Search our Spoof Library...
Another Spoof Email and Phishing Scam report by MillerSmiles.co.uk - click this image to go to our home page.

Your account at U.S. Bank has been suspended
31st May 2004

please forward any scams you've received to spoof@millersmiles.co.uk


Report Summary
Date Reported
first reported 18th Jan 04
Apparent Sender
US Bank
Return Address
varies, but latest was - U.S. Bank National Association <service@usbank.com>
Subject
Your account at U.S. Bank has been suspended
Format
HTML
Method
disguised link leads to bogus web content
Bogus Web Content?
Yes
URL of web content
SPOOFED URL - http://www.usbank.com
ACTUAL URLs - http://bos.es.kr/ (traces back to a Korean school - Daejeon Boseong Elementary School)
OR

http://211.44.124.18:7301/usbank.htm (traces back to different web space in Korea)
OR
http://211.44.124.18:7301/usbank.htm (also traces back to Korean web space)
RISK LEVEL
Medium
WARNINGS

1. Exploits URL Spoofing (canonicalisation) in Internet Explorer browsers - run Windows Update to ensure your browser is patched.

 

Has your US Bank account been compromised by outside parties? - Not this time, its a scam ...

 

This spoof email appears to take the form of a text email with a link (see image below), but it is an html email which contains a cloaked link - one which is disguised to look like it will take you to the genuine US Bank site, but will instead take you to a forged page.

This scam also exploits a very serious bug in Internet Explorer browsers which allows the URL (site address shown in the browser address bar) to be spoofed. This means that if you use that link, Internet Explorer browsers will open the forged page that it points to, but with the URL shown as http://www.usbank.com (see image below). However, the true URL is http://bos.es.kr/ which traces back to a Korean school - Daejeon Boseong Elementary School.

This bug has been increasingly exploited by email scammers of late, and we eagerly await a patch from Microsoft. The vulnerability can also allow a fake URL to be shown in the status bar of Microsoft Outlook and browser products (while holding the cursor over the cloaked link). We have set up a Browser Test cloaked link which you can use to see if your browser is vulnerable. You can also check links in emails or web pages for cloaking using our Link Checker, and you can check for URL spoofing while at a web page using our URL Checker.

The forged web page consists of a web form which requests your Credit card number and ATM PIN, this is captured by the scammers using a PHP script while you are directed to a forged confirmation page and then subsequently the genuine usbank.com site (see image below).

If you have received this email, please remember that it is very common for these email scams to be redistributed at a later date with only slightly different content or the same but with the fake page(s) hosted by a different provider. Also, once you have received one of these hoaxes, it is also common place to receive at least another one and usually a day or two after the first, although not necessarily from the same apparent sender.

 

The Spoof Email ...

Your account at U.S. Bank has been suspended

 

The bogus web page ...

Your account at U.S. Bank has been suspended Your account at U.S. Bank has been suspended Your account at U.S. Bank has been suspended
Your account at U.S. Bank has been suspended Your account at U.S. Bank has been suspended Your account at U.S. Bank has been suspended
Your account at U.S. Bank has been suspended Your account at U.S. Bank has been suspended Your account at U.S. Bank has been suspended

 

Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...
 

Stay informed of the latest Spoof Email Phishing Scams with either of our FREE alert services...

Email Alerts
Add your email address to our email alert service...
Subscribe

Privacy Policy

RSS News Feed
Tap into our Scam Alert service using your News Reader or Aggregator (including My Yahoo!).
Scam Alert News Feed

You can even put the latest alerts on your own web site.

Click here to learn more about RSS News Feeds and our Scam Alert Service!

Resources links - use one of the links below to access more information on Spoof Email & Phishing Scams.

Library of Spoof Email Phishing Scams

Brief guide to Phishing

Full article on spoof email scams

Spoof URL Checker

Link Checker

Browser URL Spoofing Vulnerability Check

Latest browser bug aids Phishing Scams - beware!

Destinations - other resources available on the MillerSmiles.co.uk web site.

Click the arrow to return to previous page

Home

Guides...

Book Terminology

How to identify a first edition book

Auction Watcher

List of the main Auction Sites world wide