Friday, November 17, 2017

System Upgrade (Standard Bank Phishing)

Dear Valued Customer,

ACCOUNT E-MAILS ALERT

We’re sorry to inform you that we are unable to verify your account identity. In order to protect the security of your account.

We have terminated your ATM account banking session.

In order to resolve this situation,

We implore you to click on the SECURE link below to CONFIRM any possible findings.

http://bebesysalud.com/wp-includes/pomo/numsurver.php

Thank you for choosing Standard Bank.

Standrad Bank Team.

Email analysis :

NOTE : kurt.kemper@dfafrica.co.za
NOTE : info@Standarddbank.co.za
NOTE : Received : from null (za-sl-23.za.mimecast.lan [10.32.36.72]) (Using TLS)
NOTE : by za-smtp-1.mimecast.co.za

Phishing screenshot :


Phishing analysis :

CLICK : http://bebesysalud.com/wp-includes/pomo/numsurver.php
SCREENSHOT :


NOTE : Standard Bank Phishing

Account status has been changed (invoice 02574) (PayPal Phishing)

Dear PayPal Customer ,

We detected something unusual about a recent sign-in for the PayPal account . For example, you might be signing in from a new location, device, or app.

To help keep you safe, we've blocked access to your PayPal account , Billing Info, and calendar for that sign-in. Please review your recent activity and we'll help you take corrective action. To regain access, you'll need to confirm that the recent activity was yours.

Review recent activity

Thanks,
The PayPal account team

Copyright© 1996-2017 PayPal.com, Inc. All right reserved

Email analysis :

NOTE : support@vweb12.nitrado.net
NOTE : Received : by vweb12.nitrado.net

Phishing screenshot :


Phishing analysis :

CLICK : Review recent activity
OPEN : www.update-service.clanonzj.beget.tech/
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/login.php?cmd=_account-details&session=*
SCREENSHOT :


NOTE : FILL FAKE INFO
REDIRECT : http://www.update-service.clanonzj.beget.tech/*/Billing.php?cmd=_account-details&session=*&dispatch=*
SCREENSHOT :


NOTE : PayPal Phishing

Verify Your PayPal Account! (PayPal Phishing Attempt)

Dear PayPal user,

This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours. Your account has been frozen temporarily in order to protect it.

To proceed to confirm your account information please click on the link below and follow the instructions that will be required.This will help protect you in the future. The process does not take more than 3 minutes.

Confirm your account

Click here to verify

Once you have updated your account records, your information will be confirmed and your account will start to work as normal once again.

Sincerely,
PayPal Account Review Department
(Case ID #PP-003-498-237-832)

Email analysis :

NOTE : sal.moncalieri@engim.it
NOTE : Received : from zimbra.engim.it (zimbra.engim.it [192.168.67.112])

NOTE : 192.168.67.112

Phishing screenshot :


Phishing analysis :

CLICK : Click here to verify
OPEN : http://rederswhitesincs.com/secure_pp
RESULT : PayPal Phishing attempt