PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Barclays hatten wir noch nicht



SpamRam
29.11.2005, 19:09
Gleich im 3er-Pack innerhalb von 2 Minuten hier aufgeschlagen!

header:
01: Return-Path: <akcreat [at] h2.prohosting.com.ua>
02: X-Flags: 1000
03: Delivered-To: GMX delivery to xxxxx [at] gmx.net
04: Received: (qmail invoked by alias); 29 Nov 2005 xx:xx:xx -0000
05: Received: from h2.prohosting.com.ua (EHLO h2.prohosting.com.ua) [217.16.18.181]
06: by mx0.gmx.net (mx036) with SMTP; 29 Nov 2005 xx:xx:xx +0100
07: Received: from akcreat by h2.prohosting.com.ua with local (Exim 4.52 (FreeBSD))
08: ID: [ID filtered]
09: for xxxxx [at] gmx.net; Tue, 29 Nov 2005 xx:xx:xx +0300
10: To: xxxxx [at] gmx.net
11: Subject: Barclays works 24/7 to keep you safe
12: MIME-Version: 1.0
13: Content-type: text/html; charset=iso-8859-1
14: From: support [at] barclays.co.uk <support [at] barclays.co.uk>
15: Message-ID: [ID filtered]
16: Date: Tue, 29 Nov 2005 xx:xx:xx +0300
17: X-AntiAbuse: This header was added to track abuse, please include it with any abuse
18: report
19: X-AntiAbuse: Primary Hostname - h2.prohosting.com.ua
20: X-AntiAbuse: Original Domain - gmx.net
21: X-AntiAbuse: Originator/Caller UID/GID: [UID filtered]
22: X-AntiAbuse: Sender Address Domain - h2.prohosting.com.ua
23: X-GMX-Antivirus: -1 (not scanned, may not use virus scanner)
24: X-GMX-Antispam: 0 (Mail was not recognized as spam)
25: X-GMX-UID: [UID filtered]

Mit folgendem (HTML)-Text:

Dear Sir/Madam,

Barclays Bank PLC. always look forward for the high security of our clients. Some customers have been receiving an email claiming to be from Barclays advising them to follow a link to what appear to be a Barclays web site, where they are prompted to enter their personal Online Banking details. Barclays is in no way involved with this email and the web site does not belong to us.
(Wie wahr, wie wahr!)

Barclays is proud to announce about their new updated secure system. We updated our new SSL servers to give our customers a better, fast and secure online banking service.
Due to the recent update of the servers, you are requested to please update your account info at the following link.

{https:// update.barclays.co.uk/olb/p/LoginMember.do} (sieht man so, Barclays ist eine englische Bank)

Dahinter steckt aber gemäß IP die Unterseite einer anscheinend französischen Site:
http://84.5.49.190/P/.ibank.barclays.co.uk/olb/p/LoginMember.do.step1.htm

Important*
We have asked few additional information which is going to be the part of secure login process. These additional information will be asked during your future login security so, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.

J. S. Smith
Security Advisor
Barclays Bank PLC.

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your Barclays Online Bank account and choose the "Help" link on any page.

Barclays Email ID: [ID filtered]


und die Return-Adresse: http://h2.prohosting.com.ua zeigt nach Russland!

kjz1
29.11.2005, 20:51
Genauso (Zombie in FR und Mailserver in der Ukraine) hier ebenso dreimal aufgeschlagen. 'Neues' Geschäftsfeld von Leo?

- kjz