Blog for hpHosts, and whatever else I feel like writing about ....

Friday 13 November 2009

Warning: BT (British Telecom) customers beware!

As if BT ripping you off by charging a fortune for calling people isn't enough (over £2 for under 3 mins to a US number!!!!), the phishers have come up with a little help for our dear BT management and shareholders, in the form of a phishing scam.

I was advised about this a little earlier (sorry folks, was sleeping or would've posted this earlier). I don't have the original headers for the e-mail, but needless to say, the following is about the size of it;

----- Original Message -----
From: BT Billing Support <mailto:ebilling@bt.com>
Sent: Wednesday, November 11, 2009 1:32 PM
Subject: BT Notification: Account Update Needed

BT <http://www.bt.com/>

Dear Customer,

This e-mail has been sent to you by BT to inform you that we were unable to process your most recent payment of bill.This might be due to either of the following reasons:

1. A recent change in your personal information. (eg: billing address, phone)
2. Submitting incorrect information during bill payment process.

Due to this, to ensure that your service is not interrupted, we request you to confirm and update your billing information today by clicking here. <http://rehobothbeachvacationde.com/upgrade/update>

If you have already confirmed your billing information then please disregard this message as we are processing the changes you have made.

Kind regards,

BT Total Broadband team

To ensure future emails from BT are delivered to your inbox and not treated as spam, please add emailsupport@btcomms.com to your address book.
This email was sent by planning-inc, an approved BT supplier, to you
from the domain btcomms.com because its content concerns one of your BT services.


Subscribe to BT emails <http://email.bt.com/keepinformed/?s_cid=con_email_marketing_KEEPINFORMED_FOOTERPROMO_SERVICE> | Log in to BT <https://www2.bt.com/btPortal/application?namespace=security&event=link.login&pageid=profile_centre&siteArea=con.pfc&type=overview&com.bea.event.type=linkclick&portletns=profilecentre> | Contact us <http://www.bt.com/contactus> | Privacy policy <http://www.bt.com/privacypolicy>


British Telecommunications plc. Registered office: 81 Newgate Street London EC1A 7AJ
Registered in England No. 1800000.


The URL in the e-mail, as you can see above, is;

rehobothbeachvacationde.com/upgrade/update

IP: 74.52.15.66
IP PTR: barracuda.websitewelcome.com
ASN: 21844 74.52.0.0/14 THEPLANET-AS - ThePlanet.com Internet Services, Inc.

Registrant:
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: REHOBOTHBEACHVACATIONDE.COM
Created on: 01-Mar-08
Expires on: 01-Mar-10
Last Updated on: 06-Mar-09

Administrative Contact:
Carpenter, James green4spring@gmail.com
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
(302) 235-7322

Technical Contact:
Carpenter, James green4spring@gmail.com
S & A Services Inc.
1167 Old Wilmington Rd.
Hockessin, Delaware 19707
United States
(302) 235-7322

Domain servers in listed order:
NS245.WEBSITEWELCOME.COM
NS246.WEBSITEWELCOME.COM

WhoIs server: whois.godaddy.com


This redirects you to the following (see screenshot top left);

blonderhapsody.com/images/upgrade/https/bt.com/webscr/en-uk/secure/&i1bshowgif&UsingSSL&ru&pp&pa/Btinternet=userID12549JDk23/

IP: 69.65.3.130
IP PTR: server314.webhostingpad.com
ASN: 32181 69.65.0.0/18 ASN-ECOMD-COLOQUEST - GigeNET

Registration Service Provided By: Webhostingpad.com
Contact: dns@webhostingpad.com

Domain name: blonderhapsody.com

Registrant Contact:

DNS Admin (dns@webhostingpad.com)

Fax:
3655 Torrance Blvd
Torrance, CA 90503
US

Administrative Contact:
Webhostingpad.com
DNS Admin (dns@webhostingpad.com)
+1.8473429199
Fax:
5005 Newport Dr
Rolling Meadows, IL 60008
US

Technical Contact:
Webhostingpad.com
DNS Admin (dns@webhostingpad.com)
+1.8473429199
Fax:
5005 Newport Dr
Rolling Meadows, IL 60008
US

Status: Locked

Name Servers:
ns1.webhostingpad.com
ns2.webhostingpad.com

Creation date: 05 Jul 2009 12:20:07
Expiration date: 05 Jul 2010 12:20:07


After you've given them your username and password, you're then taken to;

blonderhapsody.com/images/upgrade/https/bt.com/webscr/en-uk/secure/&i1bshowgif&UsingSSL&ru&pp&pa/Btinternet=userID12549JDk23/confirm.php

Give them your credit card etc details, and you're then taken to;


Which after a few seconds, redirects you to the real bt.com website.

/update 16:35

I'm happy to report, Webhostingpad.com have gotten back to me and have confirmed they've now taken down the phish at blonderhapsody.com

No comments: