Saturday, May 13, 2017

Phishing Email : CIBC Canada Confirmation - Summary of transaction

For the record, here's a recent Phishing Email : CIBC Canada Confirmation phishing email that is circulating and was caught by Junk or Spam filters, but maybe not for you.

What to do?

Report them and label them as Phishing Email not SPAM (in your online email system), see below.


Report them? 

Report Phishing URLs at Google Plex now as well;


Here's the view of the email in your online mail client




         








Logo is stealing from this site
http://www.stardale.org/youth/cibc_logo.jpg
 
Thank you for choosing CIBC.
 
You have an unclaimed incoming payment of $728.89 CAD ( Transaction ID: #SDKFNDdfdfdkDKJFDDF#) 
We believe this may be a suspicious transaction and we have temporarily put a hold on your online access.

Please verify your online information to be able to claim your funds (
$728.89 CAD).
Please click here to beging the verification process.

SPAM LINK TO : http://ww.netnsys.com/vqtsdqd/index.php


If your information is not verified within 24 hours the incoming transaction of $728.89 CAD will be rejected. 




Here's what netnsys.com/vqtsdqd/index.php could not be found.
and is hosted in South Korea but owned by;  

   This info is available for any site using a Whois lookup, https://www.godaddy.com/whois has one


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
Domain Name: NETNSYS.COM
Registry Domain ID: Not Available From Registry
Registrar WHOIS Server: whois.doregi.com
Registrar URL: http://www.doregi.com 
Updated Date: 2010-03-03T21:30:11Z
Creation Date: 2000-03-08T15:48:35Z
Registrar Registration Expiration Date: 2019-03-08T15:52:55Z
Registrar: HANGANG SYSTEMS,INC. D/B/A DOREGI.COM
Registrar IANA ID: 87
Registrar Abuse Contact Email: doregi@doregi.com
Registrar Abuse Contact Phone: +82.7071631100
Reseller: 
Domain Status: ok https://icann.org/epp#ok 
Registry Registrant ID: Not Available From Registry
Registrant Name: Net & Sys Co., Ltd. 
Registrant Organization: Net & Sys Co., Ltd. 
Registrant Street: 300-2, 5th Floor, Doksan-Dong GeumCheon-Gu 
Registrant City: Seoul 
Registrant State/Province: 
Registrant Postal Code: 08584 
Registrant Country: KR
Registrant Phone: +82.226462202
Registrant Phone Ext:
Registrant Fax: +82.226467151
Registrant Fax Ext:
Registrant Email: peter.s.cho@gmail.com
Registry Admin ID: Not Available From Registry
Admin Name: Sanghoon Cho 
Admin Organization: Sanghoon Cho 
Admin Street: 300-2, 5th Floor, Doksan-Dong GeumCheon-Gu 
Admin City: Seoul 
Admin State/Province: 
Admin Postal Code: 08584 
Admin Country: KR
Admin Phone: +82.226462202
Admin Phone Ext:
Admin Fax: +82.226467151
Admin Fax Ext:
Admin Email: yoon@netnsys.com
Registry Tech ID: Not Available From Registry
Tech Name: Sanghoon Cho 
Tech Organization: Sanghoon Cho 
Tech Street: 300-2, 5th Floor, Doksan-Dong GeumCheon-Gu 
Tech City: Seoul 
Tech State/Province: 
Tech Postal Code: 08584 
Tech Country: KR
Tech Phone: +82.226462202
Tech Phone Ext:
Tech Fax: +82.226467151
Tech Fax Ext:
Tech Email: yoon@netnsys.com
Name Server: ns1.doregi.com
Name Server: ns2.doregi.com
Name Server: ns3.doregi.com
Name Server: 


How to tell this is a Phishing email ?


  1. Convert the email view from HTML to text, check for bad URLs.
  2. Hover over all links in email, if it's not from the same as the text then forget it.
  3. The best way is to look at message source, see below.


How to examine Email Message Source ?


Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
And look for phony links.


Report Phishing Email (not as Spam)


  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 


Report phishing at Microsoft and government agencies


  1. https://www.microsoft.com/en-us/safety/online-privacy/phishing-symptoms.aspx

No comments:

Post a Comment