HSBC

Garreg Ddu

Gweinyddwr
Staff member
#1
HSBC bank phishing scam. tries to get account details and passwords etc.


From: Hsbc Alert Security
Received: from 41.251.39.221 (IP may be forged by CGI script) (This IP address points to a public free email service on an ISP Host in Morocco)
Sent: Wednesday, April 16, 2008 8:48 PM
To: ***********@hotmail.com
Subject: Your Hsbc Account information Needs to Be Updated

Dear Hsbc Customers Upgrade

Due to concerns, for the safety and integrity of the Hsbc
account we have issued this warning message.

It has come to our attention that your Hsbc account information needs to be updated as part of our continuing commitment to protect your account in this year 2007 and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update our personal records you will not run into any future problems with the online service.

Once you have updated your account records your Hsbc account service will not be interrupted and will continue as normal.

To update your Hsbc records click on the following link:
http://www.hsbc.co.uk/1/2/personal/ Which is a "false" link, and actually points to a server in Kentucky, U.S.A.

http://www.hsbc.co.uk/

Thank You.

Accounts Management As outlined in our User Agreement, Hsbc will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User
 

Hua Mulan

Administrator
Staff member
#2
Return-Path: ~admin@hsbc.co.uk>
Received: from 80.74.136.2, Switzerland, aurelius.metanet.ch (aurelius.ch-meta.net [80.74.136.2])
Reply-To: ~no-reply@hsbc.co.uk>
From: "HSBC BANK"~admin@hsbc.co.uk>
Subject: Restore your hsbc online bank account
Date: Tue, 27 May 2008


Due to the recent update of the servers, you are requested to please update your account info at the following link
http www hsbc co uk 1 2 HSBCINTEGRATION

HSBC Bank plc always look forward for the high security of our clients. Some customers have been receiving an email claiming to be from HSBC Bank plc advising them to follow a link to what appear to be a HSBC Bank plc web site, where they are prompted to enter their personal Online Banking details. HSBC Bank plc is in no way involved with this email and the web site does not belong to us.

HSBC Bank plc is proud to announce about their new updated secure system. We updated our new SSL servers to give our customers a better, fast and secure online banking service on the home page.

*Important*
We have asked few additional information which is going to be the part of secure login process. These additional information will be asked during your future login security so, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.

http www hsbc co uk 1 2

Nicole Smith
Security Advisor
HSBC Bank Plc
 

Dororo

Administrator
Staff member
#3
But there is not link.

Return-Path: ~security@hsbc.co.uk>
Received: from 81.91.159.207, Iran, Petro Iran, Abuse report to [abuse@datak-telecom.net]
Reply-To: ~security@hsbc.co.uk>
From: "HSBC Online Banking"~security@hsbc.co.uk>
Subject: Security Measures !
Date: Sun, 6 Jul 2008


Dear Custumer,

Because of unsual number of invalid login attempts on your account, we had to belive that, their might be some security problems on your account. So we decided to put an extra verification process to ensure your identify and your account security. To continue the verification process and ensure your account security Sign in to Online Banking.S
 

Garreg Ddu

Gweinyddwr
Staff member
#4
If it wasn't so nasty, it would be funny - the scammer has forgotten to reset his email domains correctly and this email from "HSBC" has an address "@lloydstsb.com" - but then who would expect a stupid criminal thug to get everything correct.

Received: from mail.subdere.gov.cl ([146.82.90.34]) by bay0-mc7-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Mon, 3 Nov 2008 09:49:05 -0800

Origin IP Address = 146.82.90.34 = Global Crossing, 14605 South 50th Street, Phoenix, AZ 85044-6471, US

Received: from localhost (localhost [127.0.0.1]) by mail.subdere.gov.cl (Postfix) with ESMTP id A9B1E4861E0 for <*******@hotmail.com>; Mon, 3 Nov 2008 12:13:46 -0300 (CLST)

To: ********@hotmail.com
Subject: Avoid service suspension..
From: HSBC BANK <onlineservice.info@lloydstsb.com>
Reply-To: HSBC BANK <onlineservice.info@lloydstsb.com>
Date: Mon, 3 Nov 2008 12:03:36 -0300 (CLST)
Return-Path: www-data@subdere.gov.cl



Dear Customer,

HSBC is constantly working to increase security for all online banking users. To ensure the integrity of our online payment system, we periodically review accounts.

Your account have been placed on hold due to possible errors dectected with your code card. Restricted accounts will not be able to receive payments, send payments or withdraw funds.

All restricted accounts have their billing information unconfirmed, until updated on file.

To initiate the update confirmation process, you are now required to follow the link below and fill in the necessary fields. Kindly click on the link below to continue with the verification process and ensure the security of your account.

Account Re-activation Phishing site link is disabled - on a server in Russia and already in the PhishTank, NetCraft and McAfee SiteAdvisor and we hope it is doomed.....

Important Notice: You are strictly advised to match your information rightly to avoid service suspension.

Thank you for your co-operation.


(c) Copyright HSBC 2008. All rights reserved.
 
#5
If it wasn't so nasty, it would be funny - the scammer has forgotten to reset his email domains correctly and this email from "HSBC" has an address "@lloydstsb.com" - but then who would expect a stupid criminal thug to get everything correct.
> :SuN042:
 

Garreg Ddu

Gweinyddwr
Staff member
#6
Received: from fs02.spacedump.pp.se (localhost [127.0.0.1]) by fs02.spacedump.pp.se (8.13.6/8.13.6) with ESMTP id mAD5F2Vv056674 for <********@hotmail.com>; Thu, 13 Nov 2008 06:15:02 +0100 (CET) (envelope-from www@fs02.spacedump.pp.se)
Received: (from www@localhost) by fs02.spacedump.pp.se (8.13.6/8.13.6/Submit) id mAD5F2e5056673; Thu, 13 Nov 2008 06:15:02 +0100 (CET) (envelope-from www)

Date: Thu, 13 Nov 2008 06:15:02 +0100 (CET)
To: ********@hotmail.com
Subject: Important Update-(HSBC Bank Ownership Verification Alert)

X-SD-PHP-Script: www.shell.linux.se/wint3r/ADF/phpBB2////viewtopic.php for 41.219.243.193

Origin IP Address = 41.219.243.193 = STARCOMMS-MNT, NAVNEET SINGH, Plot 1261, Bishop Kale Close, off Saka Tinubu, Victoria Island, Lagos, Nigeria

From: Hsbc Bank Plc <Security@hsbc.online.co.uk>
Reply-To:
Return-Path: www@fs02.spacedump.pp.se


Dear Customer,


We value your relationship with Hsbc Bank to serve you better,we are installing the Best Banking software and would require you Update Your Online Banking Records.

This is being done to secure your accounts and to protect your personal informations from being compromised.We at Hsbc Bank are committed in making sure that your online transactions are secure.

Click on the link below to Update your Account Records
Online e-Banking Log-On Link disabled as still actively "Phishing". Reprted to NetCraft, on McAfee SiteAdvisor and in the "Phish Tank" so it should die fairly soon!

Once your information has been updated and confirmed your online service would continue as usual and would not be interrupted

Sincerely,
HSBC Bank Plc.
Online Customer Service
 

Marie

Administrator
Staff member
#7
It is strange email.

Return-Path: <aw-secure@hsbc.co.uk>
Received: from 64.244.63.185, America server, XO Communications, Point North Networks
From: "HSBC Online Banking"<aw-secure@hsbc.co.uk>
Subject: Your Online Account Needs Re-activation
Date: Mon, 10 Nov 2008


Spam detection software, running on the system "server.catch22media.com", has identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details.

Content preview: www.hsbc.co.uk Dear valued HSBC Bank PLC Customer, We recently have determined that different computers have logged into your HSBC Online Banking account,and multiple password failures were present before the logons. We now need you to log into your account and verify your account activity.ccount we have issued this warning message. [...]

Content analysis details: (14.8 points, 7.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000]
1.3 MISSING_HEADERS Missing To: header
3.0 TVD_PH_REC BODY: Message has a phrase standard for phishing mails
1.5 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
1.5 URIBL_SBL Contains an URL listed in the SBL blocklist [URIs: tcheloco.com.br]
0.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
3.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
-0.0 AWL AWL: From: address is in the auto white-list

The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor.
 

Garreg Ddu

Gweinyddwr
Staff member
#8
Received: from smtp-out114.alice.it ([85.37.17.114]) by bay0-mc1-f22.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Tue, 25 Nov 2008 20:58:39 -0800
Received: from FBCMMO03.fbc.local ([192.168.68.197]) by smtp-out114.alice.it with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Nov 2008 05:58:41 +0100
Received: from FBCMCL01B05.fbc.local ([192.168.69.86]) by FBCMMO03.fbc.local with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Nov 2008 05:58:37 +0100
Received: from User ([87.7.114.70]) by FBCMCL01B05.fbc.local with Microsoft SMTPSVC(6.0.3790.1830); Wed, 26 Nov 2008 05:58:27 +0100

Origin IP Address = 87.7.114.70 = TELECOM-ADSL-7, Telecom Italia S.p.A. TIN EASY LITE, MDBLAB, Via Val Cannuta, 250, I-00100 Roma, ITALY

From: "HSBC Bank"<HSBC@191.it>
Subject: HSBC Online Internet Banking
Date: Wed, 26 Nov 2008 05.58.43 +0100
Bcc:
Return-Path: HSBC@191.it




From: HSBC Bank
Sent: Wednesday, November 26, 2008 12:00 AM
Subject: HSBC Online Internet Banking



--------------------------------------------------------------------------------
personal & business services

Security Alert
Please note that Your HSBC UK Online Banking Account has expired. Please use the link below to proceed and restore access to Your Account.

https://www.hsbc.co.uk/1/2/pib-home/login.asp Which goes to a Phishing site on a server in Belorus. Reported to NetCraft, McAfee SiteAdvisor, in the PhishTank.
 

Garreg Ddu

Gweinyddwr
Staff member
#9
This Phish was dead even before the email arrived in one of my boxes.

X-SID-PRA: HSBC Bank Plc <onlineservice@hsbc.co.uk>
Received: from net-izb-52-253.net.izb.fraunhofer.de ([129.26.52.253]) by bay0-mc1-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444); Mon, 1 Dec 2008 05:25:43 -0800
Received: from 196.3.183.72 by net-izb-52-253.net.izb.fraunhofer.de (SMTPD); id s20081121163828.11456; Fri, 21 Nov 2008 16:38:28

Origin IP Address = 196.3.183.72 = Ladi Okuyene, B2 Broadband Ltd., Wuse II postoffice, PO Box, 13235, Wuse II, Abuja, FCT, Nigeria

From: "HSBC Bank Plc"<onlineservice@hsbc.co.uk>
Subject: HSBC Internet Banking Security Upgrade Notification
Date: Fri, 21 Nov 2008 16:38:34 +0100
Bcc:
Return-Path: onlineservice@hsbc.co.uk


The world's local bank


United Kingdom Home


Dear HSBC Customer:

As a bank we are used to thinking about security. At HSBC, we use industry standard security technology and practices, focusing on three key areas ? privacy, technology and identification to safeguard your account from any unauthorised access.

Our Technical services Department are carrying out a planned software upgrade for the maximum convenience of the users of online-services of the HSBC Bank.Please click on LOG ONTO INTERNET BANKING below to restore your account access as soon as possible.

>LOG ON TO INTERNET BANKING Link dead already, on a server in USA but linked back via Spain to the scammers. It had been reported to NetCraft, McAfee SiteAdvisor and Apple Safari Phishing detection.


Thank You,
Customer Advisory
HSBC Bank Plc

--------------------------------------------------------------------------------

Legal information | Accessibility | About HSBC | Site map | Issued for UK use only | (c) HSBC Bank plc 2002 - 2008.
 

Garreg Ddu

Gweinyddwr
Staff member
#10
X-SID-PRA: Hsbc Internet Banking <security.alert@hsbc.co.uk>
Received: from server.verificationservice.com ([85.17.172.40]) by bay0-mc6-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Fri, 5 Dec 2008 10:27:04 -0800

Origin IP Address = 85.17.172.40 = LeaseWeb, P.O. Box 93054, 1090BB AMSTERDAM, Netherlands

To: **********@hotmail.com
Subject: Account Ownership Verification!!!
From: Hsbc Internet Banking <security.alert@hsbc.co.uk>
Reply-To:
Date: Fri, 05 Dec 2008 18:39:26 +0100




Dear Valued HSBC Customer



It has come to our attention that your Online account informations needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your billing records so that you will not run into any future problems with our online banking service. However, failure this will result in account suspensiony following the link below. .

https://Securityalert.HSBC.co.uk/1/2/ Which is a hidden re-direct to the Phishing site on a server in France. Already in NetCraft, McAfee SiteAdvisor, MS Phishing reports and Safari Phish Check.


HSBC Bank Plc
Security Advisor
HSBC Bank PLC.



--------------------------------------------------------------------------------

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your HSBC Online Bank account and choose the "Help" link on any page.

HSBC Email ID # 1009



See full details of our guarantee

Hsbc Bank PLC
Authorised and regulated by the Financial Services Authority
Registered in England
Registered No. 1026167

Internet communications are not guaranteed to be secure unless the data being sent is encrypted. Hsbc does not accept responsibility for loss arising from unauthorised access to Internet communications and/or the corruption of data by a third party.

Hsbc are unable to respond to replies sent to this email address.
 

Garreg Ddu

Gweinyddwr
Staff member
#11
X-SID-PRA: HSBC <service@hsbc.co.uk>
Received: from smtp-out02.msg.oleane.net ([62.161.3.11]) by bay0-mc6-f12.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Tue, 9 Dec 2008 07:18:24 -0800
Received: from smtp01.msg.oleane.net (smtp01.mail.priv [172.17.20.110]) by smtp-out02.msg.oleane.net with ESMTP id mB9FGkFd000815; Tue, 9 Dec 2008 16:16:46 +0100
Received: from User (perkgate.com [66.186.49.237] (may be forged)) (authenticated) by smtp01.msg.oleane.net (MTA) with ESMTP id mB9FGNAD032395; Tue, 9 Dec 2008 16:16:24 +0100

Origin IP Address = 66.186.49.237 = VPLS Inc. d/b/a Krypt Technologies, 1740 W. Katella Avenue. Suite L, Orange, CA 92867, US

Reply-To: <service@hsbc.co.uk>
From: "HSBC"<service@hsbc.co.uk>
Subject: Warning! Your account has been blocked HSBC!
Date: Tue, 9 Dec 2008 07:16:42 -0800
Bcc:
Return-Path: service@hsbc.co.uk


From: HSBC
Sent: Tuesday, December 09, 2008 3:16 PM
Subject: Warning! Your account has been blocked HSBC!



Dear Sir/Madam,



HSBC Bank Plc is hereby announcing the New Security Upgrade. We've upgraded our new SSL servers to serve our customers for a better and secure banking service,against any fraudulent activities.

Due to this recent upgrade, you are requested to update your account information by clicking the link below.

https://Securityalert.HSBC.co.uk/1/2/ Still Phishing, but now in NetCraft and McAfee SiteAdvisor and in the Phish Tank.

HSBC Bank Plc
Security Advisor
HSBC Bank PLC.



--------------------------------------------------------------------------------

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your HSBC Online Bank account and choose the "Help" link on any page.

HSBC Email ID # 1009
 

Garreg Ddu

Gweinyddwr
Staff member
#12
A slow start to the year for the HSBC scam phishing criminals. Maybe they were waiting for the Chinese new year.

X-SID-PRA: HSBC Bank Plc <onlineservice@hsbc.co.uk>
Received: from User [193.93.99.200] by caifu158.com with ESMTP
(SMTPD32-8.11) id A7EF2D014A; Wed, 21 Jan 2009 01:20:47 +0800

Origin IP Address = 193.93.99.200 = Nigeria Broadband sevice via Ariave Satcom LTD., Ra'anana, ISRAEL.

From: "HSBC Bank Plc"<onlineservice@hsbc.co.uk>
Subject: HSBC Internet Banking Upgrade Notification
Date: Mon, 5 May 2008 21:28:25 -0700
Bcc:
Return-Path: onlineservice@hsbc.co.uk



We are contacting you to remind you that our Account Review Team
identified some unusual activity in your account.

In accordance with HSBC Online Banking User Agreement
and to ensure that your account has not been accessed from
fraudulent locations, access to your account has been limited.

Your account access will remain limited until this issue has
been resolved please log in your account by clicking on
my account activity below:

My account activity The Phishing site, on a server in Indonesia, has been shut down by the hosts already. It was in NetCraft, McAfee SiteAdvisor, IE and Safari Phishing Filters.

Security Advisor
HSBC Bank Plc, Online Banking Financial Services Authority.
 

Garreg Ddu

Gweinyddwr
Staff member
#13
Very terse. Email from Russia, Phishing site in the USA.

X-SID-PRA: HSBC Bank <online_service@hsbc.co.uk>

Received: from homepages.irk.ru ([195.206.40.163]) by bay0-mc3-f17.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Tue, 10 Feb 2009 03:38:33 -0800
Received: (from infocsm@localhost) by homepages.irk.ru (8.14.2/8.13.1) id n1ABcUBX095588; Tue, 10 Feb 2009 19:38:30 +0800 (IRKT) (envelope-from infocsm)

Origin IP Address = 195.206.40.163 = Irkutsk Computing Center, Lermontova Street, 134, RU-664033, Irkutsk, Russia

Date: Tue, 10 Feb 2009 19:38:30 +0800 (IRKT)
Message-Id: <200902101138.n1ABcUBX095588@homepages.irk.ru>
To: ********@hotmail.com
Subject: Case: 8256231 Statement Enquiries
From: HSBC Bank <online_service@hsbc.co.uk>
Reply-To:
Return-Path: infocsm@homepages.irk.ru



Dear Customer,
You Have One new security message from HSBC Bank Plc



Log On The Phishing site, on a host in Utah, USA, is still active, but is in NetCraft and has been subitted to other security sites as well.



Yours sincerely,
Online Customer Service
 

Dororo

Administrator
Staff member
#14
It is the link: http sg garysengineering.com/components/iblogin.php


Return-Path: <alert-consumer@hsbc.co.uk>
Received: from 196.3.183.73, Nigeria, Abuja, Suburban Telecom, SubTel2
Abuse: Suburban Telecom, Ladi Okuyene, B2 Broadband Ltd. Wuse II postoffice, PO Box, 13235, Wuse II, Abuja, FCT, Nigeria, phone: +2349523106, fax-no: +2349523107 [l.okuyene@suburbantelecom.com]
From: "Internet Banking: HSBC"<alert-consumer@hsbc.co.uk>
Subject: HSBC 2009 Privacy Policy for Consumers
Date: Wed, 11 Feb 2009


Dear HSBC Customers Upgrade 2009

Due to concerns, for the safety and integrity of the HSBC account we have issued this warning message.

It has come to our attention that your HSBC account information needs to be updated as part of our continuing commitment to protect your account in this year 2009 and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. Once you have updated your account records your HSBC account service will not be interrupted and will continue as normal. To update your HSBC.

Click here continue

Thank You. Accounts Management As outlined in our User Agreement, HSBC will periodically send you information about site changes and enhancements.
 

Garreg Ddu

Gweinyddwr
Staff member
#15
X-SID-PRA: Hsbc Bank Plc <security.alert@hsbc.co.uk>
X-SID-Result: SoftFail

Received: from www.7dayshop.com ([212.84.168.38]) by bay0-mc6-f9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sat, 14 Feb 2009 08:21:38 -0800

Origin IP Address = 212.84.168.38 = Skymarket Ltd Hostmasters, Skymarket Ltd, 431 London Road, Camberley, Surrey GU15 3HZ, UK

Date: Sat, 14 Feb 2009 16:21:32 GMT
Message-Id: <200902141621.n1EGLWEN029983@www.7dayshop.com>
To: ********@hotmail.com
Subject: Ensuring your online transactions are safe and secure
From: Hsbc Bank Plc <security.alert@hsbc.co.uk>
Reply-To:
Return-Path: 7dayweb@www.7dayshop.com



The world's local bank


Dear Valued Customer,

Online security - The steps we take

Ensuring your online transactions are safe and secure

As a bank we are used to thinking about security. The growth of the internet has offered greater flexibility for us all, but it also brings new risks that must be guarded against. At HSBC, we use industry standard security technology and practices, focusing on three key areas ? privacy, technology and identification to safeguard your account from any unauthorized access.

Online security - The steps you should take

There is much that you can do to protect yourself online. Some of these measures are simple, others may require a little time invested or following simple instructions sent by us to you by email, Phone or Post. As part of our security measures, We are introducing Secure Transact?, one of the various security initiatives we are introducing this Year. To enroll in Secure Transact? please click on the LOG IN button below. This Email has been sent to all HSBC Bank Customers, Failure to follow the Enrollment process properly will result in account suspension for security reasons

Log In The Phishing site has been removed by the hosts already.

?Terms & Conditions | Data Protection & Privacy Statement ? Copyright hsbc.com, inc 2009. All rights reserved
 

Garreg Ddu

Gweinyddwr
Staff member
#16
X-SID-PRA: HSBC Bank UK <online_service@hsbc.co.uk>
X-SID-Result: SoftFail

To: ********@hotmail.com
Subject: Messages (1 unread message)
X-PHP-Script: www.procrastination.ws/archive/helppls.php for 193.93.99.200

Origin IP Address = 193.93.99.200 = NIGERIA via Ariave Satcom LTD., Ra'anana, Israel

From: HSBC Bank UK <online_service@hsbc.co.uk>
Reply-To:
Date: Sat, 14 Feb 2009 11:40:22 -0600
Return-Path: tomd@neptune.myserverhosts.com



Dear Esteemed Customer,
You Have One new security message from HSBC Bank Plc



View your messages The Phishing site has been removed by the hosts already.


Yours sincerely,
Online Customer Service
 

Garreg Ddu

Gweinyddwr
Staff member
#17
X-SID-PRA: HSBC Internet Banking <mattythesheep@btconnect.com>
Received: from c2bthomr10.btconnect.com ([213.123.20.128]) by bay0-mc11-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu, 12 Mar 2009 09:21:54 -0700

Email service IP Address = 213.123.20.128 = BTnet Support, 154 St Albans Rd., Sandridge, St Albans, Hertfordshire, AL4 9NH, GB

Received: from User ([41.15.157.247]) by c2bthomr10.btconnect.com with ESMTP id CVZ29797 (AUTH mattythesheep@btconnect.com); Thu, 12 Mar 2009 16:21:21 GMT
From: "HSBC Internet Banking"<mattythesheep@btconnect.com>
Subject: Important Banking Message
Date: Thu, 12 Mar 2009 18:21:43 +0200

X-Junkmail-Status: score=10/50, host=c2bthomr10.btconnect.com
X-Junkmail-SD-Raw: score=unknown,
refid=str=0001.0A010202.49B93696.0089,ss=1,fgs=0,
ip=41.15.157.247,

Origin IP Address = 41.15.157.247 = Vodacom Pty., Ltd, Pretoria, South Africa

Bcc:
Return-Path: mattythesheep@btconnect.com




Dear Customer

Hsbc have been receiving complaints from our Customers
about unauthorised use of their Online Bank Accounts.
As a result we periodically review certain Customers' Accounts and temporarily restrict access
to those which we think are vulnerable to unauthorised use.

This message has been sent to you from Hsbc because
we have noticed some invalid login attempts into your account.
Due to this we are temporarily limiting and restricting
your account access until we confirm your identity.




To confirm your identity and avoid limitations to your Online Banking Access,
Please click on the button below



http://www.hsbc.co.uk/ The Phishing pages are hacked into a Server in USA, which has been reported to NetCraft, McAfee SiteAdvisor and other Phishing filters.

Thank You.


Legal Advisor
Hsbc.



Accounts Management as outlined in our User Agreement, Hsbc will
periodically send you informations about site changes and enhancements.
 

Kat

Administrator
Staff member
#18
From Service HSBC
Return-Path: <service@securenet.com>
Received: from 90.18.49.29, France, Wanadoo France, [abuse@wanadoo.fr]
From: "Service HSBC"<service@securenet.com>
Subject: New Security Upgrade : We've upgraded our new SSL servers to serve our customers for a better and se
Date: Sat, 25 Apr 2009


Home - HSBC Bank UK The world's local bank

Dear Sir/Madam,

HSBC Bank Plc is hereby announcing the New Security Upgrade. We've upgraded our new SSL servers to serve our customers for a better and secure banking service,against any fraudulent activities.

Due to this recent upgrade, you are requested to update your account informations by clicking the link below.

https Securityalert HSBC co uk/1/2/ [Site leads to a Danish server and is flagged as a forgery]

HSBC Bank Plc
Security Advisor
HSBC Bank PLC.

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your HSBC Online Bank account and choose the "Help" link on any page.

HSBC Email ID # 1009
 

Garreg Ddu

Gweinyddwr
Staff member
#19
X-SID-PRA: HSBC Bank Plc <Onlineservices@hsbc.co.uk>

Received: from mail.beauthermgroup.com ([119.93.99.62]) by snt0-mc3-f44.Snt0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 4 Jul 2009 08:22:37 -0700

Origin IP Address = 119.93.99.62 = BEAUCHEM INDUSTRIES INTERNATIONAL IN, MGO Bldg, Dela Rosa cor. Legaspi Sts., Makati City, Philippines

Date: Sat, 04 Jul 2009 23:22:27 +0800
Subject: Update Your Bank Account Information
To: ********.*****@********.***
From: HSBC Bank Plc <Onlineservices@hsbc.co.uk>
Reply-To: HSBC Bank Plc <Onlineservices@hsbc.co.uk>
Return-Path: Onlineservices@hsbc.co.uk

The world's local bank

United Kingdom Home

Dear HSBC Customer:

As a bank we are used to thinking about security. At HSBC, we use industry standard security technology and practices, focusing on three key areas ? privacy, technology and identification to safeguard your account from any unauthorised access.

Our Technical services Department are carrying out a planned software upgrade for the maximum convenience of the users of online-services of the HSBC Bank.Please click on LOG ONTO INTERNET BANKING below to restore your account access as soon as possible.

>LOG ON TO INTERNET BANKING
http://www.fujistaff.co.id/.............../IBlogin.html was where the phishing pages were hacked into, but they have been reported to Netcraft and McAfee SiteAdvisor, and are flagged by IE Phishing filter.

Thank You,
Customer Advisory
HSBC Bank Plc

--------------------------------------------------------------------------------

Legal information | Accessibility | About HSBC | Site map | Issued for UK use only | (c) HSBC Bank plc 2002 - 2009.
 

Garreg Ddu

Gweinyddwr
Staff member
#20
A new format of scam, with a different twist, which may well show up for other banks.

X-SID-PRA: HSBC Bank plc <secure@hsbc.co.uk>

Received: from User [63.99.72.122] by expopc.com with ESMTP (SMTPD32-8.15) id A6DA12770290; Wed, 30 Sep 2009 04:45:46 -0600

Origin IP Address = 63.99.72.122 = MCI Communications Services, Inc. d/b/a Verizon Business, 22001 Loudoun County Pkwy, Ashburn, VA 20147, US

Reply-To: <secure@hsbc.co.uk>
From: "HSBC Bank plc"<secure@hsbc.co.uk>
Subject: This new service is all part of Hsbc !
Date: Wed, 30 Sep 2009 06:42:14 -0500
Bcc:
Return-Path: secure@hsbc.co.uk


From: HSBC Bank plc
Sent: Wednesday, September 30, 2009 12:42 PM
Subject: This new service is all part of Hsbc !




Hsbc is introducing a new automated telephone service to contact
customers that have unusual transactions or spending patterns on their account to
verify their payments.

The outbound messaging service will be introduced from the end of 2009. The
automated calls may include computer generated speech.

This new service is all part of Hsbc commitment to ensuring that we
keep our security measures up to date and protect our customers.

If you do receive a call from this service, please follow the instructions given. If you do
not recognise the payments, don’t worry, just follow the instructions and you will be
instructed what to do. Please be assured that we will never ask you to disclose any
security information relating to your account.

To ensure the service works effectively, please ensure that your telephone contact
details are up to date. If they are not, update your records so that if we need to contact
you, we have the right numbers to contact you on.

Click Here To Update Your Records: http://www.Hsbc.co.uk The hidden redirect and eventual Phishing page URL have been reported to NetCraft, McAfee, the ISP Hosts and HSBC Security. It should die soon.
 
Top