« Incident On Calgary LRT This MorningTAM 5 »

Yet Another Phishing Scam

02/05/07

  11:53:37 pm, by Nimble   , 603 words  
Categories: Thoughts, Internet, Spamming

Yet Another Phishing Scam

More bullshit designed to bilk people out of their money:

Dear Western Union Customer,

We regret to inform you that your account will be suspended due to concerns we have for the safety and integrity of the Western Union community.

Per the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

...

Due to the suspension of this account, please be advised you are prohibited from using Western Union in any way if you don't review the registration information of your Western Union account. Click on the link below in order to confirm your registered information:

http://wumt.westernunionusa.com/asp/ConfirmAcc.asp

Please note that any fees due to Western Union will immediately become due and payable. Western Union will charge any amounts you have not previously disputed to the billing method currently on file.

Regards,

Western Union

Wouldn't you know it. In the typical style of such phishing scams, you're asked for your debit/credit card info - enough for someone to run up your credit card bill or clean you out right on the first page:

Fake Western Union

All the images and links point to the real westernunion, except of course the all-important Submit button.

This page has Javascript for verifying the credit card number has a valid checksum, but remember, you can always fake credit cards for these jerks to process care of the excellent script at DarkCoding.net.

Well, I know who Western Union is, even though I've never had business dealings with them, but who is westernunionusa.com?

Well, what do we get from a WHOIS...?

Domain Name: WESTERNUNIONUSA.COM
Registrar: YESNIC CO. LTD.
Whois Server: whois.yesnic.com
Referral URL: http://www.yesnic.com
Name Server: NS1.WANAIDOO.COM
Name Server: NS2.WANAIDOO.COM
Status: ok
Updated Date: 25-jan-2007
Creation Date: 25-jan-2007
Expiration Date: 25-jan-2008

Okay, well, where would yesnic.com come from?

Domain Name: YESNIC.COM
Registrar: YESNIC CO. LTD.
Whois Server: whois.yesnic.com
Referral URL: http://www.yesnic.com
Name Server: HOST1.WHOIS.CO.KR
Name Server: NS1.YESNIC.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 24-aug-2006
Creation Date: 02-nov-1999
Expiration Date: 02-nov-2015

Oh boy, a name server in Korea! This is sounding so much like the real Western Union!

How about the real westernunion.com?

Registrant:
Western Union
Ritchie Drews
100 Summit Avenue
Montvale, NJ 07645
US
Email: ritchie.drews at westernunion.com

Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com

Domain Name: westernunion.com

Created on..............: Sun, Oct 08, 1995
Expires on..............: Sat, Oct 06, 2012
Record last updated on..: Mon, Sep 25, 2006

Administrative Contact:
Western Union
WU DNS Admin
100 Summit Ave.
Montvale, NJ 07645
US
Phone: +1.2012635000
Email: WUDNS.Admin at westernunion.com

Wow, someone named Ritchie. I salute them.

Remember, don't fall for these damned scams. Your banks, credit card companies, etc. will never ask for all your billing information when you log in. Get in contact with the companies in question, if you're worried, but look up the phone numbers yourself; don't rely on anything inside these scam e-mails.

If you accidentally fall for the scam, for goodness sakes call the actual company that you thought this was and tell them what happened. It's either embarrassment in fessing up, or your entire savings - your choice.

Hopefully, we can shut down these jerks before they do anything.

...again.

1 comment

Comment from: Joe Blow [Visitor]
Joe Blow

———————————————–
Queried Domain Information as follows
———————————————–

Domain Name : yesnic.com

::Registrant::
Name : YesNIC Co., Ltd.
Email : dmanager@yesnic.com
Address : Seobuk B/D 4F 740-3 Yeoksam-dong, Gangnam-gu, Seoul
Zipcode : 135-080
Nation : KR
Tel : 82-2-5577-011
Fax : 82-2-555-0398

::Administrative Contact::
Name : Charlse Lee
Email : dmanager@yesnic.com
Address : Seobuk B/D 4F 740-3 Yeoksam-dong, Gangnam-gu, Seoul
Zipcode : 135-080
Nation : KR
Tel : 82-2-5577-011
Fax : 82-2-555-0398

::Technical Contact::
Name : YesNIC Co.,Ltd.
Email : dmanager@yesnic.com
Address : Seobuk B/D 4F 740-3 Yeoksam-dong, Gangnam-gu, Seoul
Zipcode : 135-080
Nation : KR
Tel : 82-2-5577-011
Fax : 82-2-555-0398

::Name Servers::
ns1.yesnic.com 211.245.23.51
host1.whois.co.kr 218.232.110.134

::Dates & Status::
Created Date 1999-11-02 05:21:35 EST
Updated Date 2007-05-16 15:38:06 EDT
Valid Date 2016-11-02 04:21:35 EST
Status ACTIVE

05/22/09 @ 10:15