Alliance & Leicester Commercial Bank, 2009

[Gentle Giant]

Already at it.


From Alliance & Leicester
Return-Path: <alliance-leicester@mybusiness.co.uk>
Received: from 68.15.203.104, US server, Cox Communications Inc.
Reply-To: <noreply@mybusiness.co.uk>
From: "Alliance & Leicester"<alliance-leicester@mybusiness.co.uk>
Subject: Security Measure
Date: Wed, 7 Jan 2009

Business Banking
Alliance & Leicester Commercial Bank
We recently reviewed your account, and suspect that your online account may have been accessed by an unauthorized third-party. We are asking you to log on and immediately report any suspicious activity.
https www mybusinessbank co uk/cs70_banking/logon/slogon [Sight already flagged as a forgery]

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Alliance & Leicester Commercial Bank, a trading division of Alliance & Leicester plc. Registered office: Carlton Park, Narborough, Leicester LE19 0AL. Company No:3263713. Registered In England. Alliance & Leicester plc is authorised and regulated by the Financial Services Authority.

[Garreg Ddu]

X-SID-PRA: Alliance & Leicester <online@alliance-leicester.co.uk>
Received: from mc60mvp.mvpapeis.com.br ([200.219.203.214]) by bay0-mc12-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Fri, 16 Jan 2009 06:23:28 -0800
Received: from User ([92.40.41.83] RDNS failed) by mc60mvp.mvpapeis.com.br with Microsoft SMTPSVC(6.0.3790.3959);
Fri, 16 Jan 2009 12:26:08 -0200

Origin IP Address = 92.40.41.83 = H3GUK Mobile Broadband Service, Hutchison 3G UK Ltd, Star House, 20 Grenfell Road, Maidenhead, SL6 1EH, United Kingdom

Reply-To: <online@alliance-leicester.co.uk>
From: "Alliance & Leicester"<online@alliance-leicester.co.uk>
Subject: Online Account Upgrade
Date: Fri, 16 Jan 2009 14:21:13 -0000
Bcc:
Return-Path: [online@alliance-leicester.co.ukl]
Message-ID: <MC60MVPmmlQ080Gxw8Z000022ca@mc60



January 2009
Dear Customer,

On Friday, 9th January 2009, we formally completed the acquisition of Alliance & Leicester. It is with great pleasure that I welcome you to the Santander Group.

You are now part of one of the world's most successful banks. Santander is first bank in the Eurozone by market capitalization, and fifth in the world by profits, with over 70 million customers in 40 countries.

You are kindly advised to follow the instructions below to register your account to allow easy merger.

Please Click Here To Start The Phishing site had been reported to NetCraft, McAfee Siteadvisor, IE and Safari Phishing filters and has been removed by hte host service.

The addition of Alliance & Leicester will further strengthen our UK presence. A&L has strengths in areas where Abbey intended to grow and both banks have built reputations as challengers to the big banks with attractive offers such as high-interest current accounts, strong savings rates and good mortgage and credit card deals.

By becoming part of the Santander Group, Alliance & Leicester has acquired strong backing, which is crucial in these difficult financial times.

I am convinced that Abbey, Alliance & Leicester and Bradford & Bingley, as part of the Santander Group, will be a leading UK bank focused on giving you great service and value-for-money products.

Yours sincerely,

Chairman, Emilio Botin

[Garreg Ddu]

X-SID-PRA: Alliance & Leicester Online Banking <notice@alliance-leicester.co.uk>
Received: from User (122-148-184-172.static.dsl.dodo.com.au [122.148.184.172]) (authenticated sender pharloff) by mail02.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n0P7YV3Y005577; Sun, 25 Jan 2009 18:34:41 +1100

Origin IP Address = 122.148.184.172 = Dodo Australia Pty Ltd, Level 14 / 600 St Kilda Rd, Melbourne, VIC 3004, Australia

From: "Alliance & Leicester Online Banking"<notice@alliance-leicester.co.uk>
Subject: Alliance & Leicester: Important Service Message
Date: Sun, 25 Jan 2009 07:35:34 -0000
Bcc:
Return-Path: notice@alliance-leicester.co.uk


Dear Member,

Security and confidentiality are at the heart of the Alliance & Leicester Bank. Your details (and your money) is protected by a number of
technologies, including Secure Sockets Layer (SSL) encryption.

We would like to notify you that Alliance & Leicester Bank carries out client details confirmation procedure that is compulsory for all our customers.
This procedure is attributed to a routine banking software update.
Please Click Here Now to visit our Client Verification Page
The Phishing site has been removed by the hosts in Korea already, after being reported to NetCraft, McAfee SiteAdvisor and being in IE and Safari Phishing filters.

Thank you.
Online Banking Security Team
Alliance & Leicester.

[Garreg Ddu]

This one came in with some unusual features in the headers, so the anotation is a bit suspect, but hopefully OK.

X-SID-PRA: Alliance & Leicester Internet Banking Service <sec.alert@mybank.alliance-leicester.co.uk>
Received: from out04.wanadoo.es ([62.36.20.204]) by col0-mc4-f40.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 24 Jan 2009 09:44:27 -0800

Possible scammer is at 62.36.20.204 = Hostmaster Administrator FTE, Parque Empresarial La Finca, Edificio 9, Paseo del Club Deportivo, 1, 28223 Pozuelo de Alarcon, Madrid, Spain

Received: from [71.83.225.239] (helo=User) by out04.wanadoo.es with esmtpa (Exim 4.43) id 1LQmYG-0008Bc-FA; Sat, 24 Jan 2009 18:44:15 +0100

Possible origin IP Address = 71.83.225.239 Charter Communications, 12405 Powerscourt Dr., St. Louis, MO 63131, US

From: " Alliance & Leicester Internet Banking Service"<sec.alert@mybank.alliance-leicester.co.uk>
Subject: Internet Banking Access Blocked
Date: Sat, 24 Jan 2009 17:44:03 -0000
X-login: <xavi.marti@wanadoo.es>
Bcc:
Return-Path: sec.alert@mybank.alliance-leicester.co.uk


Dear Valued Customer,

We use the very latest industry-standard technology, plus multiple levels of security to safeguard your personal and transaction details, so that you can bank online with confidence.
We are committed to continually developing our security systems to ensure that Internet Banking remains safe and secure. We hope that you will also take the necessary precautions to protect your computer and your personal security details.

Internet Banking access blocked. For your protection Internet Banking access to your accounts has been blocked. Your security details have been incorrectly entered 3 times. Please follow the reference below and you will be guided to where you can instantly To re-establish access.

Log in to Internet Banking
The Phishing site, hacked into a server in Seoul, South Korea, has been killed by the hosts already, after being submitted to NetCraft, McAfee SiteAdvisor and IE and Safari Phishing filters.


it will only take about five minutes.


Thank you.
Online Banking Security Team


"Service" means the Alliance & Leicester Internet Banking Service We provide which enables You to give Instructions to Us relating to Your Account by logging on at www.alliance-leicester.co.uk or alternatively https://www.mybank.alliance-leicester.co.uk
"We" / "Our" / "Us" means Alliance & Leicester plc

[Garreg Ddu]

X-SID-PRA: Alliance & Leicester Online Banking <notice@alliance-leicester.co.uk>
Received: from [74.52.181.138] (account dfloyd1721@bresnan.net HELO User) by fe-4.cluster1.bresnan.net (CommuniGate Pro SMTP 5.1.16) with ESMTPA id 651264930; Sat, 24 Jan 2009 10:01:50 -0700

Origin IP Address = 74.52.181.138 = ThePlanet.com Internet Services, Inc., 315 Capitol, Suite 205, Houston, TX 77002, US

From: "Alliance & Leicester Online Banking"<notice@alliance-leicester.co.uk>
Subject: NOTICE - Internet Banking Upgrade
Date: Sat, 24 Jan 2009 17:01:36 -0000
Bcc:
Return-Path: notice@alliance-leicester.co.uk


Dear Member,

Security and confidentiality are at the heart of the Alliance & Leicester Bank. Your details (and your money) is protected by a number of
technologies, including Secure Sockets Layer (SSL) encryption.

We would like to notify you that Alliance & Leicester Bank carries out client details confirmation procedure that is compulsory for all our customers.
This procedure is attributed to a routine banking software update.
Please Click here now to visit our Client Verification Page
The Phishing site has been removed by the hosts in Seoul, South Korea, after being submitted to NetCraft, McAfee SiteAdvisor and IE and Safari Phishing filters.


Thank you.
Online Banking Security Team
Alliance & Leicester.

[Garreg Ddu]

Identical scam attempt as in post#4, but a different origin.

X-SID-PRA: Alliance & Leicester Internet Banking Service <sec.alert@alliance-leicester.co.uk>
Received: from [66.15.119.165] (account jsfh HELO User) by batelco.jo (CommuniGate Pro SMTP 4.1.8) with ESMTP id 56732835; Tue, 03 Feb 2009 00:39:03 +0200

Origin IP Address = 66.15.119.165 = Genuity DSL, 150 Cambridge Park Drive, Cambridge, MA 02138, US

From: "Alliance & Leicester Internet Banking Service"<sec.alert@alliance-leicester.co.uk>
Subject: Important Security Notification From Alliance & Leicester
Date: Mon, 2 Feb 2009 14:41:12 -0800
To: undisclosed-recipients:;
Return-Path: sec.alert@alliance-leicester.co.uk



Dear Valued Customer,

We use the very latest industry-standard technology, plus multiple levels of security to safeguard your personal and transaction details, so that you can bank online with confidence.
We are committed to continually developing our security systems to ensure that Internet Banking remains safe and secure. We hope that you will also take the necessary precautions to protect your computer and your personal security details.

Internet Banking access blocked. For your protection Internet Banking access to your accounts has been blocked. Your security details have been incorrectly entered 3 times. Please follow the reference below and you will be guided to where you can instantly To re-establish access.

Log in to Internet Banking The Phishing site has been removed by the hosts after being reported by NetCraft, McAfee SiteAdvisor and Safari Phishing filter,



it will only take about five minutes.


Thank you.
Online Banking Security Team


"Service" means the Alliance & Leicester Internet Banking Service We provide which enables You to give Instructions to Us relating to Your Account by logging on at www.alliance-leicester.co.uk or alternatively https://www.mybank.alliance-leicester.co.uk
"We" / "Our" / "Us" means Alliance & Leicester plc

[Garreg Ddu]

Again, same scam as in posts #4 and #6, but a new Australian email origin, which has been used for a "Halifax" Phish as well. The criminals have attempted to forge the headers.

X-SID-PRA: Alliance & Leicester Internet Banking Service <accountservices@alliance-leicester.co.uk>

Received: from User (ip-250-84.static.darkstarx.net [203.153.250.84] (may be forged)) (authenticated sender milyn@optusnet.com.au) by mail01.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id n18IHLl0025823; Mon, 9 Feb 2009 05:17:38 +1100

Possible Origin IP Address = 203.153.250.84 = Amnet IT Services Pty Ltd., 18/44 St Georges Tce., Perth, WA 6000, AUSTRALIA

From: "Alliance & Leicester Internet Banking Service"<accountservices@alliance-leicester.co.uk>
Subject: Internet Banking Access Blocked
Date: Sun, 8 Feb 2009 18:18:33 -0000
Bcc:
Return-Path: accountservices@alliance-leicester.co.uk


Dear Valued Customer,

We use the very latest industry-standard technology, plus multiple levels of security to safeguard your personal and transaction details, so that you can bank online with confidence.
We are committed to continually developing our security systems to ensure that Internet Banking remains safe and secure. We hope that you will also take the necessary precautions to protect your computer and your personal security details.

Internet Banking access blocked. For your protection Internet Banking access to your accounts has been blocked. Your security details have been incorrectly entered 3 times. Please follow the reference below and you will be guided to where you can instantly To re-establish access.

Log in to Internet Banking The Phishing site on a server in Russia is dead already, having been submitted to NetCraft, McAfee SiteAdvisor, IE and Safari Phishing Filters.


it will only take about five minutes.


Thank you.
Online Banking Security Team


"Service" means the Alliance & Leicester Internet Banking Service We provide which enables You to give Instructions to Us relating to Your Account by logging on at www.alliance-leicester.co.uk or alternatively https://www.mybank.alliance-leicester.co.uk
"We" / "Our" / "Us" means Alliance & Leicester plc

[Garreg Ddu]

X-SID-PRA: Nobody <nobody@server.helpmypc.biz>
Received: from server.helpmypc.biz ([209.200.249.160]) by bay0-mc9-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 15 Feb 2009 03:41:26 -0800

Origin IP Address = 209.200.249.160 = Lunar Pages, 100 East La Habra Blvd., La Habra, CA 90631, US

To: ********@hotmail.com
Subject: IMPORTANT - Customer Service Message
From: Alliance-Leicester Online Banking <customer-service@alliance-leicester.co.uk>
Reply-To:
Sender: Nobody <nobody@server.helpmypc.biz>
Date: Sun, 15 Feb 2009 06:41:26 -0500
Return-Path: nobody@server.helpmypc.biz



As a valued Alliance&Leicester Bank Online Customer, the security of your
identity and personal account information is extremely important.
We are installing enhanced online security as an additional way
of protecting your Alliance&Leicester access.

Click logon to confirm your identity.

LOGON The Phishing site is hacked into the web-site of a company in Greece, and is active still. NetCraft and McAfee SiteAdvisor are aware already.

FAILURE TO CONFIRM LEAVES YOUR ACCOUNT VULNERABLE !

[Garreg Ddu]

X-SID-PRA: Alliance-Leicester Online Banking <customer-service@alliance-leicester.co.uk>
Received: from server.thewallpapermaker.com ([209.97.196.186]) by bay0-mc7-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 15 Feb 2009 09: 16:56 -0800

Origin IP Address = 209.97.196.186 = RackForce Hosting Inc., Suite 210, 1628 Dickson Avenue, Kelowna, BC V1Y-9X1, CANADA

To: ~********@hotmail.com
Subject: IMPORTANT - Customer Service Message
From: Alliance-Leicester Online Banking <customer-service@alliance-leicester.co.uk>
Reply-To:
Date: Sun, 15 Feb 2009 09: 16:56 -0800
Return-Path: nobody@server.thewallpapermaker.com


As a valued Alliance&Leicester Bank Online Customer, the security of your
identity and personal account information is extremely important.
We are installing enhanced online security as an additional way
of protecting your Alliance&Leicester access.

Click logon to confirm your identity.

LOGON Same Phishing pages hacked into a site in Greece as in the previous post - now no longer working.

FAILURE TO CONFIRM LEAVES YOUR ACCOUNT VULNERABLE !

[Garreg Ddu]

Went quiet for a time, but has re-surfaced with a new format, email addresses and origin.

X-SID-PRA: Alliance & Leicester <noreply@alliance-leicester.co.uk>

Received: from User ([81.99.25.215]) by aamtaout01-winn.ispmail.ntl.com (InterMail vG.2.02.00.01 201-2161-120-102-20060912) with SMTP id <20090628164909.NLOG13254.aamtaout01-winn.ispmail.ntl.com@User>; Sun, 28 Jun 2009 17:49:09 +0100

Origin IP Address = 81.99.25.215 = NTL Internet, Crawley Court, Winchester, Hampshire SO21 2QA, UNITED KINGDOM

From: "Alliance & Leicester"<noreply@alliance-leicester.co.uk>
Subject: Please confirm your details.
Bcc:
Return-Path: noreply@alliance-leicester.co.uk



You have an alert on your banking account.


You are requested to verify your information at the page below:


http://alliancendleicester.com/Logon.php
Please notice the subtle typographic variation. The site, on a UK ISP host, has been submitted to all the correct places, including NetCraft and Alliance & Leicester security.


Please note:
Account expiration can be a result of ignoring this message.

alliance And leicester,
Online security