False Bank Phishing Scams

Spammers are now targeting Microsoft Windows XP registration in addition to banking scams.
Examples of phishing emails
2.34am 18th February 2005: massive phishing spam attack directed at Barclays Bank customers: (50% of spam traps hit) 
Return-Path: Bob@barclays.co.uk
X-ClientAddr: 210.65.10.228
Received: from 210.65.10.228 (210-65-10-228.HINET-IP.hinet.net [210.65.10.228] (may be forged))
Date: Fri, 18 Feb 2005 02:34:04 +0000
From: =?iso-8859-1?B?QmFyJiMxOTc2Y2xheXM=?= Bob@barclays.co.uk
To: isadora@antibes.co.uk
Subject: {Bad Spam?} =?iso-8859-1?B?QmEmIzgyMzg7YWxjciYjODIzNjt5cyBlLSYjMTA5OyYjMDk3OyYjMTA1JiMxMDg7?=
     =?iso-8859-1?B?IHZlcmlmaWNhJiMxMTZpb24gLSBpc2Fkb3JhQGFudGliZXMuY28udWs=?=
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=567.4, required 8,

D‮ae‬r Ba‮alcr‬ys Mem‮eb‬r,



T‮sih‬ ema‮li‬ was se‮tn‬ by the
Ba‮syalcr‬ ser‮ev‬r to
v‮yfire‬ y‮uo‬r e‮iam‬l ad‮sserd‬.
You mu‮ts‬ comple‮et‬ t‮ih‬s
p‮or‬cess by c‮ikcil‬ng

on the li‮kn‬ b‮wole‬ and en‮gniret‬
in the sm‮la‬l wi‮dn‬ow
yo‮ru‬ B‮syalcra‬ Membership
number, passcode and memorable word.

Th‮si‬ is d‮eno‬ for
y‮ruo‬ pro‮oitcet‬n -
b‮ce‬ause s‮emo‬ of our
me‮bm‬ers no longer
have a‮secc‬s to t‮eh‬ir
em‮lia‬ a‮erdd‬sses and we

m‮tsu‬ veri‮yf‬ it. To verify y‮ruo‬
e‮iam‬l a‮sserdd‬ and acc‮sse‬
y‮uo‬r b‮na‬k accou‮tn‬,
c‮il‬ck on
the li‮kn‬ b‮wole‬:



http://barcl޿ay޼s.޿co.u޹k/6JzI2AE58xpUFRzxwjolTFrtNHJUJuR2GJ4WxKqmYgHk4O5Ek7AAztpe7840z8x8c4
The following bank scam is sourced in America. The more we put sample spams on this site, the more we become aware of the pollution that America is spreading throughout the world . . . Meanwhile America disables itself as Comcast is used by Americans for legitimate email, but it is a very significant source of spam. 
Return-Path: security-notice@if.com
X-ClientAddr: 67.174.128.253
Received: from c-67-174-128-253.client.comcast.net (c-67-174-128-253.client.comcast.net [67.174.128.253])
Message-ID: 934901c50e36$c76b2a35$a1b1f19a@if.com
From: Intelligent Finance security-notice@if.com
To: joe@antibes.co.uk
Subject: {Bad Spam?} Accessibility of your account
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=750.5, required 8,
     ABSOLUTERUBBISH 2.00, ALMOSTRUBBISH -1.00, APPLES1 10.00,
     APPLES2 2.00, APPLES3 4.00, APPLES5 2.00, APPLES7a 2.00,
     APPLES7b 7.00, APPLESA 0.01, APPLESB 0.01, APPLESC 0.01,
     APPLESD 8.00, APPLESX1 27.00, APPLESX2 27.00, APPLESX3 20.00,
     APPLESX5 1.00, APPLESX6 1.00, APPLESX8 41.00, APPLESY1 26.00,
     APPLESY2 26.00, APPLESZ1 19.00, APPLESZ2 19.00, APPLESZ3 19.00,
     APPLESZ4 19.00, APPLESZ5 1.00, ASPACC -0.01, BANKINGWORD 1.00,
     BANKSCAM4 1.00, BLOCKBANK1 100.00, BLOCKPLUS 130.00, COMCASTER 7.00,
     COMCASTX 7.00, COMPLETERUBBISH 1.00, COUNTAPPLES5 5.00,
     COUNTAPPLES6 7.00, DELETEAFTER 20.01, DELETEREMAINDER 0.01,
     DINSPECT 0.01, EMPIRE 200.00, HTMLCODE 1.00, HTML_20_30 1.16,
     HTML_FONT_COLOR_GRAY 1.80, HTML_MESSAGE 0.10, NEWAPPLES 0.40,
     NEWNEG2 0.01, NEWPIP1 0.01, ONETOFIVENE 2.00, ONETWOFIVEONZ 1.00,
     ORANGE4 2.00, PIPS5b 2.00, REALMAIL -3.00, STANDARD_FOOT -25.00,
     WIDOX 5.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss

Dear valued Intelligent Finance customer

We regret to inform you that online access for your account is about to expire.
You may not be able to access it in a few days.
For your convenience, you should use provided link to proceed and access your account.

http://my.intellfinance.biz/_mem_bin/FormLogin.php

Intelligent Finance, a division of Halifax plc.
Registered in England No.2367076.
Registered Office: Trinity Road, Halifax, West Yorkshire HX1 2RG.

Dear valued Intelligent Finance customer

We regret to inform you that online access for your account is about to expire.
You may not be able to access it in a few days.
For your convenience, you should use provided link to proceed and access your account.

Navigate here to access your account now

Intelligent Finance, a division of Halifax plc.
Registered in England No.2367076.
Registered Office: Trinity Road, Halifax, West Yorkshire HX1 2RG.

IF is hiring! As well as an excellent salary and benefit package, Intelligent Finance offers a culture and working environment that supports and encourages personal achievement at every level. Whether you're a school-leaver, a graduate or looking to move on from your current role, if you've got energy, drive and passion, we'd welcome your involvement. Examine our site for more information on careers.
This bank scam is routed through a distant country. 
Return-Path: 
X-ClientAddr: 211.38.31.22
Received: from 211.38.31.22 ([211.38.31.22])
Message-ID: 492d01c50aa8$4bdf19f1$ec490f9a@lloydstsb.co.uk
From: Lloyds TSB Security 
Subject: {Bad Spam?} [Alert] Your Lloyds TSB account
Date: Fri, 04 Feb 2005 10:59:33 +0000
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=780.6, required 8,
     ABSOLUTERUBBISH 2.00, ALMOSTALLRUBBISH 1.00, ALMOSTRUBBISH -1.00,
     APPLES1 10.00, APPLES3 4.00, APPLES5 2.00, APPLES6 10.00,
     APPLES7a 2.00, APPLES7b 7.00, APPLESA 0.01, APPLESB 0.01,
     APPLESC 0.01, APPLESD 8.00, APPLESX2 27.00, APPLESX4 5.00,
     APPLESX5 1.00, APPLESX6 1.00, APPLESX8 41.00, APPLESY1 26.00,
     APPLESY2 26.00, APPLESZ1 19.00, APPLESZ3 19.00, APPLESZ4 19.00,
     APPLESZ5 1.00, ASPACC -0.01, BANKINGWORD 1.00, BANKSCAM12 1.00,
     BANKSCAM4 1.00, BANKWORD 20.00, BLOCKERA 70.00, BLOCKPLUS 130.00,
     CHERRY3 -3.00, COMBINATION5 50.00, COMBINATIONL4 33.00,
     COMBINATIONY4 10.00, COMPLETERUBBISH 1.00, COUNTAPPLES5 5.00,
     DELETABLE 1.00, DELETEAFTER 20.01, DELETENEXT 20.01,
     DELETEREMAINDER 0.01, DIFFAPPLE1 0.01, DINSPECT 0.01,
     NUMS 0.50, HTMLCODE 1.00, HTML_20_30 1.16,
     HTML_FONT_COLOR_GRAY 1.80, HTML_MESSAGE 0.10,
     HTML_TAG_EXISTS_TBODY 2.00, INSPECT3 0.01, LETTOMETER 35.00,
     MILDBAST3 30.00, NEARLYALLRUBBISH 1.00, NEWAFTER 1.00, NEWNEG2 0.01,
     NEWNEG3 9.00, NEWNEG4 10.00, NEWPIP1 0.01, NEWPIP2 0.01,
     NETOFIVEON 2.00, NETOFIVEOZ 1.00, ORANGE2 1.00, ORANGE4 2.00,
     ORANGEER 0.01, PASSIONATC 1.00, PASSIONFRUIT 1.00, PIPS2 3.00,
     PIPS3 3.00, PIPSX1 2.00, PROBM1 20.00, PROBM2 0.01, PROBM3 60.00,
     REALMAIL -3.00, SPAAMESC 0.01, TOFORWARD2 -7.00, VTEST1 6.00,
     WIDOX 5.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss

Official notice

Dear Lloyds TSB customer,

Please note that Lloyds TSB Online Access for your account is about to expire.

In order for it to remain active, please sign in to it as soon as possible.

Use the link below to proceed and access your account.

http://online.lloydstsb-bank.biz/customer.htm

With Lloyds TSB Online access you can complete most of your banking requirements
online. All you need is to sign on to Internet Banking.

Apart from making it easier to manage your money wherever you are, 24 hours a day, 7
days a week, Internet banking can also give you the chance to win a holiday. Just
imagine where you could go with ?5,000 to spend on travel. Log on to Internet
banking between 1 October 2004 and 31 March 2005, and every time you log on, we'll
enter you in our free prize draw for a holiday worth up to ?5,000. See our site for
more details.

Lloyds TSB Bank plc
Products and Services

Copyright (c) 2005 Lloyds TSB Bank plc and Lloyds TSB Scotland plc
Here's a bank phishing attack routed through Spain: 
Return-Path: support-auto36@wamu.com
X-ClientAddr: 81.172.60.216
Received: from 81-172-60-216.usuarios.retecal.es (81-172-60-216.usuarios.retecal.es [81.172.60.216])
Received: from wamu.com (mtav004.erms-02.wamu.com [167.88.201.35])
     by 81-172-60-216.usuarios.retecal.es (Postfix) with ESMTP id 38665DD976
Reply-To: Washington Mutual Support support-auto86@wamu.com
From: Washington Mutual support-auto36@wamu.com
To: Mv
Subject: {Bad Spam?} Debit Card Attention
Date: Fri, 04 Feb 2005 05:43:38 -0800
Message-ID: 100001c50abf$4a943d9b$ef8c3eba@wamu.com
X-AntiVirus: Checked by Dr.Web (http://www.drweb.net)
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=185, required 8,
     ALMOSTBANKSCAM 30.00, ALMOSTREALSPAM 5.00, ASPACC -0.01,
     BANKINGWORD 1.00, BANKSCAM3 1.00, BANKSCAM4 1.00, BANKSCAM6 1.00,
     BANKSCAM7 1.00, BANKWORD 20.00, FROM_ENDS_IN_NUMS 0.50,
     HTML_10_20 1.36, HTML_MESSAGE 0.10, MIME_HTML_ONLY 1.00,
     MSN_FOOT 1.00, NEWAFTER 1.00, NEWID2 5.00, PASSIONATC 1.00,
     PASSIONATE 1.00, PASSIONFRUIT 1.00, POSSIBLEBANKSCAM 50.00,
     SCAMS 30.00, SCAMS2 30.00, SPAAMESC 0.01, SPAAMESS 0.01,
     SPAMMERFRUITS 1.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss

Washington Mutual Online Banking
Dear member,

By this letter we inform you, that our bank is switching to newest transactions
security standards.

Washington Mutual ATM services utilize advanced security technology to protect your
personal financial information.

Both software and hardware will be updated.

Go to:Washington Mutual Online Banking

This security upgrade will be effective immediately and requires our customers to
update their ATM card information.

Thank you for choosing Washington Mutual.


Return-Path: 
Received: from mother.34sp.com (mother.34sp.com [212.73.244.51])
Received: (qmail 24894 invoked by uid 2525); 24 Jan 2005 02:15:34 -0000
Subject: {Spam?} Urgently Verify Your Identity
From: Household Verify Identity Team 
Reply-To: verify-identity@household.com
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=36.5, required 8,
     ASPACC -0.01, BANKINGWORD 1.00, BANKSCAM10 1.00, BANKSCAM6 1.00,
     BANKWORD 20.00, HTML_10_20 1.36, HTML_MESSAGE 0.10,
     MIME_ONLY 1.00, PAGE 4.00, VTEST1 6.00,
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssss

Dear Household member,

We have to inform you that your credit card has been used online more than two times,
 logged from different IPs in the same hour.

In order to verify that you are the real owner of the credit card, please complete
the following form linked bellow:

www.household.com/creditcardusr988488884?do-form.php


Return-Path: wwwuser@cgi04.plus.net
Received: from cgi04.plus.net (cgi04.plus.net [195.166.130.180])
     by lon-gs1mx.mistral.net (Postfix) with ESMTP id 4647E34002
Received: from wwwuser by cgi04.plus.net with local (Exim 4.31; FreeBSD)
     id 1CrIi3-000CrQ-V3
Subject: {Bad Spam?} Security Update
From: Lloyds TSB Security Department Security@LloydsTSB.com
Message-Id: E1CrIi3-000CrQ-V3@cgi04.plus.net
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=271.8, required 8,
     ALMOSTREALSPAM 5.00, ALMOSTRUBBISH -1.00, APPLES5 2.00,
     APPLES6 10.00, APPLESB 0.01, APPLESC 0.01, APPLESX4 5.00,
     APPLESX5 1.00, APPLESX6 1.00, BANKINGWORD 1.00, BANKSCAM12 1.00,
     BANKSCAM4 1.00, BANKWORD 20.00, BLOCKSPAMMERS 20.00,
     CLICK_BELOW 3.00, DELETEREMAINDER 0.01, DIFFAPPLE1 0.01,
     HIDE_WIN_STATUS 3.00, HTMLCODE 1.00, HTMLCODE2 1.00, HTML_50_60 1.00,
     HTML_FONT_COLOR_RED 1.50, HTML_FONT_COLOR_UNSAFE 1.00,
     HTML_IMAGE_ONLY_08 5.00, HTML_MESSAGE 0.10,
     HTML_TAG_BALANCE_TABLE 0.19, JAVASCRIPT_URI 15.00,
     MIME_HTML_ONLY 1.00, NEWNEG2 0.01, NEWNEG3 9.00, NEWPIP1 0.01,
     NEWPIP2 0.01, PEARTOT 1.00, PIPS2a 2.00, PIPS8 2.00, PIPSY2 2.00,
     PRICKLYPEAR1 4.00, REALSPAM 65.00, REPLY_TO_EMPTY 5.00,
     RISK_FREE 80.00, SPAMMERAMESS 1.00, SPAMAMES 1.00,
     SPANAMESS 0.01, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
Dear Lloyds TSB Customer.


As part of our continuing commitment to protect your Lloyds TSB account and to reduce
the instance of fraud on our website, we are undertaking a period review of our
members accounts.


You are requested to visit our website, login to your account and fill in the
required information.


Please click on the link below to login to your account:


https://online.lloydstsb.co.uk/logon.ibc


This is required for us to continue to offer you a safe and risk free environment to
send money online and maintain the Lloyds TSB experience.


We will ask you to pass over this warning, the recent cases of fraudulent use of
clients accounts forced the Technical services of the bank to update the software.










Accounts Management Team.

Thank you for using Lloyds TSB Online
. . . A new version of the data phishing scam . . . 
Return-Path: mailuid@web1.east.net
X-ClientAddr: 202.106.187.45
Received: from web1.east.net ([202.106.187.45])
Date: Sat, 29 Jan 2005 02:57:15 +0800
Message-Id: 200501281857.j0SIvFK04906@web1.east.net
From: Y5S44E_XP_Accounts@microsoft.com ()
Subject: {Bad Spam?} Activate your windows xp SLRR3J
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=505.7, required 8,
     ABSOLUTESPAM 75.00, ALMOSTBANKSCAM 30.00, ALMOSTREALSPAM 5.00,
     ALMOSTRUBBISH -1.00, APPLES4 4.00, APPLESA 0.01, APPLESC 0.01,
     BANKINGWORD 1.00, BANKSCAM13 1.00, BANKSCAM4 1.00, BANKSCAM5 1.00,
     BANKWORD 20.00, BUGGY_CGI -2.00, CHERRY3 -3.00, COMBINATIONL4 33.00,
     DEFINITESPAM 70.00, DELETEREMAINDER 0.01, DINSPECT 0.01,
     ENGLISHSENDER -10.00, EXTREMETEDIOUS 160.00,
     FROM_HAS_MIXED_NUMS 2.00, HTML_00_10 1.21, HTML_MESSAGE 0.10,
     NEARLYALLRUBBISH 1.00, NEWAFTER 1.00, NEWAPPLES 0.40, NEWID2 5.00,
     NEWNEG2 0.01, NEWPIP1 0.01, NIGER6a 5.00, ORANGE4 2.00,
     ORANGEER 0.01, OUTWORDS 0.01, PIPS2 3.00, REALSPAM 65.00,
     SINGLE 1.00, SUBJ_HAS_SPACES 6.00, UNIQ_ID 7.00,
     SPACES_UNIQID 20.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss



Below is the result of your feedback form.  It was submitted by
(Y5S44E_XP_Accounts@microsoft.com) on Saturday, January 29, 2005 at 02:57:14
---------------------------------------------------------------------------

: Hello Microsoft user,

We here at Microsoft would like you to still receive your normal computer updates,
That Will protect your computer from Viruses and spyware. We have noticed A lot of
people are illegally Using our services Without paying for their Windows Operating
System. Therefor we've made a web site so you can update or validate your windows
serial and credit card information. If you do not comply with our policy, windows
will ask you to reactivate your serial number, and it will become invalid. So you
will lose
any information on your computer. If you do not validate your serial number, your
copy of windows will be labeled as piracy.

Your Credit Card will not be charged. We use your
credit card information to validate your windows system. If any one else has your
serial number we will contact you by phone.
It is critical that you update your serial number and validate it, so no one else
will attempt to use it. We've also added Programs to help fight
piracy and adware. After your verification is complete, You can download these
programs free of charge.

Please validate your account by Signing in our web site below.


http://windowsxpactivate.cjb.net



Thank you

James Carter
Windows XP Activation Team

XP Confirmed number; M3R38G





"We here at Microsoft would like you to validate your Microsoft windows activation
key in order to prevent against fraudulent use of the windows software.
Microsoft cares about your security and is working hard to keep windows secure. In
support of our continuing efforts we encourage you
to spend a minute and validate your Microsoft windows (TM) licensee key "
























RGC3UA

---------------------------------------------------------------------------
This one is sent via Egypt but of course it's an American scam 
registrant-firstname:            Nicole
registrant-lastname:             Maas
registrant-street1:              3421 Hoffman Drive Apt. 4
registrant-pcode:                54467
registrant-state:                WI
registrant-city:                 Plover
registrant-ccode:                US
registrant-phone:                +1.9209889167
registrant-email:                hamadaz10@yahoo.com

admin-c-firstname:               Nicole
admin-c-lastname:                Maas
admin-c-street1:                 3421 Hoffman Drive Apt. 4
admin-c-pcode:                   54467
admin-c-state:                   WI
admin-c-city:                    Plover
admin-c-ccode:                   US
admin-c-phone:                   +1.9209889167
admin-c-email:                   hamadaz10@yahoo.com
and "Click here" goes to www.regions-update.com: 
Return-Path: dncfrrcdei@msn.com
Received: from [82.201.208.20] (helo=10.0.0.140)
Received: from 46.81.193.50 by ; Sat, 07 Feb 2004 05:46:52 -0400
Message-ID: PSKQODDUKHNGLTJLWCONXPU@hotmail.com
From: "Regions SECURITY DEPARTMENT" SECURITY@Regions.com
Reply-To: "Regions SECURITY DEPARTMENT" SECURITY@Regions.com
To: latrobe@mistral.co.uk
Subject: {Bad Spam?} account temporary suspension
X-www.antespam.co.uk-SpamCheck: spam, SpamAssassin (score=98.9, required 8,
     ALMOSTREALSPAM 5.00, ALMOSTRUBBISH -1.00, ASPACC -0.01, ASPACE -0.01,
     BANKINGWORD 1.00, BANKSCAM2 1.00, BANKSCAM4 1.00, BANKWORD 20.00,
     BODY_CONTAINS_VALIUM 2.00, CHERRY3 -3.00, CLICK_BELOW 3.00,
     DATE_IN_PAST_96_XX 1.50, DELETEREMAINDER 0.01, FORPASSIONSP 50.00,
     HTMLCODE 1.00, HTML_90_100 1.78, HTML_FONT_BIG_B 0.50,
     HTML_IMAGE_ONLY_10 0.50, HTML_IMAGE_RATIO_04 4.00,
     HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.10,
     HTML_TAG_EXISTS_TBODY 2.00, JAVASCRIPT_URI 15.00, LOWERCAP 0.01,
     MICROSOFT_EXECX3 -8.00, MIME_HTML_NO_CHARSET 0.73,
     MIME_HTML_ONLY 1.00, NEWNEG2 0.01, NEWPIP1 0.01, ORANGE4 2.00,
     ORANGEER 0.01, PIPS5 2.00, SARE_MSGID 1.67,
     TOFORWARD2 -7.00, score 1.00)
X-www.antespam.co.uk-SpamScore: ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss

Dear Regions valued member,


On the date of Friday, February 4, 2005 7:23 AM there was a login trials from
a foreign IP address which resulted with your account
temporary suspension .
for your security
you have to immediately reactivate your account
Please

click here to reactivate your account

Privacy
Your trust in us is of utmost importance to our organization. Find out more about how we protect you.


 *This document requires the Adobe Acrobat Reader Plug-in.

With sophistication beyond any other anti-spam system we check incoming email for over 10,000 criteria to give the best possible accuracy


CONTACT US

Unsurpassed Spam blocking for any email address published on a webpage. Monitored spam-bin minimises risks of losing wanted emails. Don't trust services where you do not know what mails you are losing! Don't trust anti-spam software which has to be downloaded onto your computer.

EMAIL BEFORE SPAM - ANTE-SPAM!

We aim to stop spam without stopping your business. If you don't have the services of an antispam spam blocking system, you are likely to waste hours per day in due course, viewing and deleting spam. The headache you will have, together with the speed at which you have to delete hundreds of emails, will mean that you delete your wanted emails by mistake. We block them before they get to you and we do so in a careful manner unlike any other anti-spam service.
Many anti-spam spam remedy services are crude and are capable of losing valuable business communications. Many people say "I don't need it - I have installed Product X on my computer" . . . but the reality is that if your existing solution is going to be effective for you, you'll have to waste thousands of hours re-inventing the wheel. Is your time you'll waste worth less than £70 per year?

In contrast to one-solution-fits all software you install on your machine or worse, buy from an ISP, we tailor our spam remedy service to the needs of our individual clients and our results benefit from years of research. You do not need to download software on your computer: we block the spam at our server.

ORDERING THE SERVICE

How much? Just £70 per year ($130 or 110EU) per address protected. Discounts for multiple addresses. Pay with Paypal, cheque or bank transfer.
We do the work to help you get on with your work.

If you want to buy maintained filter service to run on your version of SpamAssassin, please enquire: guide £4000 to £30,000 depending on the size of your organisation. They can save you this in problems your server will encounter running Bayes and large databases - and is much more accurate!
CONTACT US