Accounts Security Alert

Joe Holden joe at joeholden.co.uk
Mon Jul 31 11:37:02 UTC 2006 

Julian H. Stacey wrote:
> We, hardware at freebsd.org, &
> Halifax seems to be target of an attempt at financial fraud, appended below.
> (or at least, someone's fed them a false name, but seems fraud)
> Halifax bank ex building society in UK is really http://www.halifax.co.uk
> So I've sent to abuse at halifax.co.uk
>
> Domain owner of apparent fraud appears to be (from whois)
>         Inca Research Inc
>         Victoria Chambers
>         Fir Vale Road
>         Bournemouth
>         BH1 2JN
> Name Servers are         ns0.bt.net ns1.bt.net 
> whois bt.net fails to give info 
> 	(whereas whois other .net give info, .net root service OK)
> Maybe bt.net is also a fraud dummy, 
> 	so I've also Cc'd bt at abuse.com (British Telecom) & not bt at abuse.net
>
> Forwarded With Headers
> -------------
> >From owner-freebsd-hardware at freebsd.org Mon Jul 31 11:27:12 2006
> Return-Path: <owner-freebsd-hardware at freebsd.org>
> ...
> Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
> 	by mx2.freebsd.org (Postfix) with ESMTP id F29BA5664F;
> 	Mon, 31 Jul 2006 07:25:56 +0000 (GMT)
> 	(envelope-from owner-freebsd-hardware at freebsd.org)
> Received: from hub.freebsd.org (localhost [127.0.0.1])
> 	by hub.freebsd.org (Postfix) with ESMTP id F3C9616A4ED;
> 	Mon, 31 Jul 2006 07:25:55 +0000 (UTC)
> 	(envelope-from owner-freebsd-hardware at freebsd.org)
> X-Original-To: hardware at freebsd.org
> Delivered-To: freebsd-hardware at FreeBSD.ORG
> Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
> 	by hub.freebsd.org (Postfix) with ESMTP id 697F616A4DA
> 	for <hardware at freebsd.org>; Mon, 31 Jul 2006 07:25:53 +0000 (UTC)
> 	(envelope-from wwwrun at koz.a03i1.de)
> Received: from dd2626.kasserver.com (dd2626.kasserver.com [81.209.184.189])
> 	by mx1.FreeBSD.org (Postfix) with ESMTP id 9743743D45
> 	for <hardware at freebsd.org>; Mon, 31 Jul 2006 07:25:52 +0000 (GMT)
> 	(envelope-from wwwrun at koz.a03i1.de)
> Received: by dd2626.kasserver.com (Postfix, from userid 30)
> 	id 94DCF1195A2; Mon, 31 Jul 2006 09:24:48 +0200 (CEST)
> To: hardware at freebsd.org
> From: Halifax Online Banking <security at updates.halifax.co.uk>
> Content-Transfer-Encoding: 8bit
> Message-Id: <20060731072448.94DCF1195A2 at dd2626.kasserver.com>
> Date: Mon, 31 Jul 2006 09:24:48 +0200 (CEST)
> MIME-Version: 1.0
> Content-Type: text/plain
> X-Content-Filtered-By: Mailman/MimeDel 2.1.5
> Cc: 
> Subject: Accounts Security Alert
> X-BeenThere: freebsd-hardware at freebsd.org
> X-Mailman-Version: 2.1.5
> Precedence: list
> Reply-To: security at updates.halifax.co.uk
> List-Id: General discussion of FreeBSD hardware <freebsd-hardware.freebsd.org>
> List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hardware>, 
> 	<mailto:freebsd-hardware-request at freebsd.org?subject=unsubscribe>
> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hardware>
> List-Post: <mailto:freebsd-hardware at freebsd.org>
> List-Help: <mailto:freebsd-hardware-request at freebsd.org?subject=help>
> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hardware>, 
> 	<mailto:freebsd-hardware-request at freebsd.org?subject=subscribe>
> Sender: owner-freebsd-hardware at freebsd.org
> Errors-To: owner-freebsd-hardware at freebsd.org
>
>
>    [home_banner_left_020502.gif]
>    Dear Customer,
>    Our Technical Service department has recently updated our online
>    banking
>    software, and due to this upgrade we kindly ask you to follow the
>    link given below to confirm your online account details. Failure to
>    confirm the online banking details will suspend you from accessing
>    your
>    account online.
>
>    [1]https://www.halifax-online.co.uk/_mem_bin/formslogin.asp
>
>    We use the latest security measures to ensure that your online banking
>    experience is safe and secure. The administration asks you to accept
>    our
>    apologies for the inconvience caused and expresses gratitude for
>    cooperation.
>    Regards,
>    Halifax Online Technical Support
>    --
>    Please do not reply to this email address as it is not monitored and
>    we
>    will be unable to respond.
>    For assistance, log in to your Halifax Online Bank account and choose
>    the "Help" link on any page.
>    ^© Halifax plc, Registered in England No. 2367076. Registered Office:
>    Trinity Road, Halifax, West Yorkshire HX1 2RG. Authorised and
>    regulated
>    by the Financial Services Authority. Represents only the Halifax
>    Financial Services Marketing Group for the purposes of advising on and
>    selling life assurance
>
> References
>
>    1. http://naran.ru/last/FormsLogin.aspsource=halifax.co.uk/Index.PHP
> _______________________________________________
> freebsd-hardware at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hardware
> To unsubscribe, send any mail to "freebsd-hardware-unsubscribe at freebsd.org"
>
>
>   
BT.net certainly isn't fraudulant/whatever, more of a case of BT not 
following RFC (not uncommon for them)

Ta,
Joe

More information about the freebsd-hardware mailing list