Anatomy of an AIB Phishing Email

I’m well used to getting phishing emails for American or internationally known banks but this morning an email supposedly from AIB made it past Gmail’s spam filters.

AIB phishing email

AIB posted an alert a few days ago to watch out for fraudulent emails, but this one appears to be different. I’m forwarding it on to alert@aib.ie

The content of the email is a Jpeg image, and it links to a php file on http://internetbanking.aib.ie.2.3h8ax3.com/

As the rest of this post has a number of large screenshots click the link below to read the rest. You can probably ignore this if you’re not living in Ireland. :)

Clicking on the image brings you to a very convincing AIB login screen.

Fake AIB login screen

After typing, ‘12345678’ the next screen isn’t so convincing. AIB never ask for more than 3 numbers from the PAC.

Fake AIB login screen

I typed 1 2 3 4 5 and 1234 into this form. The form even advances the cursor on to the next form element like the real AIB site does.
Finally, I got to this form where I’m supposed to enter my email address.

Fake AIB Email

If you’re interested, this is who owns the domain running the phish. Read all about it at domaintools.com:

Administrative Contact:
ah wen
        ah wen
        No.12 chang'an road
        beijing Beijing 100001
        China
        tel: 86 010 20940294
        fax: 86 010 24092049
        240@123.com

You might also like

If you like this post then please subscribe to my full RSS feed. You can also click here to subscribe by email. There are also my fabulous photos to explore too!

16 thoughts on “Anatomy of an AIB Phishing Email


  1. Hmmm, I’ll keep my eye on my inbox then.

    Although the dead giveaway is asking for 5 digits, although they could just as easily just ask for 3 digits, and then keep re-loading the Internet Banking login screen until it asks for the digits they scammed from you…


  2. It’s funny you know, whilst not AIB, I received one purporting to be from Natwest bank. Now, I have an account (inactive) with them, but never registered an email address.

    I did something similar and sent it on to the fraud dept at Natwest.


  3. I reported the same email to AIB when I got it on one of my myriad domains. The site had already been taken down…

    The scary thing is that so many people actually fall for these phishes!


  4. Got this back from AIB this morning:

    Dear Sir/Madam,

    Thank you for your email. To protect our customers, we have taken steps to have his fraudulent site closed down.

    Please do not respond to this fraudulent email, click any links or open any attachments.

    We would like to reassure you that AIB never asks customers to enter their AIB Phone & Internet Banking
    log in details or user access codes through email or in a link from an email.

    If you are concerned that you may have entered your details into any website or popup, even it if appears to have been an AIB website,
    please contact our Customer Service Advisers immediately on 1890 242424 (or if calling from abroad on +353 1 6670024), and your present Registration number, Personal Access Code (PAC) and Code Card will be cancelled and re-issued to protect your account.

    Please do not hesitate to either call our Customer Service Advisers or email us, if you would like to discuss this further.

    Kind Regards,

    etc.


  5. “Although the dead giveaway is asking for 5 digits, although they could just as easily just ask for 3 digits, and then keep re-loading the Internet Banking login screen until it asks for the digits they scammed from you…”

    Yeppers, that would be using the old noggin’.

    Luckily there’s very little one can do inside the AIB Internet banking system without a code card. I.e. you can’t transfer funds out. You can top up mobile phone accounts though…


  6. My spam inbox is literally brimming emails supposedly purporting to be Natwest bank and the rest! I posted recently on my own blog how I got phished on Ebay. I thought I was pretty savvy when came to spotting a scam (obviously not!). Luckily Ebay spotted the scam and flagged up a message and save my naive backside! I think the lesson to be learnt here is to remain constantly vigilant.


  7. ==================3D==== ==

    THE DIVISIONAL DIRECTOR
    FINANCE A ND R EMITTANCE
    ALLIED IRISH BANK20(GREAT BRITAIN)
    4 QUEENS SQUARE, BELFAST, BT1 3D J, DUBLIN (GREAT BRITAIN)
    TEL: +447010572836 (Customers Care Line)
    E-MAIL:bn kalliedirish@aol.com
    Welcome to Allied Irish Bank

    Telex:MSG-DCB 34523 DFBANK
    OUR REF: DFU/IRD/HBX/021/04
    PAYMENT #: MAV/FGN/MIN/009 )
    ATTN:
    URGENT FUND RLEASE REQUIREMENTS.

    WE ACKNOWLEDGE THE RECEIPT OF YOUR LETTER OF CLAIM AS WAS SENT TO THIS BANK BY THE COC-COLA MOBILE AWARD COMPANY (REV ROBERT MULLER).

    WE ALSO WISH TO INFORM YOU THAT YOUR FILE HAS BEEN APPROVED FOR PAYMENT AND THIS BANK IS WILLING TO DO EVERYTHING NECESSARY TO ENSURE THAT YOU ARE PAID IN FULL VALUE AND IN DUE ENTITLEMENT.

    TO THIS EFFECT, WE REQUIRE URGENTLY CERTAIN DOCUMENTS WHICH YOU MUST PROVIDE IN ORDER TO MAKE YOUR CLAIM TOTALLY LEGAL, ACCORDING TO THE RELEVANT STATUS;

    1. F.R.O FUND RELEASE ORDER FROM FINANCIAL SERVICE AUTHORITY LONDON JUDICIARY
    2. ANTI TERRORISTE CERTIFICAT AND
    3 AFIDAVIT FOR KNOW DEDUCTION FROM YOUR WINNING PRIZE

    AS SOON AS WE RECEIVE THE COMPLETE REQUIREMENTS MENTIONED ABOVE, THE MANAGEMENT BOARD OF ALLIED IRISH BANK PLC WI LL COMPLETE ALL CLAIM PROCESSES AND REM IT THE TOTAL SUM OF GBP-500,000.00 [FIVE HUNDRED THOUSAND GREAT BRITISH POUNDS] THROUGH TRANSFER OF YOUR WINNING PRIZE INTO ANY OF YOUR PROVIDED BANK ACCOUNT.

    THESE REQUIREMENTS MUST BE RETURNED TO US AS SOON A S POSSIBLE TO AVOID PAYING EXTRA CHARGES THAT MAY BE ASSOCIATED WITH LATE CLAIMS..

    NOTE: THESE REQUIREMENTS MUST BE RETURNED TO US AS SOON AS POSSIBLE TO AVOID YOUR TEMPORARY ACCOUNT BEING REGISTERED AS DORMANT, THAT MAY BE ASSOCIATED WITH LATE CLAIMS. YOU ARE ADVISED TO CONTACT COCA-COLA HEAD OFFICE ORGANIZERS, CLAIMS AGENT (REV ROBERT MULLER) Email: claimprizedep artmentuk@hotmail.com FOR GUIDELINES AND CLARIFICATIONS, REGARDING THE REQUIRED DOCUMENTS.

    YOURS FAITHFULLY,
    DR ADAMS GOODLUCK
    Executive Director.
    Tel: +447010572836
    FAX +447031890014

    SIGNED .
    DR ADAMS GOODLUCK
    Executive Director
    ALLIED IRISH BANK (A.I.B)

    DISCLAIMER: If you are NOT the intended recipient and you receive this message by mistakes either electronically or mechanically,Kindly delete it From your list or notify the ALLIED IRISH BANK of Uk

    THE BOARD

    Professor John Grant Chairman Dean of the Faculty of Law (1981-88) at the Boston University and was once a member of Council, Committee on Finance and Governing Board of Advanced Legal Studies of the Boston University .
    He holds a Masters Degree in Law and a Doctorate Degree in Property Law from Boston University, USA. Former

    Mrs. Ellen kornfeld, Group Managing Director/Chief Executive
    She attended the University of Wisconsin, USA, where she obtained the B.Sc. degree in (Cum Laude) in Accounting and later proceeded to the Graduate School of Business Administration, University of Minnesota, USA, where she obtained MBA with specialization in Finance and Management Information Systems. She later qualified as Certified Public Accountant of the American Institute of Public Accountants. She joined the Banking in 1977 as Assistant Chief Accountant and at various times headed Finance Services, Corporate Banking and International Banking Departments etc. She was Executive Director Finance Services before She was appointment as the Group Managing Director / Chief Executive in April 2006.

    Ed Harry Executive Director (Corporate Resources)
    He holds a BSC (Economics) from the University of Wales Institute of Science and Technology, Cardiff, UK. He Joined Banking in 1991.

    Mrs Elizabeth Stone, Executive Director (Operations Up Country) she holds B.Sc. degree in Accounting and Postgraduate Diploma in Finance from the Oxford University. She joined Banking in 1992 and she worked in various departments including Corporate Banking Group, International Banking Department, Special Assets Department, Finance Services, etc. She was the Deputy General Manager Finance Services before she was appointment as Executive Director in April 2006.

    Jorge Kim, Executive Director (Nottingham Operations)
    A professional accountant, he holds BSc degree in Accounting from the Helsinki University. He is a fellow of both the Institute of Chartered Accountants UK. He has worked in various departments including Corporate Banking Group, Finance Services, etc. rising to the position of Deputy General Manager Corporate Banking Group from where he was appointed as Executive Director. He joined the Bank in 1988.

    Dr.Giulio Mazzarelli, Executive Director (Information Technology and Services)

    He holds BSc degree in Economics from the Aberystwyth University, MSc degree in Operational Research from the London School of Economics and PhD degree in Management Science from the University of Manchester Institute of Science and Technology., Dr.Giulio Mazzarelli was the Deputy General Manager in charge of Strategic Development Department of the Bank.

    Rafael weil , Executive Director (Operations Up Country – South)

    He holds MSc. Banking and Finance and an Associate member of the Chartered Institute of Bankers, London. He joined the Banking in 1971 and at various times worked in the Commercial Banking Department, Corporate Banking Group, International Banking Department and Inspection Department. Until his recent appointment to the Board of Dynamic Bank in April 2006, he was the Managing Director / Chief Executive Allied Irish Bank UK plc

    pls help this is true or fals

Leave a Reply

Loading Facebook Comments ...