En ce qui concerne les informations relatives à votre compte bancaire:
Cher client:
Notre systeme a detecte que vous n'avez pas active Pass securite (Societe Generale):
Decouvrez Le Pass Securite
Afin de prevenir l'utilisation frauduleuse des cartes bancaire sur Internet, Societe Generale est dotee d'un dispositif de controle des paiements. Ce service est entierement gratuit.
Cliquez ici Pour activez ce service
Merci pour choisire SOCIETE GENERALE!
Copyright ©2017 Societe Generale. Tous droits réservés.
Numéro d'immatriculation FSASociete Generale: 226056.
Mon compte
Téléphone
Facebook
Instagram
Twitter
Pinterest
Youtube
Magazine
MENTIONS LÉGALES
PROTECTION DES DONNÉES
CGV
SE DÉSINSCRIRE DE LA NEWSLETTER
Phishing screenshot :
Email analysis :
NOTE : kaizenqm@telus.net
NOTE : Cmm-Sender-Ip : 209.171.16.90
NOTE : X-Mailer : Zimbra 8.6.0_GA_1211 (zclient/8.6.0_GA_1211)
NOTE : Received : from mtlp000003.email.telus.net ([172.20.100.250])
Phishing analysis :
CLICK : Cliquez ici Pour activez ce service
OPEN : http://kombiringen.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/
REDIRECT : http://www.goingesten.se/wp-content/theme/*/service.php?*
RESULT : Phishing Société Générale
Monday, July 31, 2017
Votre-Paiement-En ligne (Phishing attempt)
Bonjour,
Afin de prévenir l'utilisation frauduleuse des cartes bancaires Internet,
Votre Service Générale, est dotée d'un dispositif de controle des paiements.
Ce service est entierement gratuit Notre Systeme a detecte que vous n'avez pas active -Pass-Service-sécurite
Service sécurite
Banque-Générale
Nous vous remercions de votre Confiance.
Cordielement
Email analysis :
NOTE : INFO@news.promovacances.com
NOTE : Received : by footcenter.fr (Postfix, from userid 33)
NOTE : Received : from footcenter.fr ([165.227.79.193])
NOTE : X-Php-Originating-Script : 0:nel.php
NOTE : Message-Id : < *.*@footcenter.fr >
NOTE : Votre-Paiement-En ligne
Phishing screenshot :
Phishing analysis :
CLICK : Service sécurite
OPEN : http://sirlwad.gear.host/s52.html
SCREENSHOT :
RESULT : Phishing attempt.
Information about this phishing
SCRIPT : nel.php
HACKED RELAY : footcenter.fr
OPEN REDIRECT : sirlwad.gear.host
SPOOFED EMAIL : INFO@news.promovacances.com
PHISHING : Société Générale
Afin de prévenir l'utilisation frauduleuse des cartes bancaires Internet,
Votre Service Générale, est dotée d'un dispositif de controle des paiements.
Ce service est entierement gratuit Notre Systeme a detecte que vous n'avez pas active -Pass-Service-sécurite
Service sécurite
Banque-Générale
Nous vous remercions de votre Confiance.
Cordielement
Email analysis :
NOTE : INFO@news.promovacances.com
NOTE : Received : by footcenter.fr (Postfix, from userid 33)
NOTE : Received : from footcenter.fr ([165.227.79.193])
NOTE : X-Php-Originating-Script : 0:nel.php
NOTE : Message-Id : < *.*@footcenter.fr >
NOTE : Votre-Paiement-En ligne
Phishing screenshot :
Phishing analysis :
CLICK : Service sécurite
OPEN : http://sirlwad.gear.host/s52.html
SCREENSHOT :
RESULT : Phishing attempt.
Information about this phishing
SCRIPT : nel.php
HACKED RELAY : footcenter.fr
OPEN REDIRECT : sirlwad.gear.host
SPOOFED EMAIL : INFO@news.promovacances.com
PHISHING : Société Générale
Camelot
You have Won $680,000
Email analysis :
NOTE : camelot.group@gmx.co.uk
NOTE : Received : from [192.168.0.100] (unknown [43.240.7.1])
NOTE : by spamwall.quilmes.gov.ar (Postfix)
NOTE : Received : from spamwall.quilmes.gov.ar
NOTE : (spamwall.quilmes.gov.ar. [190.120.191.6])
NOTE : The quilmes.gov.ar server was hacked to relay this scam.
NOTE : @QuilmesMuni was contacted
Email analysis :
NOTE : camelot.group@gmx.co.uk
NOTE : Received : from [192.168.0.100] (unknown [43.240.7.1])
NOTE : by spamwall.quilmes.gov.ar (Postfix)
NOTE : Received : from spamwall.quilmes.gov.ar
NOTE : (spamwall.quilmes.gov.ar. [190.120.191.6])
NOTE : The quilmes.gov.ar server was hacked to relay this scam.
NOTE : @QuilmesMuni was contacted
Thursday, July 27, 2017
Urgent sunTrust Confirmation
We have updated your contact information
For details about what changed, sign on to Messages and Alerts. To view the updates, or make additional updates, sign on to update your contact information.
1. If you did not make this request online, by phone, or at a Suntrust store, please sign on immediately . We are available 24 hours a day, 7 days a week.
Please update and verify your information by clicking the link below:
To view the updates
If your account information is not updated within 72 hours then your ability to access your account will become restricted.
Fraud Prevention Unit
Legal Advisor
Suntrust Bank
Email analysis :
NOTE : spam@petofisopron.hu
NOTE : Received : from [205.209.150.138] (205.209.150.138)
NOTE : by psrv01.petofisopron.hu (192.168.0.3)
Phishing analysis :
CLICK : To view the updates
OPEN : http://deliaujica.com/css/images/sunTrust/sun/validation/
RESULT : Phishing was removed.
For details about what changed, sign on to Messages and Alerts. To view the updates, or make additional updates, sign on to update your contact information.
1. If you did not make this request online, by phone, or at a Suntrust store, please sign on immediately . We are available 24 hours a day, 7 days a week.
Please update and verify your information by clicking the link below:
To view the updates
If your account information is not updated within 72 hours then your ability to access your account will become restricted.
Fraud Prevention Unit
Legal Advisor
Suntrust Bank
Email analysis :
NOTE : spam@petofisopron.hu
NOTE : Received : from [205.209.150.138] (205.209.150.138)
NOTE : by psrv01.petofisopron.hu (192.168.0.3)
Phishing analysis :
CLICK : To view the updates
OPEN : http://deliaujica.com/css/images/sunTrust/sun/validation/
RESULT : Phishing was removed.
Wednesday, July 26, 2017
Agence ClientèIe SBE : RappeI (Phishing Bred)
Cher(e) Client(e),
Votre conseiller vous informe que vousiavezireçuiunimessageoimportant
conçernantivotreiE-Code.
tVotre accès en ligne
Cordialement
Votre Banque
ic
Email analysis :NOTE :
NOTE : laempresadelexito.com@emails.afm-telethon.fr
NOTE : laempresadelexito.com
NOTE : X-Php-Originating-Script : 0:tmsir.php
NOTE : Received : by emails.afm-telethon.fr (Postfix, from userid 33)
NOTE : Received : from emails.afm-telethon.fr ([165.227.14.87])
NOTE : emails.afm-telethon.fr@emails.afm-telethon.fr
Phishing screenshot :
Phishing analysis :
CLICK : tVotre accès en ligne
OPEN : http://laempresadelexito.com/BredEcode
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/phone.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/sms.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/done.php?tok=*
REDIRECT : https://www.bred.fr/index.html
Conclusion :
Victim : BRED
Spoofed service : emails.afm-telethon.fr
Location of the Open redirect : laempresadelexito.com
Location of the Phishing : metaltripshop.com
Votre conseiller vous informe que vousiavezireçuiunimessageoimportant
conçernantivotreiE-Code.
tVotre accès en ligne
Cordialement
Votre Banque
ic
Email analysis :NOTE :
NOTE : laempresadelexito.com@emails.afm-telethon.fr
NOTE : laempresadelexito.com
NOTE : X-Php-Originating-Script : 0:tmsir.php
NOTE : Received : by emails.afm-telethon.fr (Postfix, from userid 33)
NOTE : Received : from emails.afm-telethon.fr ([165.227.14.87])
NOTE : emails.afm-telethon.fr@emails.afm-telethon.fr
Phishing screenshot :
Phishing analysis :
CLICK : tVotre accès en ligne
OPEN : http://laempresadelexito.com/BredEcode
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/
SCREENSHOT :
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/phone.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/sms.php?tok=*
VALIDATE : FORM
REDIRECT : http://www.metaltripshop.com/metaltripshop/app/code/community/Mage/Sales/Model/Convert/Model/brlogin/brlogin/*/done.php?tok=*
REDIRECT : https://www.bred.fr/index.html
Conclusion :
Victim : BRED
Spoofed service : emails.afm-telethon.fr
Location of the Open redirect : laempresadelexito.com
Location of the Phishing : metaltripshop.com
Subscribe to:
Posts (Atom)