And again…

Spam received claiming to be the Bank of America, trying to collect passwords. Now, here’s how you do it: select “view source” in MS Exchange or Outlook, view original in Gmail. This will show the HTML code of the email. Look for the link you’re meant to click to provide your password: it will look like this… a href=”our real URL” yes, we really are the bank, click here, sucker /a, with angle brackets () around everything.

Now you know where the passwords are being collected. Do a WHOIS search for that url, and you know who.

For example..

That Bank of American fraudmail contains a link to a Polish hostco called Their details are as follows:

Looking up at

% This is the NASK WHOIS Server.
% This server provides information only for PL domains.
% For more info please see

Domain object:
registrant’s handle: nta4827 (CORPORATE)
created: 2003.12.29
last modified: 2005.12.23
registrar: NetArt
Zabawa 118
32-020 Wieliczka
+48.801 800 700
+48.12 4244010

option: the domain name has not option

Subscribers Contact object:
company: CM cashMedia Tomasz Adamek
street: ul. Kopernika
city: 47-200 Kedzierzyn-Kozle
location: pl
handle: nta4827
phone: +48.601080089
last modified: 2004.10.30
registrar: NetArt
Zabawa 118
32-020 Wieliczka
+48.801 800 700
+48.12 4244010

The email server has been rigged to produce silly error messages (550 Recipients are not verified? Yeah, right.)

Don’t all ring at once, eh. It really shouldn’t be that difficult.

    Leave a Reply

    Fill in your details below or click an icon to log in: Logo

    You are commenting using your account. Log Out /  Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out /  Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out /  Change )

    Connecting to %s

%d bloggers like this: