions for you to review.


1. Will this redesign affect any of my saved bookmarks?
Yes, all pages other than http://www.transtasman.online.anz.com/client/ will need to be re-bookmarked as the web address will change.


2. Why did the design of the website change?
We felt it was time to refresh the look and feel of ANZ Transactive. You’ll see this new look across all marketing collateral.


3. Does the way I sign into my account change?
No, the way you sign into your account will not change. However, we have enhanced our security system to make it more difficult for an unauthorized person to access your account.


4. I’m having issues accessing my account. What is the issue?
You’ll need to add our site to the Compatibility View List:
Click on tools
Scroll & click on compatibility view settings
Type in our address (http://www.transtasman.online.anz.com/client/)
Click add


Please email all questions or concerns to Tommy Sparrow, Marketing & Communication Specialist: Tommy.Sparrow@transtasman.online.anz.com

Phishing Site:

Be careful - this phishing site may still be active:


http://transtasmanonlime-anz.com/client

_


Scammer's Domain Name:


transtasmanonlime-anz.com[/color
]



Domain Whois:


https://1stdomains.nz/info/whois_query. ... me-anz.com


Domain Name: TRANSTASMANONLIME-ANZ.COM
Registrar: TODAYNIC.COM, INC.
Sponsoring Registrar IANA ID: 697
Whois Server: whois.todaynic.com
Referral URL: http://www.NOW.CN
Name Server: DNS1.WORK-DNS.RU
Name Server: DNS2.WORK-DNS.RU
Status: clientTransferProhibited
http://www.icann.org/epp#clientTransferProhibited
Updated Date: 13-jan-2016
Creation Date: 13-jan-2016
xpiration Date: 13-jan-2017


Domain name: transtasmanonlime-anz.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Update Date: 2016-01-13T16:00:00Z
Creation Date: 2016-01-13T20:41:59Z
Registrar Registration Expiration Date: 2017-01-13T16:00:00Z
Registrar: Todaynic.com, Inc.
Registrar IANA ID: 697
Registrar Abuse Contact Email: cs@now.cn
Registrar Abuse Contact Phone: +86.7563810552
Reseller:
Domain Status: clientTransferProhibited
http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Wilko Sleegers
Registrant Organization: n/a
Registrant Street: Djambistraat 47
Registrant City: Amsterdam
Registrant Province/state: AMSTERDAM
Registrant Postal Code: 1094 AX
Registrant Country: NL Registrant
Phone: +31.310671593115
Registrant Phone EXT:
Registrant Fax: +31.310671593115
Registrant Fax EXT:
Registrant Email: cs@now.cn



And a similarly claused scam was received on 15 Dec 2015:


Scammer's Website Link:

Phishing Site:

Be careful - this phishing site may still be active:


http://transtasmanon1ine-amz.com/client/


Domain Whois:


https://1stdomains.nz/info/whois_query. ... ne-amz.com


Domain Name: TRANSTASMANON1INE-AMZ.COM
Registrar: TODAYNIC.COM, INC.
Sponsoring Registrar IANA ID: 697
Whois Server: whois.todaynic.com
Referral URL: http://www.NOW.CN
Name Server: DNS1.555MIR.RU
Name Server: DNS2.555MIR.RU Status: clientHold
http://www.icann.org/epp#clientHold
Status: clientTransferProhibited
http://www.icann.org/epp#clientTransferProhibited
Updated Date: 15-dec-2015
Creation Date: 13-dec-2015
Expiration Date: 13-dec-2016

Domain name: transtasmanon1ine-amz.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.todaynic.com
Registrar URL: http://www.now.cn/
Update Date: 2015-12-13T16:00:00Z
Creation Date: 2015-12-13T18:37:16Z
Registrar Registration Expiration Date: 2016-12-13T16:00:00Z
Registrar: Todaynic.com, Inc.
Registrar IANA ID: 697
Registrar Abuse Contact Email: cs@now.cn
Registrar Abuse Contact Phone: +86.7563810552
Reseller:
Domain Status: clientTransferProhibited
http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientHold
http://www.icann.org/epp#clientHold
Registry Registrant ID:
Registrant Name: Zhong Sing
Registrant Organization: private
Registrant Street: Xiamen
Registrant City: Xiamen
Registrant Province/state: FJ
Registrant Postal Code: 350300
Registrant Country: CN
Registrant Phone: +86.7543203978
Registrant Phone EXT:
Registrant Fax: +86.7543203978
Registrant Fax EXT:
Registrant Email: net@now.cn
Registry Admin ID:



M

_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest