Raiffeisen Bank Romania Phishing Email
Written by Vlad on April 8, 2009 – 10:51 amThis doesn’t look quite right, why would a bank (where BTW I have no card/account) ask me to fill in an attached form?
Datorita atacurilor de tip PHISHING tot mai des intalnite,
Departamentul de Securitate Raiffeisen Online a demarat o noua actiune
impotriva atacurilor informatice. Utilizatorii Raiffeisen Online sunt
verificati intr-o ordine aleatorie. Va rugam sa urmati indicatiile
fisierului atasat email-ului, acordand cateva minute securitatii contului
dumneavoastra.Va asiguram ca Raiffeisen Bank are pregatit un set de masuri rapide pentru
blocarea acestor tentative de frauda, intervenind promt pentru limitarea
efectelor si dezactivarea cat mai rapida a acestor site-uri. Puteti urmari
site-ul bancii pentru a vedea alertele privind raportarea unor atacuri de
phishing.Va multumim pentru intelegere.
Now on to the headers:
Received: by 10.216.72.9 with SMTP id s9cs19158wed;
Tue, 7 Apr 2009 22:06:32 -0700 (PDT)
Received: by 10.216.50.76 with SMTP id y54mr219469web.70.1239167192145;
Tue, 07 Apr 2009 22:06:32 -0700 (PDT)
Return-Path: <office@rzb.ro>
Received: from mailsrv01.redoute.pt (mail.redoute.pt [194.65.115.50])
by mx.google.com with SMTP id u14si17682391gvf.7.2009.04.07.22.06.25;
Tue, 07 Apr 2009 22:06:32 -0700 (PDT)
Received-SPF: fail (google.com: domain of office@rzb.ro does not designate 194.65.115.50 as permitted sender) client-ip=194.65.115.50;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of office@rzb.ro does not designate 194.65.115.50 as permitted sender) smtp.mail=office@rzb.ro
Received: from User ([203.126.163.180]) by mailsrv01.redoute.pt with Microsoft SMTPSVC(6.0.3790.3959);
Wed, 8 Apr 2009 06:09:45 +0100
From: "Raiffeisen Online"<office@rzb.ro>
Subject: Noi masuri de securitate [Utilizator: 510-29401]
Date: Wed, 8 Apr 2009 13:01:32 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0026_01C2A9A6.69829382"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Bcc:
Return-Path: office@rzb.ro
Message-ID: <MAILSRV01MDm1wYsYPb000008df@mailsrv01.redoute.pt>
X-OriginalArrivalTime: 08 Apr 2009 05:09:45.0843 (UTC) FILETIME=[3BBF9430:01C9B808]
This is a multi-part message in MIME format.
------=_NextPart_000_0026_01C2A9A6.69829382
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
[...]
------=_NextPart_000_0026_01C2A9A6.69829382
Content-Type: application/octet-stream;
name="Formular Verificare Utilizator Online.html"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="Formular Verificare Utilizator Online.html"
...
The attached file is a JS-encoded web page which asks for your card, CVC, username, pass and submits them to ruinair.se where the data is saved and the user redirected to an official Raiffeisen Bank page.
Beware!
Related posts
Posted in articles | No Comments »
Subscribe to 
