Design Build Test Repeat

Voluntarily cast upon the waves of outrageous fortune, this lowly geek flops from peak to peak of the technological ocean. Linux, Windows, C, Ruby, Python and embedded systems all attempt to pull our stalwart hero down. Will he survive alone or will the lifeboat of corporate servitude be too tempting.

AIB Phishing attempt or just stupid use of email

Posted by Diarmuid on June 9, 2009

I just got an email from what purports to be Allied Irish Banks p.l.c. , <> , with a reply address of with a subject of “Internet Banking Update” .

AIB Email

AIB Email

There is indeed a new look website that has been up for a few weeks, but asking to download a form and follow instructions raised alarm bells.

The attached form is an HTML page containing loads of image and script links back to the AIB wensite, but teh critical line is the form submit which points at

The Geo IP report on teh ip address suggests it is a Madrid based computer.

Geo IP Report

Geo IP Report

The actual HTML form looks like this

AIB Phishing form

AIB Phishing form

If you put in rubbish values, the javascript throws a series of errors and the form also expects that all the security codes are filled in. This is of course because AIB requires the use of a 1 time only card for funds transfers.

All in all a pretty basic attempt a social engineering, but all the same it would probably get quite a few people.


One Response to “AIB Phishing attempt or just stupid use of email”

  1. Excellent write up!u00a0I was looking for successfulu00a0implantations of ESXi on custom built machines. u00a0u00a0I actually stumbled upon this becau Click

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: