204). Washington Mutual Bank - HTML.Phishing.Bank-468
This email targets customers of Washington Mutual Bank.
Message Details
| Malware Name: | HTML.Phishing.Bank-468 |
| Origin: |  United States |
| Date first seen: | 17/07/2006 16:38:45 |
| From: | "Washington Mutual"<DoNotReply@cems.wamu.com> |
| Subject: | Important information regarding the security of Online Banking |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://www.wamu.com/css/master.css | ||||
|
http://www.wamu.com/css/print.css | ||||
|
http://www.wamu.com/images/public/wamu_logo.gif | ||||
|
http://www.wamu.com/images/public/bg_primary-nav_liquid.gif | ||||
|
http://www.wamu.com/NR/rdonlyres/50D80255-1268-449C-AC7C-DE7951DDAD5D/0/alert.gif | ||||
|
17/07/2006 16:44:50 | 17/07/2006 16:44:50 |  194.106.206.7 |
http://cust1131.clanserverz.de/phpkit/templates/logon.php | |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
[1][wamu_logo.gif]
Dear Washington Mutual customer,
We recently reviewed your account, and suspect that your Washington Mutual
Internet Banking account has been accessed by an unauthorized third
party.Protecting the security of your account and of the Washington Mutual
network is our primary concern. Therefore, as a preventative measure, your
profile has been locked due to inactivity or because of too many failed
login attempts.
To restore your account access, please take the following steps to ensure
that your account has not been compromised:
[alert.gif] 1. You can unlock your profile online with your [2]ATM/Visa
Check Card number and PIN by following the link bellow.
To get started, please click the link below:
[3]https://login.personal.wamu.com/error/SignOnError.asp
We apologize for any inconvenience this may cause, and appreciate your
assistance in helping us maintain the integrity of the entire Washington
Mutual system. Thank you for attention to this matter.
Sincerely,
The Washington Mutual Team
Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your
Washington Mutual account and choose the "Help" link in the header of any
page.
References
1. http://cust1131.clanserverz.de/phpkit/templates/logon.php
2. http://cust1131.clanserverz.de/phpkit/templates/logon.php
3. http://cust1131.clanserverz.de/phpkit/templates/logon.php