I was advised about this a little earlier (sorry folks, was sleeping or would've posted this earlier). I don't have the original headers for the e-mail, but needless to say, the following is about the size of it;
----- Original Message -----
From: BT Billing Support <mailto:ebilling@bt.com>
Sent: Wednesday, November 11, 2009 1:32 PM
Subject: BT Notification: Account Update Needed
BT <http://www.bt.com/>
Dear Customer,
This e-mail has been sent to you by BT to inform you that we were unable to process your most recent payment of bill.This might be due to either of the following reasons:
1. A recent change in your personal information. (eg: billing address, phone)
2. Submitting incorrect information during bill payment process.
Due to this, to ensure that your service is not interrupted, we request you to confirm and update your billing information today by clicking here. <http://rehobothbeachvacationde.com/upgrade/update>
If you have already confirmed your billing information then please disregard this message as we are processing the changes you have made.
Kind regards,
BT Total Broadband team
To ensure future emails from BT are delivered to your inbox and not treated as spam, please add emailsupport@btcomms.com to your address book.
This email was sent by planning-inc, an approved BT supplier, to you
from the domain btcomms.com because its content concerns one of your BT services.
Subscribe to BT emails <http://email.bt.com/keepinformed/?s_cid=con_email_marketing_KEEPINFORMED_FOOTERPROMO_SERVICE> | Log in to BT <https://www2.bt.com/btPortal/application?namespace=security&event=link.login&pageid=profile_centre&siteArea=con.pfc&type=overview&com.bea.event.type=linkclick&portletns=profilecentre> | Contact us <http://www.bt.com/contactus> | Privacy policy <http://www.bt.com/privacypolicy>
British Telecommunications plc. Registered office: 81 Newgate Street London EC1A 7AJ
Registered in England No. 1800000.
From: BT Billing Support <mailto:ebilling@bt.com>
Sent: Wednesday, November 11, 2009 1:32 PM
Subject: BT Notification: Account Update Needed
BT <http://www.bt.com/>
Dear Customer,
This e-mail has been sent to you by BT to inform you that we were unable to process your most recent payment of bill.This might be due to either of the following reasons:
1. A recent change in your personal information. (eg: billing address, phone)
2. Submitting incorrect information during bill payment process.
Due to this, to ensure that your service is not interrupted, we request you to confirm and update your billing information today by clicking here. <http://rehobothbeachvacationde.com/upgrade/update>
If you have already confirmed your billing information then please disregard this message as we are processing the changes you have made.
Kind regards,
BT Total Broadband team
To ensure future emails from BT are delivered to your inbox and not treated as spam, please add emailsupport@btcomms.com to your address book.
This email was sent by planning-inc, an approved BT supplier, to you
from the domain btcomms.com because its content concerns one of your BT services.
Subscribe to BT emails <http://email.bt.com/keepinformed/?s_cid=con_email_marketing_KEEPINFORMED_FOOTERPROMO_SERVICE> | Log in to BT <https://www2.bt.com/btPortal/application?namespace=security&event=link.login&pageid=profile_centre&siteArea=con.pfc&type=overview&com.bea.event.type=linkclick&portletns=profilecentre> | Contact us <http://www.bt.com/contactus> | Privacy policy <http://www.bt.com/privacypolicy>
British Telecommunications plc. Registered office: 81 Newgate Street London EC1A 7AJ
Registered in England No. 1800000.
The URL in the e-mail, as you can see above, is;
rehobothbeachvacationde.com/upgrade/update
IP: 74.52.15.66
IP PTR: barracuda.websitewelcome.com
ASN: 21844 74.52.0.0/14 THEPLANET-AS - ThePlanet.com Internet Services, Inc.
Registrant:
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: REHOBOTHBEACHVACATIONDE.COM
Created on: 01-Mar-08
Expires on: 01-Mar-10
Last Updated on: 06-Mar-09
Administrative Contact:
Carpenter, James green4spring@gmail.com
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
(302) 235-7322
Technical Contact:
Carpenter, James green4spring@gmail.com
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
(302) 235-7322
Domain servers in listed order:
NS245.WEBSITEWELCOME.COM
NS246.WEBSITEWELCOME.COM
WhoIs server: whois.godaddy.com
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: REHOBOTHBEACHVACATIONDE.COM
Created on: 01-Mar-08
Expires on: 01-Mar-10
Last Updated on: 06-Mar-09
Administrative Contact:
Carpenter, James green4spring@gmail.com
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
(302) 235-7322
Technical Contact:
Carpenter, James green4spring@gmail.com
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
(302) 235-7322
Domain servers in listed order:
NS245.WEBSITEWELCOME.COM
NS246.WEBSITEWELCOME.COM
WhoIs server: whois.godaddy.com
This redirects you to the following (see screenshot top left);
blonderhapsody.com/images/upgrade/https/bt.com/webscr/en-uk/secure/&i1bshowgif&UsingSSL&ru&pp&pa/Btinternet=userID12549JDk23/
IP: 69.65.3.130
IP PTR: server314.webhostingpad.com
ASN: 32181 69.65.0.0/18 ASN-ECOMD-COLOQUEST - GigeNET
Registration Service Provided By: Webhostingpad.com
Contact: dns@webhostingpad.com
Domain name: blonderhapsody.com
Registrant Contact:
DNS Admin (dns@webhostingpad.com)
Fax:
3655 Torrance Blvd
Torrance, CA 90503
US
Administrative Contact:
Webhostingpad.com
DNS Admin (dns@webhostingpad.com)
+1.8473429199
Fax:
5005 Newport Dr
Rolling Meadows, IL 60008
US
Technical Contact:
Webhostingpad.com
DNS Admin (dns@webhostingpad.com)
+1.8473429199
Fax:
5005 Newport Dr
Rolling Meadows, IL 60008
US
Status: Locked
Name Servers:
ns1.webhostingpad.com
ns2.webhostingpad.com
Creation date: 05 Jul 2009 12:20:07
Expiration date: 05 Jul 2010 12:20:07
Contact: dns@webhostingpad.com
Domain name: blonderhapsody.com
Registrant Contact:
DNS Admin (dns@webhostingpad.com)
Fax:
3655 Torrance Blvd
Torrance, CA 90503
US
Administrative Contact:
Webhostingpad.com
DNS Admin (dns@webhostingpad.com)
+1.8473429199
Fax:
5005 Newport Dr
Rolling Meadows, IL 60008
US
Technical Contact:
Webhostingpad.com
DNS Admin (dns@webhostingpad.com)
+1.8473429199
Fax:
5005 Newport Dr
Rolling Meadows, IL 60008
US
Status: Locked
Name Servers:
ns1.webhostingpad.com
ns2.webhostingpad.com
Creation date: 05 Jul 2009 12:20:07
Expiration date: 05 Jul 2010 12:20:07
After you've given them your username and password, you're then taken to;
blonderhapsody.com/images/upgrade/https/bt.com/webscr/en-uk/secure/&i1bshowgif&UsingSSL&ru&pp&pa/Btinternet=userID12549JDk23/confirm.php
Give them your credit card etc details, and you're then taken to;
Which after a few seconds, redirects you to the real bt.com website.
/update 16:35
I'm happy to report, Webhostingpad.com have gotten back to me and have confirmed they've now taken down the phish at blonderhapsody.com
No comments:
Post a Comment