Re: [SURBL-Discuss] Fw: Your August eNewsletter from U.S. Bank

----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org

That's not too useful without headers and it doesn't prove it's not a phish.

Yep, didn't realize it would look like garbage once it got posted to the list

How did you determine that usbank-email.MUNGEDcom really belongs to U.S. Bank?

Here is what my search came up with: ========== whois usbank.com: Registrant: U.S. Bancorp Licensing, Inc. (NACLVTHKBD) 800 Nicollet Mall, EP-MN-BB02 Minneapolis, MN 55402 US

Domain Name: USBANK.COM

Administrative Contact, Technical Contact: Administrator, Domainname ContactMiddleName (CPESDLZPEI) domainadmin@usbank.com U.S. Bancorp 2751 Shepard Rd, EP-MN-BB2 St. Paul, MN 55116 US (651) 205-0265 fax: 123 123 1234

Record expires on 15-Feb-2009. Record created on 14-Feb-1995. Database last updated on 24-Aug-2004 20:06:49 EDT.

Domain servers in listed order:

NS3.USBANK.COM 170.135.240.25 NS1.USBANK.COM 156.36.1.18 =========== whois usbank-e-mail.com: Registrant: U.S. Bancorp Licensing, Inc. (AWMADPAZID) 800 Nicollet Mall, EP-MN-BB02 Minneapolis, MN 55402 US

Domain Name: USBANK-EMAIL.COM

Administrative Contact: Administrator, Domainname ContactMiddleName (CPESDLZPEI) domainadmin@usbank.com U.S. Bancorp 2751 Shepard Rd, EP-MN-BB2 St. Paul, MN 55116 US (651) 205-0265 fax: 123 123 1234

Technical Contact: Network Solutions, LLC. (HOST-ORG) customerservice@networksolutions.com 13200 Woodland Park Drive Herndon, VA 20171-3025 US 1-888-642-9675 fax: 571-434-4620

Record expires on 24-Feb-2007. Record created on 24-Feb-2004. Database last updated on 24-Aug-2004 20:07:42 EDT.

Domain servers in listed order:

NS.ONCE.COM 207.189.106.105 NS2.ONCE.COM 207.189.106.108 NS3.ONCE.COM 207.162.212.83 ==========

Both domains were registered through Network Solutions. Same corporate address and phone number, and when I called the phone number listed above, I got the voice mail of a US Bank employee named Mark Marrow (probably the zone technical contact). And, most importantly, the account logon links take you to the official US Bank web site, not some spoofed URL.

I have forwarded the newsletter e-mail as an attachment this time, so hopefully it will come through intact for viewing, including the original message headers.

I have seen many US Bank, Pay-Pal, E-Bay, Citi Bank, etc., phishing e-mails, and this is clearly not one. Anyway, let me know what you plan to do with this one.

Thanks,

Bill