I’m well used to getting phishing emails for American or internationally known banks but this morning an email supposedly from AIB made it past Gmail’s spam filters.
AIB posted an alert a few days ago to watch out for fraudulent emails, but this one appears to be different. I’m forwarding it on to firstname.lastname@example.org
The content of the email is a Jpeg image, and it links to a php file on http://internetbanking.aib.ie.2.3h8ax3.com/
As the rest of this post has a number of large screenshots click the link below to read the rest. You can probably ignore this if you’re not living in Ireland.
Clicking on the image brings you to a very convincing AIB login screen.
After typing, ‘12345678’ the next screen isn’t so convincing. AIB never ask for more than 3 numbers from the PAC.
I typed 1 2 3 4 5 and 1234 into this form. The form even advances the cursor on to the next form element like the real AIB site does.
Finally, I got to this form where I’m supposed to enter my email address.
If you’re interested, this is who owns the domain running the phish. Read all about it at domaintools.com:
Administrative Contact: ah wen ah wen No.12 chang'an road beijing Beijing 100001 China tel: 86 010 20940294 fax: 86 010 24092049 email@example.com