Deus
Premium
join:2000-10-04
Brooklyn, NY
clubs:
 ·Optimum Online
|  Email About a Bank Account I Don't Even Have?
Well, today I received an email from Southtrust Banking in my Hotmail account stating that someone has attempted to login to my account many times in one day. Since they have reached the daily limit, the account has been deactivated. There was a link for me to reactivate the account so I clicked on the link to see what it was all about as I was curious to know what sort of account it was. Thing is I don't have a Southtrust Banking account. I checked google to see if such a bank existed and it does. The customer service number is legit too, but I'm thinking this is a phishing scam as the site from google ends in .com and the one in my email ends in .net. I'm not 100% certain that this is a fake email and I'm a tad worried that someone may have stolen my identity or something to open up a bank account. How would I determine whether or not this email is a fake?
BTW, I did an IP look up and this was the result I received:
Result for southtrustbanking.net
--> /usr/local/bin/fwhois southtrustbanking.net@whois.internic.net
[whois.internic.net]
Whois Server Version 1.3
Domain names in the .com and .net domains can now be registered
Domain Name: SOUTHTRUSTBANKING.NET
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: »www.melbourneit.com
Name Server: NS19A.NAMESERVERS.NET
Name Server: NS19B.NAMESERVERS.NET
Status: ACTIVE
Updated Date: 13-may-2005
Creation Date: 13-may-2005
Expiration Date: 13-may-2006
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
For those that are wondering the address I used came from the link, which is: »southtrustbanking.net/retail/Login.asp.
--
"In three words I can sum up everything I've learned about life: it goes on." -Robert Frost |
|
nonymous
join:2003-09-08
Glendale, AZ | scam |
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| reply to Deus
I suspect it's a phishing email. No bank, or any company for that matter, should really do this. There are exceptions, but usually when an account's deactivated, one usually has to call in, or wait for a time-out period to go by.
I checked the bank's website (quoting): »www.southtrust.com/st/AboutUs/Pr···ault.htm
SouthTrust Bank customers should be aware of multiple e-mail-based scams attempting to collect private account information from them.
These e-mails fraudulently state that the customer's account has been deactivated and must be updated. These e-mails instruct the customer to re-activate the account by clicking on a provided link. The links direct the recipient to non-SouthTrust Web sites to fraudulently obtain the customer's account information. Really, I think it's just phishing.
--
Aaron Hulett | Trojan Analyst | Mischel Internet Security |
|
craezer
join:2003-12-15
1 edit | reply to Deus
I've received a couple about a bank I don't have accounts with. Classic phishing attempt. Mouse over the link and see what URL shows up in the status bar, I bet it isn't to a bank
EDIT: I see others posted to this before I did. That's what I love about this place, always helpful people around when you need them!  |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
 ·Vonage
| reply to Deus
Why would open an email from an unknown source just out of "curiosity"?
NO bank would ever ask you to "reactivate" an account in an email....this is a bogus email. As long as you didn't supply them with any personal info (which is what they WANT you to do), you should be fine. You didn't do that when you clicked on that link within the email, did you? If not, delete that puppy and don't open anything weird out of "curiosity".
This is also suspect:
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
--
~~I'll make a wish, take a chance, make a change, and breakaway...Out of the darkness and into the sun...~~ |
|
Deus
Premium
join:2000-10-04
Brooklyn, NY
clubs:
·Optimum Online
| I wasn't going to type in any of my information. I know better. I know I also shouldn't have clicked on that link, but my curiosity got the better of me.  I figure it shouldn't be too bad, since I was using Firefox 1.04 and not the security ridden Internet Explorer. This was my first phishing email so I was a little jumpy to have it happen to me.
Thanks for the help!
--
"In three words I can sum up everything I've learned about life: it goes on." -Robert Frost |
|
kangabil
Do It Now, Do It Right
Premium
join:2005-05-15
Australia
| reply to Deus
I would not feel too smug about using FireFox when it comes to Phishing; it won't save you; they have got your details. If when you reply you really did have an account then you've just done the lot cold!
Phishing is not a virus attack or malaware. |
|
habya
Premium
join:2003-05-29
Huntsville, AL
clubs: 
| reply to Deus
I got that very exact same e-mail last night in my Hotmail account. I know Southtrust bank since we have it around in AL but never held an account there. Besides most (I hope none) don't send an email like that with a link. I do use online banking with my credit union and the 2x times they've sent me emails regarding my account for any reason they simply stated to go to the companies website and do what needs to be done there. No links or even telling me what site to go to just "XXX Credit Unions" page.
That email went straight to the trash can along with the other various "Nordstrom offer confirmation" or "Pre-approved" garbage.
--
HABYA HABYA HABYA TEAR DOWN THE HEM STALKS EAT UP THE OLD MAN AND WOMAN AND CARRY OFF THE LITTLE GIRL MAY YOU DIE ALONE |
|
deke40
Premium
join:2003-01-23
Freeport, Tx
1 edit | reply to Deus
Report it here:
»www.millersmiles.co.uk/ |
|
pcdebb
RIP dadkins
Premium
join:2000-12-03
Tampa, FL
clubs:
| reply to Deus
southtrust seems to be under the gun these days, i've got one of these everyday for a week. i wonder which bank will be next 
--
babbling | mvm |
|
kpatz
MY HEAD A SPLODE
Premium
join:2003-06-13
Manchester, NH
| I received something recently, I don't remember if it was a Southtrust one or what, I usually just delete them right off the bat since I know they're fake.
Phishers are indiscriminate; I'm sure 99% of the people they hit with these emails aren't even a customer of the bank or service provider in question. They're just hoping to get lucky on some gullible person who does happen to have an account there. That's why it's called phishing, they're tossing out the bait in hopes of getting a bite.
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages. |
|
Hall
Premium,MVM
join:2000-04-28
Dayton, OH
 ·EarthLink
·AT&T Midwest
·Earthlink Cable Mo..
| reply to Deus
said by Deus  : Thing is I don't have a Southtrust Banking account. I believe your own statement is the key... |
|
Deus
Premium
join:2000-10-04
Brooklyn, NY
clubs: | reply to deke40
Nice site. They had the screen shots of the website and email I saw. |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to Deus
I must be a forgetful billionaire or something as it appears I have left a trail of bank accounts all over the world and considering I have received at least several hundred of these from individual banks (Southtrust included), I must have created a lot of accounts at some of these banks. Now if I could only remember the pass codes to get all this money. 
Phishing attempts all of them. Your bank etc, would never ask you to verify your personal information online or re-activate your account online (if they really had screwed it up, how would they know if you entered the correct information or not).
I had tracked one of the phishing sites back to Australia and noted it was shutdown a couple of days later, but its like trying to drain the ocean with a sand bucket, shut one down and ten more pop up.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
ahulett
Life Without Walls
Premium
join:2003-02-02
Bellevue, WA
| reply to Deus
I figure it shouldn't be too bad, since I was using Firefox 1.04 and not the security ridden Internet Explorer. And that right there, ladies and gentleman, is what I didn't want to happen, but it has. If they really start nailing Firefox, and I mean really nail it, they're going to have a field day.
Great. Just great.
--
Aaron Hulett | Trojan Analyst | Mischel Internet Security |
|
bkgam
Virtus In Ardus
Premium
join:2004-08-04
USA
| reply to Link Logger
said by Link Logger :I must be a forgetful billionaire or something as it appears I have left a trail of bank accounts all over the world and considering I have received at least several hundred of these from individual banks (Southtrust included), I must have created a lot of accounts at some of these banks. Now if I could only remember the pass codes to get all this money. Me too I've seen hundreds of these. The phishing never stops. If curiosity gets to you and you just have to open one...disconnect from the net frist.
--
"Whatever you do will be insignificant, but it is very important that you do it." -- Mahatma Gandhi |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
·Vonage
1 edit | reply to ahulett
said by ahulett :I figure it shouldn't be too bad, since I was using Firefox 1.04 and not the security ridden Internet Explorer. And that right there, ladies and gentleman, is what I didn't want to happen, but it has. If they really start nailing Firefox, and I mean really nail it, they're going to have a field day. Great. Just great. Well, its promoted/marketed in such a way that gives people a "false" sense of security, as if they are immune from anything when using FF, not to mention the fact that IE is fine when secured PROPERLY, as many of us who use it (I use both IE and FF) can testify to.
Such statements as this posters doesn't surprise me at all. And you are right....when it gets nailed, there will be the devil to pay. FF won't protect them from their own mistakes.
--
~~I'll make a wish,
take a chance,
make a change,
and breakaway...
Out of the darkness and into the sun...~~
|
|
Deus
Premium
join:2000-10-04
Brooklyn, NY
clubs:
·Optimum Online
| I'm hearing all these negative things about me clicking on the link and that the site could have taken my information if I had typed it in. Of course I had nothing to type in and even if I did have an account with Southtrust Banking I was going to call up CS to make sure such an email was in fact true. So what adverse effects could have happened when I clicked on that link because I really don't know.
--
"In three words I can sum up everything I've learned about life: it goes on." -Robert Frost |
|
Nancymca
Security Goddess, retired.
Premium
join:2001-09-30
Voorheesville, NY
·Verizon Online DSL
| reply to Deus
I see those every day. Since it's not my bank I just delete them. On a couple of occasions I've gotten similar from my bank(s). In those cases I report it to them, and they are receptive to those reports.
It's just more phishing. If you're ever in doubt, call your bank voice. Don't respond to the email.
--
Removing spyware, trojans and malware should be easy.
www.boclean.com |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to bkgam
I built a program which allows me to download the html pages from their phishing site and view them so I could see what scripts and such they were using (they were using one malware type script). If I get some time I'll finish this program off and release it as freeware as it shows the raw html with highlighting and such to make it quick and easy to see what they are doing. Think of it as an easy to use WGet with nicer results.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel |
|
