Design Build Test Repeat

Voluntarily cast upon the waves of outrageous fortune, this lowly geek flops from peak to peak of the technological ocean. Linux, Windows, C, Ruby, Python and embedded systems all attempt to pull our stalwart hero down. Will he survive alone or will the lifeboat of corporate servitude be too tempting.

AIB Phishing attempt or just stupid use of email

Posted by Diarmuid on June 9, 2009

I just got an email from what purports to be Allied Irish Banks p.l.c. , <info@aib.ie> , with a reply address of do-not-reply@aib.ie. with a subject of “Internet Banking Update” .

AIB Email

AIB Email

There is indeed a new look website that has been up for a few weeks, but asking to download a form and follow instructions raised alarm bells.

The attached form is an HTML page containing loads of image and script links back to the AIB wensite, but teh critical line is the form submit which points at http://212.34.134.245/webmail/themes/tmp/index.php.

The Geo IP report on teh ip address suggests it is a Madrid based computer.

Geo IP Report

Geo IP Report

The actual HTML form looks like this

AIB Phishing form

AIB Phishing form

If you put in rubbish values, the javascript throws a series of errors and the form also expects that all the security codes are filled in. This is of course because AIB requires the use of a 1 time only card for funds transfers.

All in all a pretty basic attempt a social engineering, but all the same it would probably get quite a few people.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: