SunTrust Internet Banking Scam

Suntrust Internet Bank Email Phishing Scam Also visit: Alan's Phishing Hole

From: SecurityDepartment@suntrust.com
Subject: SunTrust Anti-Fraud Verification Procedure
Date: 16 Nov 2004 19:16:36 -0000

Dear Suntrust.com Customer,

During our regular update and verification of the Internet Banking Accounts, we could not verify your current information. Either your information has been changed or incomplete, as a result your access to use our services has been limited. Please update your information.

To update your account information and start using our services please click on the link below:

http://www.suntrust.com/personal/Checking/OnlineBanking/Internet_Banking/index asp?bhcp=3d1

Note: Requests for information will be initiated by Suntrust Business Development; this process cannot be externally requested through Customer Support.

Sincerely,
Suntrust.com
Security Department.

The Fake SunTrust Online Banking Site: (Scroll down to compare to the actual site.)
	The hypertext of the email message above appears to be directing the recipient to the Internet banking page of the legitimate web address of www.suntrust.com but it is actually a link to a bogus URL www.interbanking-suntrust.com with an authentic-looking domain address. The fake site was only accessible for a short time after the email went out. It was shutdown by the early afternoon here in Alabama on November 18 (GMT -6). The fake site was hosted on a webserver with an IP address of: 217.76.132.24 assigned by RIPE (the Regional Internet Registry for Europe) and appeared to be assigned to an entity in Spain. The actual site, 167.181.31.85, is assigned to SunTrust Service Corporation; 250 Piedmont Ave; Atlanta, GA 30308.
ABOVE is the Fake Site. BELOW is the Actual SunTrust Site. Can you spot the differences?
	Notice the protocol portion of the Internet address of the two sites. The fake uses standard http while the actual site uses the more secure https. Therefore, in the lower right-hand corner of the two browser windows the fake site has a , whereas the actual site displays a . The fake website, otherwise, was a very convincing replica of SunTrust's actual banking site. It's gone from this address but is being replicated elsewhere regularly. See Also: Alan's Phishing Hole SouthTrust's Fraud Page Anti-Phishing Group Phishing Guide Scams & Hoaxes Codefish Spam Watch The Crystal Cave FraudWatch International Spam & Scam Busters Email Threat Advisories PreventCrime.net
The bogus site has been taken down from this address, if you were to try to visit it now you browser would display it as shown to the right. The emails are still being sent directing recipients to other short-lived fraudulent URLs. They are constantly on the move. Protect yourself from fraud while online by never sending personal or financial information using email. For more information: Seven Simple Tips Ten Things You Can Do	Links to other pages here: Phish I Phish II Phish III Regions Nigerian Letter Email Facts of Life Home Page
New threats of phishing attacks are making it more difficult to protect bank customers from identity theft and fraud. An increased sophistication in phishing scams makes it even harder to discern the difference between a legitimate bank e-mail message and a fraudulent one. One new type of attack can result in stolen personal data even if the recipient of the fraudulent e-mail is not fooled by it. When a bank customer opens the e-mail, a program attached to the e-mail by the phisher silently runs a script - even if the customer deletes the message without clicking on any embedded links. When that customer attempts to visit his or her bank's legitimate Web site - during that session or a future session - the malicious code redirects the person being phished to a fraudulent Web site. Adapted from article at: http://www.informationweek.com/story/showArticle.jhtml?articleID=54201204	Updated: Dec 8, 2004