Irish Water Phishing Emails

I must have been half asleep when I clicked the link in this email, but Gmail hadn’t caught it yet even though it’s an obvious phishing attempt, so be warned if you get an email warning of “urgent maintenance” of your account. Then again, it’s probably a bad site to phish, since most people are boycotting them. I bet there’ll be people on Facebook complaining that they were sent these emails, even though they’re protesting it! 🙂

Screen Shot 2016-06-09 at 10.55.45

The from address is at Telefonica, and the login link goes to a page at 3i6e5.16mb.com which is a convincing Irish Water login page, looking very like the original.

Screen Shot 2016-06-09 at 10.58.40

Opening both pages in two tabs and switching between them shows no jumps in spacing or changes at all. Irish Water haven’t been around that long either so it’s not as if we’re all familiar with how they compose their email correspondence. Mark as spam and don’t let the bad guys win.

Phishing in Irish

Well, this is a surprise. One of my .ie email addresses got a very targeted phishing email. It was so specific that it was actually written in Irish! It wasn’t directed at me, but at a list owner address at linux.ie.
I wonder if the spammers know how many Irish people could actually read their email easily? It’d certainly be easier for most people to read in English.

Aire

Tá mé an tUasal Patrick KW Chan an Stiúrthóir Feidhmiúcháin agus Príomh-Oifigeach airgeadais Hang Seng Bank Ltd, Hong Cong.
Tá mé togra gnó brabúsaí leasa choitinn a roinnt le leat;
Baineann sé leis an aistriú suim mhór airgid.
Fuair mé do tagairt i mo cuardach a dhéanamh ar dhuine a oireann mo chaidreamh gnó molta.
Má tá suim agat i obair liom teagmháil a dhéanamh liom mo trí r-phost príobháideach (mrpatkwchan52@yahoo.com.hk) le haghaidh tuilleadh sonraí

Dearbhófar do fhreagra túisce chun an litir seo a mhór.

An tUasal Patrick Chan
E-mail: mrpatkwchan52@yahoo.com.hk

I suppose it was bound to happen now that Google translates text into Irish. Well done to Gmail for marking it as spam!

Anatomy of an AIB Phishing Email

I’m well used to getting phishing emails for American or internationally known banks but this morning an email supposedly from AIB made it past Gmail’s spam filters.

AIB phishing email

AIB posted an alert a few days ago to watch out for fraudulent emails, but this one appears to be different. I’m forwarding it on to alert@aib.ie

The content of the email is a Jpeg image, and it links to a php file on http://internetbanking.aib.ie.2.3h8ax3.com/

As the rest of this post has a number of large screenshots click the link below to read the rest. You can probably ignore this if you’re not living in Ireland. 🙂

Continue reading “Anatomy of an AIB Phishing Email”

Around Ireland in 80 links on July 18th 2007

  • Anthony found Pixar’s new short cartoon, Lifted. It’s quite fun!
  • I’m amazed that Drogheda Library wouldn’t let a student charge his laptop. “Doing a ryanair on it” alright!
  • Kathy Foley’s festival of mud and horrors tries to understand the fuss over Oxegen. I stay well clear of RTE these days so I missed the hype, but I have to agree with her about the mud .. WHY?
  • Justin wants the vigilantes to stop polluting the phisher’s sites. It makes it harder for investigators to find the real victims.
  • Granny Mar posted a few days ago about July 12th in the North. That’s one hell of a tall pile of tires! Can you imagine the black oily smoke off that heap of rubber? Her daughter Elly was in touch asking if someone could help move her mom’s blog from Blogspot to a shiny new WordPress install. I have my hands full but perhaps some kind soul could get in touch, please?
  • Paul is plugging new “Internet nanny” service Glubble. The Techcrunch write up is fairly positive, but I can just see Adam with a Linux boot disk in a couple of year’s time bypassing all my carefully constructed whitelists to check out the dark side.
  • My Harry Potter post is getting an insane number of hits today. Looks like lots of people looking for the online version!
  • Finally, it’s not Irish news, but Joseph has blogged about the WordPress.com and Facebook integration! Barry blogged about keeping track of the 300 servers Automattic use, and I have to add that if you use any of the premium products on WordPress.com you might see a renewal notice in your Dashboard when your subscription runs out…

I did the online check-in thing this morning and I have an aisle seat. Mark is sitting across the aisle so we both have room to sort-of stretch our legs on the long journey to San Francisco tomorrow!

PS. so nobody wants WordPress stickers? Read my WordCamp post below to find out how you might be able to get a few ..