Trend Micro
Submit
 
JapanTaiwanChinaKorea
HomeProducts & ServicesPurchaseSupportSecurity InfoPartnersAbout Us
Virus Encyclopedia
Security Advisories
Scams & Hoaxes
Joke Programs
Spyware/Grayware
Phishing Encyclopedia
Virus Map
Subscriptions
First Line of Defense
General Virus Information
White Papers
Test Files
Webmaster Tools
TrendLabs - R&D
Home > Security Info > Phishing Encyclopedia > Overview > Your SkyBank Account Is Blocked
   
Your SkyBank Account Is Blocked
Company: Sky Financial Group

Date and Time Received:  June 8, 2005 8:56 AM

Summary
  • Apparent Sender: SkyBank [security@skyfi.com]
  • Visible Link: http://www.iskyfi.com/Blocked/verify/SignOn.htm
  • Phishing Link: http://www.iskyfi.com/Blocked/verify/SignOn.htm
  • Visited Link: http://www.iskyfi.com/Blocked/verify/SignOn.htm
  • Phishing Technique Used: Explicit Display of Phishing URL
  • Overview: Obtaining victim's userID and password, ATM card number, card expiry date, card PIN, Social Security number, and account number through spoofed URL. Spammed email pretends to be a legitimate Sky Financial Group verification email. The said email instructs the user to click a fake link that opens to a malicious Web site.

Email

The email threatens recipients that their Sky Online Banking account has been blocked and that they need to provide personal account details in order to regain access to the said account. The visible link to readers of the email is the actual phishing URL, http://www.iskyfi.com/Blocked/verify/SignOn.htm. Clicking this hyperlink directs a user to the phishing Web site.

Visited Site

The spoofed Web site bears a close resemblance to the legitimate Sky Online Banking Web page. Although the phishing address is not concealed, it uses a domain that is quite similar to the legitimate one. Like that of the legitimate login page, the phishing Web site asks for a User ID and password.

Clicking on the Sign-On button takes the user to a spoofed confirmation page, which prompts for an ATM Card number, card expiry date, card PIN, Social Security number, and account number. Note that there are no indications of a secure connection while the Web site asks for such sensitive information. Poor grammar can also be seen on the site, which is unlikely of a credible bank site.

After verifying the aforementioned details, the user is redirected to a standard thank you Web page.

Verification Details


Nslookup Result:
Name: iskyfi.com
Address: 69.49.101.19

WHOIS Result:
Country:    US
NameServer: NS1.MEGANAMESERVERS.COM
NameServer: NS3.MEGANAMESERVERS.COM
RegDate:    2003-05-22
Updated:    2004-12-13
 
Copyright (c) 1989-2008 Trend Micro Incorporated. All rights reserved. Legal Notice | Privacy Policy | Contact Us | Site Map