Phishing for trouble

Presto Vivace received the following email:

From online.banking@charterone.com Thu Mar 3 10:35:53 2005
Received: from lsh133.siteprotect.com ([66.113.130.226])
by worldnet.att.net (mtiwmxc14) with ESMTP
id <2005030314405301400sfedde>; Thu, 3 Mar 2005 14:40:53 +0000
X-Originating-IP: [66.113.130.226]
Received: from charterone288.com ([217.156.108.207])
by lsh133.siteprotect.com (8.11.6/8.11.6) with SMTP id j23EelD26550
for ; Thu, 3 Mar 2005 08:40:49 -0600
Message-Id: <200503031440.j23EelD26550@lsh133.siteprotect.com>
From: Charter One Banking Services
To: marshall@prestovivace.biz
Reply-To: online.banking@charterone.com
Subject: Your Charter One Bank Account
Date: Thu, 03 Mar 2005 16:40:46 +0200
MIME-Version: 1.0
Content-Type: multipart/related; boundary="663523b6-25c8-4c6e-b520-68d12e8773b3"


This is a multi-part message in MIME format
--663523b6-25c8-4c6e-b520-68d12e8773b3
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

html
head
title Charter One Bank /title
meta name=3D"keywords"
content=3D"finance,financial,online banking,personal finance,financial =
services,electronic banking,online checking,home equity loan,personal =
loan,cds,savings,wireless banking,online loans,money market,commercial =
services,business banking,business checking,lender,lender services,small =
business lending,insurance agency,life insurance,homeowners =
insurance,disability insurance">
meta name=3D"description"
content=3D"Charter One Banking Services provide our customers with banking =
services specific to them. We offer financial services, online checking and =
a variety of loans and insurance services to meet individual needs.">
link href=3D"http://www.charterone.com/styles/main.css"
rel=3D"stylesheet" type=3D"text/css"
script language=3D"JavaScript"
src=3D"http://www.charterone.com/inc/mmfunc.js" /script
script language=3D"JavaScript"
src=3D"http://www.charterone.com/inc/cob.js" script
head
body topmargin=3D"0" leftmargin=3D"0" onload=3D"globalInit()"
style=3D"background-color: rgb(255, 255, 255);" marginheight=3D"0"
marginwidth=3D"0"
table border=3D"0" cellpadding=3D"0" cellspacing=3D"10" width=3D"757"
tbody
tr
td valign=3D"top"
table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" height=3D"71"
width=3D"757"
tbody
tr
td rowspan=3D"2" height=3D"71" valign=3D"top" width=3D"157" a
href=3D"/home/" img
src=3D"http://www.charterone.com/images/nav/top/logo_cob.gif"
alt=3D"Charter One Bank Home Page" border=3D"0" height=3D"71" hspace=3D"0"
vspace=3D"0" width=3D"157" a /td
/tr
/tbody
/table
/td
/tr>
/tbody
/table
p Dear Charter One Bank customer, br
br
We recently reviewed your account, and suspect that your Charter One
Bank Internet Banking accountmay have been

accessed by an unauthorized third party.

Protecting the security of your account and of the Charter One Bank
network is our primary concern. Therefore, as a

preventative measure, we have temporarily limited access to sensitive
account features.



To restore your account access, please take the following steps to
ensure that your account has not been compromised:



1. Login to your Charter One Bank Internet Banking account. In case you
are not enrolled for Internet Banking, you will

have to fill in all the required information, including your name and
you account number.



2. Review your recent account history for any unauthorized withdrawals
or deposits, and check you account profile to

make sure not changes have been made. If any unauthorized activity has
taken place on your account, report this to

Charter One Bank staff immediately.



To get started, please click the link below:



3D"http://www.charterone.ca
http://www.charterone.com/home/default.asp



We apologize for any inconvenience this may cause, and appreciate your
assistance in helping us maintain the integrity of

the entire Charter One Bank
system. Thank you for attention to this matter.







Sincerely,



Charter One Bank Team



Please do not reply to this e-mail. Mail sent to this address cannot be
answered. For assistance, log in to your

Charter One Bank account and choose the "Help" link in the header of
any page.

/body
/html
--663523b6-25c8-4c6e-b520-68d12e8773b3--

Charterone.com is registered to Citizens Bank of Providence RI

Registrant: Make this info private
Citizens Bank (X24492-OR)
1 Citizens Plaza
Providence, RI 02903
US
Phone: 1-401-734-6459

Domain Name: CHARTERONE.COM

Administrative Contact , Technical Contact :
Pearson, Jill
(37412204P)
domainrequests@citizensbank.com
100 Sockanosset Crossroad
RDC 850
Cranston, RI 02920
US
Phone: 401-734-2771

Record expires on 21-Jul-2005
Record created on 22-Jul-1995
Database last updated on 01-Oct-2004

Domain servers in listed order: Manage DNS

NS1.ACSI.COM 12.27.25.16
NS2.ACSI.COM 63.109.235.200
NS6.ACSI.COM 12.27.25.16

Domain servers for Citizen’s bank are:

Domain servers in listed order: Manage DNS

DNSAUTH1.SYS.GTEI.NET 4.2.49.2
DNSAUTH2.SYS.GTEI.NET 4.2.49.3
DNSAUTH3.SYS.GTEI.NET 4.2.49.4

charterone.ca is registered to:

Status: EXIST
Registrar: Tucows.com Co.
Registrar-no: 156
Registrant-no: 1159018
Domaine-no: 1159018
Subdomain: charterone.ca
Renewal-Date: 2006/03/02
Date-Approved: 2005/03/02
Date-Modified: 2005/03/03
Organization: Tim Morrison
Description:
Admin-Name: Tim Morrison
Admin-Title:
Admin-Postal: Tim Morrison
temp
NEw York NY 10001 United States
Admin-Phone: 665-432-7687
Admin-Fax:
Admin-Mailbox: ssmokina@yahoo.com
Tech-Name: Tim Morrison
Tech-Title:
Tech-Postal: Tim Morrison
temp
NEw York NY 10001 United States
Tech-Phone: 665-432-7687
Tech-Fax:
Tech-Mailbox: ssmokina@yahoo.com
NS1-Hostname: ns1.fortunecity.net
NS1-Netaddress:
NS2-Hostname: ns2.fortunecity.net

fortunecity.net is registered to:

Registrant:
FortuneCity.Com Inc
500 7th Ave 15th Fl
New York, NY 10018
US

Domain name: FORTUNECITY.NET

Administrative Contact:
Admin, DNS dns_admin@ampira.com
500 7th Ave 15th Fl
New York, NY 10018
US
212-706-3000 Fax: 212-706-3100

Technical Contact:
Ampira, Ampira dns_tech@ampira.com
500 7th Avenue
15th Floor
New York, NY 10018
US
212-706-3000 Fax: 212-706-3100



Registration Service Provider:
Ampira (Fortune City), dns_tech@ampira.com
212-981-8600
http://www.ampira.com
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.


Registrar of Record: TUCOWS, INC.
Record last updated on 18-Nov-2003.
Record expires on 23-Feb-2010.
Record created on 24-Feb-1998.

Domain servers in listed order:
NS-1.AMPIRA.COM 66.179.231.6
NS-2.AMPIRA.COM 66.179.231.7

Information on Fortunecity.com from the Registry of Known Spam Operators:

Brian Kos / BK Ventures / Internet Promos

Another long time spammer. Normally spams for hire using free websites or "fake free websites" that either he, or a spamming partner run. Normally spams porn and illegal stock hyping schemes.

AKA: Kos, Bryan (BK5110) bryankos@HOTMAIL.COM
BK Ventures, Inc.
850 Bidwell St. #1004
Vancouver, BC V6G2J8 CA
604-683-5695

MORE INFO: http://www.fortunecity.com/boozers/edward/321/spamspeak.html#todd.ram