Mastercard Spam Scam Phisher Pharmer

Nov. 29, 2007

Our filters caught a new scam originating from what appears to be an infected pc on the xo.net network (64.221.236.148), talking to a machine in Canada (66.49.135.181), which could be an open relay which delivered junk mail claiming to be from Mastercard wanting you to click a link to a server located in china (219.131.197.197) which is supposed to be the home page of the Farmers Bank, where ever they may be.

If you click on the link provided in the email, you deserve what you get.

Here is a classic example of a Phisher or Pharmer

Dear MasterCard Member,

For the User Agreement, Section 9, MasterCard may immediately issue a warning, temporarily suspend, indefinitely
suspend or terminate your Credit Card and refuse to provide our services to you if we believe that your actions
may cause financial loss or legal liability for you, our users or us. Our terms and conditions you agreed to state
that your service must always be under your control or those you designate all times. We have noticed some unusual
activity related to your service that indicates that other parties may have access and or control of your MasterCard
Credit Card. We recently noticed one or more attempts to log in to your MasterCard Credit Card service from a foreign IP address

If you recently accessed your service while traveling, the unusual log in attempts may have been initiated by you.
However, if you did not initiate the logins, please visit The Farmers Bank homepage as soon as possible to restore
your account status.

The log in attempt was made from – ISP host : c-64-154-34-134.hsfgd1.il.comcast.net

To restore your Credit Card status please click on the link below:

[link removed]

Thank you for your prompt attention to this problem. Review Team apologize for any inconvenience. This is a security
measure meant to protect you and your account.

Regards,

MasterCard Security Team.

Looks official enough, but paragraph 1 is crap. Mastercard is responsible by federal law. The paragraph indicates the supposed access attempt came from a foreign IP and they list a phoney comcast.net address (Comcast is not world wide). Whatever happened to logging in from anywhere? Then you are invited to login to what they call the Farmers Bank website (there are lots of Farmers Banks in the US).

The only thing foreign is the destination of the link which is in China. Not a lot of good coming out of China these days. Click at your own risk!

This entry was posted on Thursday, November 29th, 2007 and is filed under General Opinion. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

My Hot Spots

How I See Things – Just Sayin'

Mastercard Spam Scam Phisher Pharmer

No comments yet.

Keep this in Mind

Archives

Errata

Tags

Recent Comments

Meta