AIB Phishing attempt or just stupid use of email
Posted by Diarmuid on June 9, 2009
I just got an email from what purports to be Allied Irish Banks p.l.c. , <email@example.com> , with a reply address of firstname.lastname@example.org. with a subject of “Internet Banking Update” .
There is indeed a new look website that has been up for a few weeks, but asking to download a form and follow instructions raised alarm bells.
The attached form is an HTML page containing loads of image and script links back to the AIB wensite, but teh critical line is the form submit which points at http://126.96.36.199/webmail/themes/tmp/index.php.
The Geo IP report on teh ip address suggests it is a Madrid based computer.
The actual HTML form looks like this
All in all a pretty basic attempt a social engineering, but all the same it would probably get quite a few people.