Banca Popolare di Milano Fraud

Hi,

here a recent attempt of fraud, this morning I’ve received the following mail:

—————

Subject: Ottimizzazione Piattaforma Tecnica Populare di Milano Gentile Cliente, Desiderosi di evitare il possibili tentativi di frode on-line, Banca Populare di Milano, e in corso per ottimizzare la piattaforma tecnica di servizio Banca Populare Online tra il 5 maggio 2009 al 10 maggio 2009. Per evitare eventuali perdite di dati si prega di compilare il modulo ” Forma di aggiornamento dati di contatto in relazione alla Banca ” che si trova sul nostro sito web o in allegato alla presente e-mail. Ci scusiamo per gli eventuali disagi causati. http://www.bpmbanking.it.servizibmp.com/pub/xol/homePriv.do.php?tabId=nav_pub_xol_home Grazie per la comprensione, Populare di Milano Sanpaolo Online _____________________________________________________________________________________ Frodi online ANNUALE FARE MIGLIAIA DI VITTIME – Non essere uno di loro! Banca Popolare di Milano Societа Cooperativa a r.l. – P.IVA 00715120150 – Gruppo Bipiemme

————-

First of all the email presents a recurrent error, the term ‘populare’ that seems inspired by spanish/brazilian tongue.

The second suspicious thing is the URL: http://www.bpmbanking.it.servizibmp.com/pub/xol/homePriv.do.php?tabId=nav_pub_xol_home

servizibmp.com sounds strange, so let’s inspect this domain..

Registry Data
ICANN Registrar:     MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Created:     2009-05-07
Expires:     2010-05-07
Updated:     2009-05-07
Registrar Status:     clientTransferProhibited
Name Server:     YNS1.YAHOO.COM (has 2,399,082 domains)
Name Server:     YNS2.YAHOO.COM (has 2,399,082 domains)
Whois Server:     whois.melbourneit.comServer Data
IP Address:     216.39.62.190 Whois | Reverse-IP | Ping | DNS Lookup | Traceroute
IP Location     United States – California – Sunnyvale – Altavista Company
Response Code:     200
Domain Status:     Registered And Active Website

As you can understand an Italian Banking Service that is located in California – Sunnyvale and powered by Altavista Company it’s REALLY strange :)

the final demostration that this is a fraud comes out the inspection of real server of bpm,www.bpmbanking.it that is placed in Italy.

By browsing http://servizibmp.com we are suddenly prompted into a directory list that contains the following entries:

pub/

tmp/

in pub we have:

/pub/xol/

complete.php

go.php

homePriv.do.php

inserti.php

These are fake php pages used to catch victims informations.

See you to the next post :)

About these ads

This entry was posted on Thursday, May 7th, 2009 at 8:00 am and is filed under (In)Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to Banca Popolare di Milano Fraud

  1. Gunther says:
    May 18, 2009 at 1:25 am

    Hi mate, yes…i’ve received spam like these too and some some even claim to come from my website..Usually i report it to local authorities….but usually they can’t be bothered until too many people make complaints.

    Maybe they noticed the logs from their stats as this site is down.

    Reply
  2. evilcodecave says:
    May 21, 2009 at 3:47 pm

    Yeah,
    I also submit these mails to Termination Authorities in 1-2 days these malicious sites are terminated =)

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: