Sunday, November 18, 2012

Phishing Attempts Via Textspam

People have reported receiving text messages on their cellphones consisting of either of these two messages:
Congratulations! you have received a discount of $100 dollars on your next month bill please visit a.vz50offer.com/

or
Congratulations! you have received a discount of $100 dollars on your next month bill please visit http://veri.offerbonus50.com
Going to the vz50offer website takes you to a very well-done and convincing AT&T log-in page, while the offerbonus50 site poses as a log-in page for a Verizon account. Of course, neither of these sites is legitimate and they are both phishing sites designed to steal your personal information and passwords. Submitting any information to either of these sites can result in your becoming the victim of identity theft and unauthorized charges being made to your account.

Both of these sites are registered to the same person and here is the WHOIS information I acquired:

Domain Name: VZ50OFFER.COM
Registrant:
collins voip
Thomas Lopez Colinas (thomas-collins1@hotmail.com)
c/respaldo 27 # 401
Santo domingo
santo domingo,80956
DO
Tel. +1.8095671300
Creation Date: 12-Nov-2012
Expiration Date: 12-Nov-2013
Domain servers in listed order:
ns1.hostengel.org
ns2.hostengel.org

Administrative Contact:
collins voip
Thomas Lopez Colinas (thomas-collins1@hotmail.com)
c/respaldo 27 # 401
Santo domingo
santo domingo,80956
DO
Tel. +1.8095671300
Technical Contact:
collins voip
Thomas Lopez Colinas (thomas-collins1@hotmail.com)
c/respaldo 27 # 401
Santo domingo
santo domingo,80956
DO
Tel. +1.8095671300
Billing Contact:
collins voip
Thomas Lopez Colinas (thomas-collins1@hotmail.com)
c/respaldo 27 # 401
Santo domingo
santo domingo,80956
DO
Tel. +1.8095671300 
and also
Domain name: offerbonus50.com
Registrant Contact:
collins voip
Thomas Lopez Colinas (thomas-collins1@hotmail.com)
Fax:
c/respaldo 27 # 401
Santo domingo, santo domingo 80956
DO
Administrative Contact:
collins voip
Thomas Lopez Colinas (thomas-collins1@hotmail.com)
+1.8095671300
Fax:
c/respaldo 27 # 401
Santo domingo, santo domingo 80956
DO
Technical Contact:
collins voip
Thomas Lopez Colinas (thomas-collins1@hotmail.com)
+1.8095671300
Fax:
c/respaldo 27 # 401
Santo domingo, santo domingo 80956
DO
Status: Active
Name Servers:
ns1.hostengel.org
ns2.hostengel.org
Creation date: 12 Oct 2012 03:26:00
Expiration date: 11 Oct 2013 19:26:00

The offerbonus50 and vz50offer.com sites appear to be down. Attempting to visit either of these site resulted in a warning pop-up opening in my browser, stating that they were suspected of being phishing sites.

The servers for these sites seem to be based in the USA and are registered through GoDaddy.

Duane Browning
Posted by at

1 comment:

Anonymous said...

Thanks for posting this! (I was wondering what it was, but I didn't click on it... since wasn't sure about it.) I just got it - and it's almost the end of November...

November 28, 2012 at 8:11 AM

Post a Comment

Subscribe to: Post Comments (Atom)