• Apparent Sender: HSBC Automated Notification [mail-notify@hsbc.com.au]
• Visible Link: Text string “Read the message now” in hyperlink form
• Phishing Link: http://202.53.75.82/onlinebanking/index.htm
• Visited Link: http://202.53.75.82/onlinebanking/index.htm
• Phishing Technique Used: Explicitly Displayed Phishing URL
• Overview: Obtaining victim's Personal Banking number and PIN through a spoofed URL. Spammed email pretends to be a legitimate HSBC verification email. The said email instructs the user to click a fake link that opens to a malicious Web site.

Email

The visible link in the email is a text string Read the message now in hyperlink form. Clicking this hyperlink directs a user to the phishing Web site. The phishing URL, http://202.53.75.82/onlinebanking/index.htm, is seen in the Internet status bar when the mouse is hovered over the visible link. Also, it may be seen when the email is viewed via a text editor such as Notepad.

Visited Site

The phishers made no attempt to hide the phishing URL. Thus, it is possible for users to determine that this is not a legitimate HSBC login Web page. The Web site has no secure connection indicator while asking for the user's personal banking number and personal identification number, which is very unlikely of a credible bank Web site.

Verification Details

Nslookup Result:
Name: 202.53.75.82.nettlinx.com
Address: 202.53.75.82

Address 202.53.75.82 is listed in 3 antispam databases.