Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Bots are Jumpin' | Main | 419er Dishing Out "ATM Cards" »

February 06, 2009

From the Federal Reserve. Uh huh.

I've seen a few of the following fly by:

From: "FEDERAL BANK" <administration@fedreservesystem.us>
Subject: Attention: Important
    FEDERAL RESERVE BANK

Important:
You're getting this letter in connection with new directions issued by U.S. Treasury Department. The directions concern U.S. Federal Wire online payments.

On January 26, 2009 a large-scaled phishing attack started and has been still lasting. A great number of banks and credit unions is affected by this attack and quantity of illegal wire transfers has reached an extremely high level.

U.S. Treasury Department, Federal Reserve and Federal Deposit Insurance Corporation (FDIC) in common worked out a complex of immediate actions for the highest possible reduction of fraudulent operations. We regret to inform you that definite restrictions will be applied to all Federal Wire transfers from February 6 till February 13.

Here you can get more detailed information regarding the affected banks and U.S. Treasury Department restrictions:

http://ustreasury.[removed].us/37119815/secur~12724/wire/


    Federal Reserve Bank System Administration

I'll bet you thought that the Federal Reserve would send out emails in, um, English.

Although this might appear to be a phishing scam intended to get you to input some of your tasty identity info, it is, in truth, a lure to an adult site. Having safely checked the source code of the URL in the message, I can tell you that it uses HTML and a bit of JavaScript to begin displaying a stylized U.S. flag, but then shifts to a portal image identifying adult content in the offing. A link from there takes you to another site, whose GoDaddy-registered domain is hidden behind a Domains by Proxy veil.

It's perhaps interesting that this message is supposed to appeal to those who customarily do wire transfers. Is that how one must pay for the porn site? I'm not about to visit to find out.

I did get a chuckle out of the bogus From: address in the message. A U.S. Government agency using a .us top-level domain. That's rich. Oh, and by the way, that domain, which was originally registered to a Russian address, has been suspended.

Posted on February 06, 2009 at 09:57 AM