Gone Fishing… Sorry: Phishing – M&I

There’s an ongoing identity theft action in the air: spammers/phishers from all around the world try to basically obtain personal information from possible M&I (Marshall & Ilsley Bank, Indianapolis, Indiana, USA) clients by setting up a webpage which imitates the M&I Bank’s website.

The body of the spam messages contain text like the followings:

M&I Bank has developed new anti-Fraud feature
M&I Bank is committed to providing you with a convenient, safe and secure online banking experience, and we are continuously enhancing the security within our online banking services.
As a broader measure to help you protect your business against fraud, M&I Bank has developed a Fraud Prevention 128bit SAFE Login.
The Safe Login outlines security measures you can take to protect your company from both traditional fraudulent activity, like check fraud, as well as online fraud prevention techniques.

Start Installation 128 bit SAFE Login>>

Sincerely, Neil Egan.
Copyright 2008. Marshall and Ilsley Corporation. All Rights Reserved.

The messages contain faked envelope-address. These headers states that the messages are coming from mibank.com servers. In reality from the following net-blocks:

• 121.128.0.0 – 121.191.255.255 managed by KORTEL, Korea
• 122.32.0.0 – 122.47.255.255 managed by XPEED, Korea
• 193.110.112.0 – 193.110.115.255 managed by Satellite Net Service, Ukraine
• Lacnic managed network – Whois denied for address (?huh?)
• 212.30.31.32 – 212.30.31.63 managed by Cable & Wireless Guernsey Customer, UK

Please, if you opened the e-mail, do not follow the link from it! If you already did, do not fill the form in!

Please report any phishing message you get so we can inform people about them. See footer of this page to learn where you can send the messages.