From el.baby@gmail.com Mon Nov 22 14:47:34 2004
From: Mariano Absatz <el.baby@gmail.com>
To: discuss@lists.surbl.org
Subject: [SURBL-Discuss] Phishing attempt
Date: Mon, 22 Nov 2004 10:47:30 -0300
Message-ID: <3d8676e0411220547130633fe@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4739408322473403427=="

--===============4739408322473403427==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hi David et al.

for some reason my Thunderbird severed the topmost headers (including
trace headers) for this message (see bottom) I got this weekend.

However, it seems to me it's a phishing attempt from 210.127.248.68...
the page doesn't seem to be up, anyway.

Checking in http://www.rulesemporium.com/cgi-bin/uribl.cgi the address
only hit sc.

Regards.

-- 
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com


From:	"SunTrust Access Review" <holdaccount0115nf93797(a)suntrust.com>
To:	<baby(a)baby.com.ar>
Subject: Banking Online Message IDXXX003014585815
Date:	Fri, 19 Nov 2004 02:12:23 +0300
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal

<html>
<head>
<title>SunTrust Account Access</title>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
</head>

<body bgcolor=3D"#FFFFFF" text=3D"#000000">

<table width=3D"940" border=3D"0" cellpadding=3D"0" cellspacing=3D"0">
  <tr>
    <td colspan=3D"2" height=3D"66" valign=3D"top"><img src=3D"http://www.r=
ogueweb.com/logo_home.gif" width=3D"171" height=3D"66"></td>
    <td width=3D"562"></td>
    <td width=3D"107"></td>
  </tr>
  <tr>
    <td height=3D"9" width=3D"26"></td>
    <td width=3D"245"></td>
    <td></td>
    <td></td>
  </tr>
  <tr>
    <td height=3D"176"></td>
    <td colspan=3D"2" valign=3D"top">
      <p>Dear <b>Valued Customer,</b></p>
      <p> SunTrust Banks Inc., is committed to maintaining a safe environme=
nt
        for our customers. To protect the security of your account, SunTrus=
t Banks
        Inc., employs some of the most advanced security systems in the wor=
ld
        and our anti-fraud teams regularly screen the SunTrust system for u=
nusual
        activity.</p>
      <p>We are contacting you to remind you that on Nov. 17, 2004 our Acco=
unt
        Review Team identified some unusual activity in your account. In ac=
cordance
        with SunTrust's User Agreement and to ensure that your account has =
not
        been compromised, access to your account was limited. Your account =
access
        will remain limited until this issue has been resolved.</p>
      <p>We encourage you to log in and perform the steps necessary to rest=
ore
        your account access as soon as possible. Allowing your account acce=
ss
        to remain limited for an extended period of time may result in furt=
her
        limitations on the use of your account and possible account closure=
. Click
        here to unlock your <a href=3D"http://210.127.248.68/personal/check=
ing/OnlineBanking/Internet_Banking/index.php">online access.</a></p>
    </td>
    <td></td>
  </tr>
  <tr>
    <td height=3D"26"></td>
    <td></td>
    <td></td>
    <td></td>
  </tr>
  <tr>
    <td height=3D"95"></td>
    <td colspan=3D"2" valign=3D"top"> Thank you for your prompt attention t=
o this
      matter. Please understand that this is a security measure meant to he=
lp
      protect you and your account. We apologize for any inconvenience.
      <p>Sincerely,<br>
        Suntrust Banks Inc., Account Review Department</p>
    </td>
    <td></td>
  </tr>
  <tr>
    <td height=3D"18"></td>
    <td></td>
    <td></td>
    <td></td>
  </tr>

</table>
</body>
</html>

--===============4739408322473403427==--


From jeffc@surbl.org Tue Nov 23 01:14:08 2004
From: Jeff Chan <jeffc@surbl.org>
To: discuss@lists.surbl.org
Subject: Re: [SURBL-Discuss] Phishing attempt
Date: Mon, 22 Nov 2004 16:14:36 -0800
Message-ID: <1006480168.20041122161436@surbl.org>
In-Reply-To: <3d8676e0411220547130633fe@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7730412735433409120=="

--===============7730412735433409120==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

On Monday, November 22, 2004, 5:47:30 AM, Mariano Absatz wrote:
> Hi David et al.

> for some reason my Thunderbird severed the topmost headers (including
> trace headers) for this message (see bottom) I got this weekend.

> However, it seems to me it's a phishing attempt from 210.127.248.68...
> the page doesn't seem to be up, anyway.

> Checking in http://www.rulesemporium.com/cgi-bin/uribl.cgi the address
> only hit sc.

> Regards.

In general I recommend reporting phishing to:

  postmaster(a)corp.mailsecurity.net.au,
  reportphishing(a)antiphishing.org,
  spam(a)uce.gov

Jeff C.
--
"If it appears in hams, then don't list it."


--===============7730412735433409120==--