Phishers use Federal Reserve Bank to warn about phishing

May 13, 2009 Leave a Comment

Phishers send out a warning regarding a country-wide phishing attack and use the Federal Reserve Bank as the origin. The email is sent from Corporate Banking Alert <cmsupport@federalreservebank.com> – this is spoofed because the real SMTP From address is quite different.

Some subject samples:

Federal Reserve Bank – Urgent Security Notification
Federal Reserve Bank – Customer Service Notification

Body of the email:

FEDERAL RESERVE BANK

 

Important:

 

You’re getting this letter in connection with new directions issued by U.S. Treasury Department. The directions concern U.S. Federal Wire online payments.

 

A country-wide phishing attack began on May 6, 2009. It’s taking place hitherto. Therefore a great number of banks and credit unions is affected by this attack and quantity of illegal wire transfers has reached an extremely high level.

 

U.S. Treasury Department, Federal Reserve and Federal Deposit Insurance Corporation (FDIC) in common worked out a complex of immediate actions for the highest possible reduction of fraudulent operations. We regret to inform you that definite restrictions will be applied to all Federal Wire transfers from May 12 till May 25.

 

Here you can get more detailed information regarding the affected banks and U.S. Treasury Department restrictions:

 

 

hxxp://fedwire.usatreasury-direct.us/36374/FRB/phishing/Issue~73624/

 

Federal Reserve Bank System Administration

Some IPs of the email source:

94.222.248.23 (dslb-094-222-248-023.pools.arcor-ip.net)
88.249.38.101 (dsl88-249-9829.ttnet.net.tr)
201.240.92.239 (client-201.240.92.239.speedy.net.pe)

When we tried to visit the site all we got where time outs. The domain usatreasury-direct.us is registered in Italy by the DNS-agent CSL COMPUTER SERVICE (D.B.A. JOKER.COM) under the name Germana Esposito in Maissana, Italy. The domain resolves to the IP 221.5.74.34 which is located in Chine and under the management of CNC Group Guangdong.

Here is a list of domains that are involved in this phishing and are being used on the IP 221.5.74.34:

 
esecure-federal.com
esecure-federal.net
esecure-federal.us
federalbanks.us
federalbanksystem.com
federalbanksystem.net
federalbanksystem.us
federalreserve-direct.com
federalreserve-direct.us
federalreserve-online.com
federalreserve-online.us
fedwire.usatreasury-direct.net
fedwire.usatreasury-direct.us
frb-direct.net
frb-secure.net
mail.federalreserve-direct.us
mail.frb-direct.net
mail.frb-secure.net
mail.usatreasury-direct.net
ns1.esecure-federal.com
ns1.esecure-federal.net
ns1.esecure-federal.us
ns1.federalbanks.us
ns1.federalbanksystem.com
ns1.federalbanksystem.net
ns1.federalbanksystem.us
ns1.federalreservebanks-online.us
ns1.federalreserve-direct.com
ns1.federalreserve-direct.net
ns1.federalreserve-direct.us
ns1.federalreservenet.us
ns1.federalreserve-online.com
ns1.federalreserve-online.net
ns1.federalreserve-online.us
ns1.fedreservebanks.com
ns1.fedreservebanks.net
ns1.fedreservebanks.us
ns1.frb-direct.net
ns1.frb-direct.us
ns1.frb-secure.com
ns1.frb-secure.net
ns1.treasurydept.us
ns1.usatreasury-direct.com
ns1.usatreasury-direct.net
ns1.usatreasury-direct.us
ns2.esecure-federal.com
ns2.esecure-federal.net
ns2.esecure-federal.us
ns2.federalbanks.us
ns2.federalbanksystem.com
ns2.federalbanksystem.net
ns2.federalbanksystem.us
ns2.federalreservebanks-online.us
ns2.federalreserve-direct.com
ns2.federalreserve-direct.net
ns2.federalreserve-direct.us
ns2.federalreservenet.us
ns2.federalreserve-online.com
ns2.federalreserve-online.net
ns2.federalreserve-online.us
ns2.fedreservebanks.com
ns2.fedreservebanks.net
ns2.fedreservebanks.us
ns2.frb-direct.net
ns2.frb-direct.us
ns2.frb-secure.com
ns2.frb-secure.net
ns2.treasurydept.us
ns2.usatreasury-direct.com
ns2.usatreasury-direct.net
ns2.usatreasury-direct.us
usatreasury-direct.net
usatreasury-direct.us
usbanks.esecure-federal.net
usbanks.esecure-federal.us
ustreasury.federalbanks.us
ustreasury.federalbanksystem.com
ustreasury.federalbanksystem.net
ustreasury.federalbanksystem.us
ustreasurydept.frb-direct.net
ustreasurydept.frb-direct.us
wire.esecure-federal.com
wire.federalreserve-direct.com
wire.federalreserve-online.us
wire.frb-secure.net
www.esecure-federal.com
www.esecure-federal.net
www.esecure-federal.us
www.federalbanks.us
www.federalbanksystem.com
www.federalbanksystem.net
www.federalbanksystem.us
www.federalreserve-direct.com
www.federalreserve-direct.us
www.federalreserve-online.com
www.federalreserve-online.us
www.frb-direct.net
www.frb-secure.net
www.usatreasury-direct.net
www.usatreasury-direct.us
 

Filed under Phishing Tagged with ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers