Another Fifth Third Bank Phising Email

I just received another Fifth Third Bank phising email. The subject line was Dear Fifth Third Bank Cusotmer. This email contained an image that showed a message supposedly from Fifth Third Bank. The entire image is a link to the site that would perform the phishing. When I tried to access the link that the image points to, I recieved the following error.

Server Error
The following error occurred:
[code=SERVER_RESPONSE_RESET] The server response could not be read because of an error. Contact your system administrator.

--------------------------------------------------------------------------------
Please contact the administrator

The text of the email is:

Dear Fifth Third bank business/commercial customer,

Fifth Third Protection Department requests you start the client details confirmation procedure. By clicking on the link at the bottom of this letter you will get all necessary instructions how to start and complete the confirmation procedure. The following steps are to be taken by all business and commercial customers of the Fifth Third bank.

Fifth Third Protection Department apologizes for the inconveninces caused to you, and is very grateful for your cooperation.

To start the confirmation procedure, click the following link:

[a picture of a valid link is shown here]

Here is what the actual message looks like:

Read more! »

I just received another Win32.Warezov.dc virus email.

This time the spoofed from address was:

secur@scholzes.com

There is no website, that I could find, for scholzes.com. The email I received originated from a block of addresses that used by an internet provider in another part of the country, so it is unlikely that this message was actually sent from anyone at this domain.

The body of this message is:

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

Any way if you see anything like this, don't open it, just DELETE IT.

Here is the header information from this message (my info has been changed slightly, but the rest remains the same).

Return-path: <secur@scholzes.com>
Envelope-to: someaddy@davemoats.com
Delivery-date: Wed, 06 Dec 2006 09:25:29 -0700
Received: from unknown (HELO gcopghgraia) (70.182.174.151)
by 70.182.174.65 with SMTP; Wed, 6 Dec 2006 10:24:23 -0000
Date: Wed, 6 Dec 2006 10:16:23 -0600
From: secur@scholzes.com
Mime-Version: 1.0
To: someaddy@davemoats.com
Subject: Mail server report.
Content-Type: multipart/mixed;
boundary="-----------20CC820E3832E623"

-------------20CC820E3832E623
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

-------------20CC820E3832E623
Content-Type: APPLICATION/OCTET-STREAM; name="Update-KB6062-x86.zip"
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="Update-KB6062-x86.zip"

I received an email today supposedly from Fifth Third Bank addressed to an account I use for notification of issues on the web site. The email was about "my account" with this bank, and since I know I don't do business with this bank and that I would never use this address to set up an online banking account or as a primary notification account, I knew something was "Phishy".

The text of the email is contained in an image file, a gif file. Here is the textual content of that images. (I modified the links so they would not work from here).

Dear Fifth Third bank business or commercial customer,

Customer Service Department of the Fifth Third bank is in a position to let you know that it is necessary to pass the procedure of acknowledgement of your client data. In order to pick up all the necessary instructions and to start the procedure, you should click the the link at the end of the letter. This procedure is obligatory for performance for all business and commercial clients of the Fifth Third bank.
This instruction has been sent to all the business and commercial clients of Fifth Third bank and is obligatory to be followed up.
To start the procedure of acknowledgement of your personal client data please use this link:

www .53.com/businessandcorporate/isapidll/cutomerdata

We appreciate your cooperation with us and apologize for the inconvenience brought.

This message is then repeated again at the very bottom of the email.

Here is a picture of the actual message.

Read more! »