NetWarning! - "Phish-ing" Season is always open for un-suspecting "suckers". Don't "flounder" into these nets...

My wife forwarded this to me, accurately assessing it as a scam, but asking my opinion.

Here is the message as it would appear in your Inbox:

Dear U.S. Bank valued member,

Due to concerns, for the safety and integrity of the online banking community we have issued this warning message.

It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports. If you could please take 5-10 minutes out of your online experience and renew your records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. This notification expires on May 20, 2004.

Once you have updated your account records your internet banking service will not be interrupted and will continue as normal.

Please follow the link below and renew your account information.

U.S. Bank Internet Banking
---

Let's take a look at the source for that link, shall we?

<a href=3D"http://203.131.92.146/www/">U.S. Bank Internet Banking</a>

Hmmmm. An IP address instead of an alias, not necessarily a problem, but always a 'red flag'. I did not bother to check the actual link. Assuming it still functions at all, I have little doubt it looks quite 'official'. I am equally sure that by the time you 'verify' your information, these jokers will have not only the info. they need to drain every last hard-earned shekel from your bank accounts, but also plenty of identity theft possibilities. Assuming they don't want to bother with the ID theft angle, they can easily 'e-fence' it to someone more inclined to such enterprises. That's the great thing about bits, they're so easy to squirt down the cable and across international borders.

BTW, hover over the link and you will see the destination address. These guys are not as sophisticated as some I have seen. They have a legitimate looking link that displays, while re-directing you to their site.

The other reason not to even try such links is the sites can contain all kinds of other nasties that might affect your system, even if you are smart enough not to fill in the blanks. Better off to just ignore the whole thing.

Other examples of what is called "Phishing" (Internet Scams - "Phish-ing" for your account information ) are requests for your PayPal, eBay and other Internet account information.

If we take a look as to where exactly we will be teleported when we connect to IP address 203.131.92.146 we find this:

Search results for: 203.131.92.146


OrgName: Asia Pacific Network Information Centre
OrgID: APNIC

Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:

OrgTechHandle: AWC12-ARIN

OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net


By the name, we are somewhere in the Far East. The 61 country code is for Australia. This is only the legitimate registrar. They point out in their comment that they are unable to address problems reported about this address. Not good.

Head here and type in the same address: 203.131.92.146
http://www.geobytes.com/IpLocator.htm?GetLocation

Country Code PH Country Philippines
Region Code PHMM Region Manila
City Code PHMMQCIT City Quezon City

Uh OH! Danger! Will Robinson! Danger!

For those not in the know, at least one major virus/worm outbreak comes to mind that originated in the Philippines. Active hacker nest.

In short, DON'T BELIEVE ANY MAILING THAT ASKS FOR ANY FINANCIAL/INTERNET ACCOUNT OR PERSONAL INFORMATION! Even if you think the request may be legitimate, NEVER use provided links, TYPE IN SITE NAMES MANUALLY!

If you feel it appropriate, feel free to forward this to whomever you feel would benefit from this analysis.

And, as Sarge used to say before every shift on Hill Street Blues, "Let's be careful out there..."