Wednesday, May 11, 2016

Vous avez un nouveau message (Phishing Fortuneo > Banque Populaire)

Bonjour,

Un nouveau Message est disponible sur votre Messagerie Fortuneo .

Pour le consulter, Veuiller Cliquez sur le lien ce-dessous:

https;//mabanque.fortuneo/fr/connexion

Cordialement,
l'équipe Fortuneo
Nous vous remercions de votre confiance.

My account | My itinerary | Unsubscribe | Privacy Policy | Customer Support
Expedia.ca sent this email and cannot receive replies via email. P.O. Box 47628, Toronto, ON, M3C 3S7, Canada.

Travel Industry Council of Ontario
In accordance with the Ontario Travel Industry Act, 2002, this page contains detailed information on the names, addresses, and registration numbers applicable to the providers of travel and ticket fulfillment services.

Ticket fulfillment services provided by:
Tour East Holidays (Canada) Inc., 15 Kern Road, Suite 9, Toronto, Ontario M3B 1S9.
TICO Registration No.: 50015827
Tour East Holiday (Canada) Inc., 2000 Peel Street, Suite 735 Montréal, QC H3A 2W5.
Quebec License No. 702246.


© 2016 Expedia, Inc. All rights reserved. Expedia, Expedia.ca, and the Airplane logo are trademarks or registered trademarks of Expedia, Inc. in the U.S. and/or other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
(EMID: MR-CM-RFD-teid4.0-issu123-test2-langEN-versX-mcidM-segaX-segbX-segmX-SID4003962-key34080121838-paid167700948-locen_CA) (MD: 20160406054400)

Phishing analysis :

CLICK : https;//mabanque.fortuneo/fr/connexion
OPEN : http://casaruralsanmiguel.com/hkr
REDIRECT : http://13.79.168.131/populaire-1/*/index.php
SCREENSHOT :


ACTION : SELECT A REGION
REDIRECT : http://13.79.168.131/populaire-1/*/index.html
SCREENSHOT :


CLICK : Valider
REDIRECT : http://13.79.168.131/populaire-1/*/bred/index.php
SCREENSHOT :


CLICK : CONNEXION
REDIRECT : http://13.79.168.131/populaire-1/*/bred/connect.php?co=*_*
SCREENSHOT :

Email analysis :

NOTE : rs@zeturf.fr
NOTE : lkhydh@zeturf.fr
NOTE : X-Mailer : PHPMailer [version 1.73]
NOTE : Received : from l3ez.entercloudsuite.local ([185.48.33.67])

No comments:

Post a Comment