Overview
»IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Phishing-BB&T Customer Service Customer Service: Please Confirm Your
Online Banking Records!
Date Discovered: 04/24/2007
Severity: Low
Target: BB&T Online Banking Service
Phishing Method: Explicit Display of Phishing URL
Visible Link: http://business-eb.client007147311-form.bbt
.com/clients/form/b_form.jsp
Actual/Phishing Link: http://business-eb.client114161-form.bbt.com
.hfyyee.tk/clients/form/b_form.jsp
IP Address: 211.43.204.122
Synopsis
Customers of the BB&T Online are being targeted by phishing e-mails. The purpose
of the email is to obtain customer's online banking information.
Recommended Actions
1. Update Anti-Virus/Anti-Spyware definitions, e-mail filters.
2. Avoid use of links in e-mail to access any web-page.
3. Avoid filling out forms in e-mail messages or pop-up windows requesting you to
provide personal financial information.
4. Report phishing or spoofed e-mail or website to reportphishing@antiphishing.com.
5. BB&T Online Consumer Alert should be read carefully.
Threat Analysis
The customers of the BB&T Online Banking Service are being targeted with fake
e-mail messages by phishers to obtain customer personal banking information. The
e-mail requests BB&T Online Banking Service customers to fill-up the BB&T Business
Online Client Form by visiting the phisher's hyperlink provided in the email message.

The phishing URL is explicitly displayed on the address bar on moving the mouse over
the email message. The domain name used by phisher's also resembles the actual
domain.

Visible Link:
http://business-eb.client007147311-form.bbt.com/clients/form/b_form.jsp
Actual/Phishing Link:
http://business-eb.client114161-form.bbt.com.hfyyee.tk/clients/form/b_form.jsp
Redirected Link:
http://business-eb.client114161-form.bbt.com.hfyyee.tk/clients/form/b_form.jsp
/account.php

On clicking anywhere in the email message body, phisher's web page is displayed, requesting the customer to provide personal banking information like Customer Id, User Id, and Password and the internet connection information that is, either the customer is connected via Cable modem/DSL/T1 or Dial-up modem.

As soon as the credentials are provided and the "SUBMIT" button is clicked, the customer is redirected to another web page to obtain other information like Name of Company, state, and email address. When the customer clicks "CONFIRM & EXIT" button, he/she is redirected to the BB&T Online Banking Service homepage. The phished customer's information is passed to the attacker in clear text form.

The phishing email has following characteristics:

From: "BB&T" [clientservice.ref94886621507.cm@bbt.com]
Subject: BB&T Customer Service Customer Service: Please Confirm Your Online Banking Records! (message id: y032830561547wb)



Phishing e-mail Message





Actual/Phishing Web Page





Verification Details

nslookup Result
Name: business-eb.client114161-form.bbt.com.hfyyee.tk
Address: 211.43.204.122

Write-up by: Sandeep Paul
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map