Re: How to understand this "phishing" mail?

From: "a_monk" <dfox138@xxxxxxxxxxx>
Date: 16 Mar 2007 06:09:41 -0700

On Mar 16, 12:29 am, Neil W Rickert <rickert...@xxxxxxxxxx> wrote:

"a_monk" <dfox...@xxxxxxxxxxx> writes:

Lately I received a number (phishing) mails from a bank asking for
confirmation. In the message, there was a URL:

They were not from the bank. They pretended to be from the bank.

https://www1.royalbank.com/cgi-bin/rbaccess/rbunxcgi?F6=1&F21=IB&F22=...

That was probably a genuine link to Royal Bank of Canada (which owns
the domain "royalbank.com".

However, when I moved my mouse pointer to the beginning on the URL, at
the bottom of the screen, it showed the following instead.
http://163.23.70.201/http/www1.royalbank.com/cgi-bin/rbaccess/F21=IB&;...

That was the phish url.

In html, you can use

<A href="http://domain/link/to/follow";>Data to display</A>

The scammer sets the link to follow to his domain, but the display
information to be the actual bank link.

First of all, the link seems not using SSL (http instead of https).
Secondly, when I pinged 163.23.70.201, there was no response.

It's in Taiwan. Maybe it was down, or maybe it was blocking ping.

I hesitate to click on the https:// link.

It is usually safe as long as you don't enter any data, and don't
accept any download files. But there isn't any point in clicking
unless you are investigating the phish.

Could someone help me understand what is it all about? Any info is
much appreciated.

If they can trick you into entering data such as account number and
network password for your bank account, then they can use that to
steal money from your account.

Many many thanks for the detailed explanation.

Warmest regards,

A Monk

.

References:
- How to understand this "phishing" mail?
  - From: a_monk
- Re: How to understand this "phishing" mail?
  - From: Neil W Rickert

Prev by Date: Re: Is that secure : <form action="https" from a local HTML page ?
Next by Date: Re: Is that secure : <form action="https" from a local HTML page ?
Previous by thread: Re: How to understand this "phishing" mail?
Next by thread: Re: How to understand this "phishing" mail?
Index(es):
- Date
- Thread

Relevant Pages

Haiti La fortune dAristide
... offshore bank and corporate secrecy and money-laundering and how the ... Aristide and his associates looted government coffers, ... accounts of Aristide's governmental "Private Secretary Account." ... cashed by the Bank of the Republic of Haiti for sums of $100,000 to ...
(soc.culture.haiti)
fact or fiction
... Hamid invested too in American bank, I thought he was anti US, so how is ... The information regarding the Fixed Deposit Accounts of Mahathir¡ös ... That vast amount of monies could have been derived through the ... Type of Account: Fixed Deposit ...
(soc.culture.malaysia)
Re: fact or fiction
... THE ACCOUNT HAD BEEN CLROSS VERIFIED BY MY FRIEND IN MOSSAD ... Smart move ie to invest in Israel bank so that nobody suspects.......Syed Hamid invested too in American bank, I thought he was anti US, so how is going to explain on his connection with the US and Jews ... ... That vast amount of monies could have been derived through the following: ... Date of Maturity: 25/06/98 ...
(soc.culture.malaysia)
=?iso-8859-7?q?Revealed=3A_Britain=A2s?= worst banks
... current accounts to mortgages to tell you what you should dump ... NATWEST has been named as the worst high-street bank in a comprehensive ... derisory savings interest and punitive charges. ... more than half of us still have at least our current account ...
(uk.finance)
Re: Bank fraud
... The bank moved money out of his account ... For your information the police believe it. ... Your correct I am pissed off because this latest theft is only the tip ...
(uk.legal)