From AFCC at rsa.com Sun Aug 10 18:02:02 2014 From: AFCC at rsa.com (RSA Anti-Fraud Command Center) Date: Sun, 10 Aug 2014 18:01:36 +0000 Subject: Fraudulent site - please shut down![Bancolombia E1031802] Domain: regardinggongumos.net Message-ID: <9E43833B01142A4783AF29255126991D922E092B@MX102CL02.corp.emc.com> [Description: \\corphzfs\afcc_home$\PostOffice\PostOffice2.1.4\PostOffice v2.1.4\Logos\Banco_Colombia.jpg] Dear Sir / Madam, It appears that the Phishing attack at the following URL: http://www.regardinggongumos.net/images has become active again. It is likely that the website was hacked into and compromised by the fraudster. It is possible that the fraudster also installed backdoors which would enable him to regain access to the server at any given time. This usually happens due to outdated software (scripts, applications) installed on the website, which contain security holes fraudsters take advantage of. In order to avoid similar issues in the future (and in order to protect the information on your server),it would be advisable to reinstall all software with the latest updates (or even format the server). Changing passwords or permissions alone would usually prove to be insufficient. ? Please perform any necessary actions in order to ensure the Phishing attack is permanently disabled. We understand that you may not be aware of this activity and appreciate your assistance. ? Best Regards, RSA Anti-Fraud Command Center RSA, The Security Division of EMC US Phone: +1-866-408-7525 Email: afcc at rsa.com For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3348 39 Dear Team, The following URL is a "redirection attack" - a URL which redirects to a phishing attack. As you can see, when trying to access the URL it automatically redirects to a different site which hosts a phishing attack. The redirection URL is: http://www.regardinggongumos.net/images The phishing attack which it redirects to is: http://191.91.176.5/httpss/ Please take the necessary steps in order to disable this redirection URL. ? Best Regards, RSA Anti-Fraud Command Center RSA, The Security Division of EMC US Phone: +1-866-408-7525 Email: afcc at rsa.com For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3348 39 To whom it may concern, RSA, The Security Division of EMC (?RSA?), an information security company, has been appointed to assist Bancolombia in preventing or terminating online activity that targets, or may target Bancolombia?s clients as potential fraud victims. RSA has been made aware that your company appears to be providing internet services to a website, which is making unauthorized use of Bancolombia?s trademarks. This site http://www.regardinggongumos.net/images/ not only violates Bancolombia?s copyright, trademarks and other intellectual property rights, but may also become a host to a phishing attack, or other fraudulent scams directed against Bancolombia and Bancolombia?s clients. The fraudulent website not only represents a misappropriation of Bancolombia?s intellectual property; its purpose is to mislead Bancolombia?s clients. Our experience has shown that such sites become a host of phishing* and other fraudulent scams against our customer?s account holders. Please take all necessary steps to immediately shut down the fraudulent website, terminate its availability on the Internet and discontinue the transmission of any e-mails associated with this website. We understand that you may not be aware of this improper use of your services and we appreciate your cooperation. We specifically ask that you also take the following actions wherever relevant or possible: * Please provide us with a tar/zip file of the source code for this website, so that we may analyze it to help prevent further attacks; * If any customer data has been captured that is stored on your systems or equipment, please send us that data so that the customers to whom that data relates can be notified and take steps to protect their credit; We specifically would ask that you also provide a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping learn the identity and location of the customer for whom the website has been operated. The foregoing is without prejudice to any and all of rights and remedies of any financial institution in connection with this matter, which are hereby expressly reserved. RSA is providing this notification to you in the interest of preventing the proliferation of phishing scams and the information contained herein is provided to you on an "AS-IS" basis, without representation or warranty of any kind. Thank you for your cooperation to prevent and terminate this fraudulent activity. If you need further information, please do not hesitate to contact RSA at the numbers below. Sincerely, RSA SECURITY INC. RSA Anti-Fraud Command Center Tel: +44 (0)800-032-7751 Tel: +1-866-408-7525 E-mail:afcc at rsa.com *?Phishing? generally refers to a variety of web based scams that make use of an illegitimate website which passes itself off as being that of a targeted financial institution together with associated data collection points (including web based email accounts) in order to deceive the account holders of the financial institution into revealing their personal information, including but not limited to their credit or debit account numbers, checking account information, social security numbers, or banking account passwords. Once these account holder credentials are collected they can then be used to commit wire fraud or other similar activities of a criminal nature. 39