Nerds On Site

Notification of Irregular Account Activity – another Phish

Phishing is alive and well. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
I wrote this article to help you help others. As it turns out, only a small number of people encountering phishing attempts report them. Here I will show you step by step how easy it is to report phishing attempts to minimize a thief\’s ability to steal your friends\’ and associates\’ money and identities.
I received a phishing attempt this morning as you can see here:
\"\"It reads as follows:

Dear Customer,
BMO Bank of Montreal detected irregular activity on your Account on 23 January 2012. For your protection, you must verify this activity before you can continue using your BMO Bank of Montreal Account.
Click on the link below to access and verify your statement.
https://www1.bmo.com/cgi-bin/netbnx/NBmain?product=1 This instruction has been sent to all bank customers and is obligatory to follow.
Thank you
Customers Support Service
BMO Bank of Montreal.

The phishing technique is hidden, as usual. The URL shown above in the email is actually the correct URL. However, when clicked in the email itself, the link is to a phishing site at this URL:
\"\"

http://chiron.mn/wp-content/plugins/akismet/NBmain.html

Usually this URL is shown if you rest your mouse on a URL (as in the screenshot above when I rested my mouse over it). Naturally I checked to see if this wasn\’t already reported on StopBadware.org by using Google\’s SafeBrowsing tool. The URL I used is:
http://www.google.com/safebrowsing/diagnostic?site=chiron.mn
You can use the URL above yourself and just replace chiron.mn with the site you are checking. If you see a long URL, the only portion that matters is what\’s AFTER the http:// and BEFORE the next slash:
http://someurl.com/something/somethinglonger
You can try my posted URL above for yourself and I expect very shortly it should find and show the malware on this specific site I\’m reporting here. However, on my first visit, this is what I found:
\"\"
This means that StopBadware is not yet blocking this site for unsuspecting users, but the good news is anyone can help resolve that quickly. Here\’s what I did immediately: I browsed to:
http://www.google.com/safebrowsing/report_phish/
And here\’s how I completed the form (and ask you to do the same for any new phishing URLs you may encounter hidden in emails):
\"\"
When you\’ve completed the submission, you will see a confirmation, but note that the listing isn\’t immediate. It takes some time for the phishing site to be verified by others.
\"\"
Please note that like many phishing attempts they target people everywhere and with different banks. It so happened that I deal with this bank so I am a perfect target. The next one may be to you and your bank.
The best advice I\’ve heard is from Brian Krebs:

Never install software you don\’t seek out.

By extension the same goes for clicking links. If you are concerned about an email like this having some validity, then close your email program, launch your browser and go to your banking site by typing the URL, using your Bookmark/Favorites or whatever method you normally use. Avoid clicking on links in email.
Please help spread the word and educate everyone you know on the concept of Phishing.
P.S. Please note that all URLs in this article that are \’clickable\’ are safe. I have purposefully remove the click-ability on the bad ones.

Leave a Comment

Your email address will not be published.

Scroll to Top