This morning (well it was 1 p.m.) I made an interesting discovery. Finally, after having waited for years, I got my first phishing e-mail. My penny bank wants to have all my banking information, including TANs and PIN, of course. The e-mail itself wasn’t made that bad. The e-mail address from the sender seemed to be correct, but if you took a look at the advanced header, you could have seen that the origin of the mail was
lline-202-65-134-34.pol.net.in (HELO system) [126.96.36.199] Moreover the link did not point to
sparkasse.de. but to
As you can see on the screenshot, the spam filter on our server declared the e-mail to be spam. I think I have to adjust the settings and dump more e-mails instead of forwarding them with a modified subject. Nevertheless I wanted to try out the new phishing filter inside Mozillas Firefox 2.0. Therefore I clicked the link inside the mail and it actually worked well. Firefox displayed a warning about „Suspected Web Forgery“, which is very nice in my opinion. With the new Microsoft Internet Explorer 7 came the feature of phishing filtering as well. Unfortunately IE did not detect the phishing attempt by the website. I decided to notify Microsoft about the URL by using their built-in feature for reporting phishing sites.