For the record, here's a recent phishing email faking it's ScotiaBank Online Banking.
The body of the this email in text reveals the rogue link on line 15 - fenc.daewonit.com/baoa/index.php is hosted in Seoul, Korea.
The interesting thing is the email is from hogan.com website which is a legitimate site, but clearly it website has been zombified.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | From: Message.069.From.S.c.o.t.i.a_B.a.n.k.ID.0654654654@hogan.com <Message.069.From.S.c.o.t.i.a_B.a.n.k.ID.061778978789886@hogan.com> Sent: January 30, 2017 5:37 PM To: xxxxxxxxxxxxx@hotmail.com Subject: Reminder: Last Notification! (0697) //click.mail.onedrive.com/?qs=4a5238b3673f348dcb22162d32a60cb3d0e0df71bc28d3c7216a7793fff575a9e35d54e16f7144ce9ff6ec843855eb26416dcd82ee17b30b xxxxxxxxxxxx@hotmail.com. [img] You are no longer allowed to access your ScotiaBank Online Banking. We had to disable your online access for your security. This can be because of a recent change in your address or submitting incorrect information during the initial registration process. Please verify your account within the next 24 hours in order to avoid full online suspension. //click.mail.onedrive.com/?qs=32b26e68be826244f798f60445dfd85de29d309e84058c43d950e053e97cfedf416cf5597446254a50fb196c75dd980151f2da54664bc0a5 Click here <http://fenc.daewonit.com/baoa/index.php> to verify your information and remove the suspension on your account or follow this secure link: //www2.scotiaonline.scotiabanking.com/online/unsuspend-xxxxxxxxxxxx@hotmail.com-0697837489/auth.bns<http://fenc.daewonit.com/baoa/index.php> After the secure online verification you will be able to use your account as usual. 2017 (30th of January) Scotiabank Canada click.mail.onedrive.com/?qs=32b26e68be8262447dac7c9c958b6a8cf15309d26c5595370b292318002995219672f1afb35e65aa6c89234293b2b2ee899e12feee755dd0 |
Whois Record lookup for fence.faewonit.com
| Registrar | DOTNAME KOREA CORP | |
| Registrar Status | ok | |
| Dates | Created on 2011-03-07 - Expires on 2017-03-07 - Updated on 2016-03-06 | |
| Name Server(s) | DNS.MIREENE.COM (has 5,979 domains) | |
| IP Address | 112.217.208.42 - 1 other site is hosted on this server | |
| IP Location | Seoul - Seoul - Lg Dacom Corporation | |
| ASN | AS3786 LGDACOM LG DACOM Corporation, KR (registered Aug 01, 2002) | |
| Domain Status | Registered And Active Website | |
| Whois History | 40 records have been archived since 2008-11-11 | |
| IP History | 5 changes on 5 unique IP addresses over 13 years | |
| Registrar History | 2 registrars with 2 drops | |
| Hosting History | 9 changes on 6 unique name servers over 12 years | |
| Whois Server | whois.dotname.co.kr | |
Whois Record ( last updated on 2016-12-21 )
No comments:
Post a Comment