P H I S H I N G

This fraudulent site aspx2.su pretends to be TDBankNorth.

Phish url: webexpress4.tdbanknorth.com.aspx2.su/wcmfd/wcmpw/CustomerVerify.htm?host=23xxfDuzsdydeekcsddseOkhb

Phishing confirmed: http://www.phishtank.com/phish_detail.php?phish_id=494657

More phishing reported: http://www.siteadvisor.com/sites/aspx2.su

W H O I S

This website was created 21 August 2008 by "Private person".
E-mail: pernille__barton@hotmail.com. Whoever this anonymous person is,
11 other domains are connected with this email.

IP Location: USA - California - Huntington Beach - Road Runner Holdco Llc

Nameservers: ns1.aspx2.su + ns2.aspx2.su + ns3.aspx2.su

The registrar is NAUNET-REG-FID: http://www.naunet.ru. It looks as if this registrar is NOT icann-Accredited. http://www.icann.org/en/registrars/accredited-list.html

The domain name alone should make you suspicious,
as SU refers to a nonexisting entity: the Sovjet Union.

Read more: http://whois.ripn.net
or http://whois.domaintools.com/aspx2.su

N O T E S

aspx2.su looked like a serial scam to me, so I searched for more. Indeed, the sequence was longer than one. I looked further and noticed series of series, like these: ssl7.su + n73.su + v95.su + aaszxr.su. Actually this is a larger spam/scam operation. Read more: http://www.matchent.com/wpress/index.php?q=node/367

C O M P L A I N

Report abuse to the bank: CustomerSecure@tdbanknorth.com
Report phishing to the registrar: support@naunet.ru
Report cyber crime to IC3: http://ic3.gov
Report USA-spam to US Federal Trade Commision FTC: spam@uce.gov
You can also report spam to http://spamcop.net
and phishing to http://phishtank.com

W A R N I N G

TDBanknorth: We are currently the target of a phishing scam where recipients of this phishing e-mail are being directed to a fraudulent website that is asking for user credentials as well as other non-public personal information. This website purports to be legitimately confirming WebExpress and eCashManager customer details as a result of a routine software update, however, this is a fraudulent site. How does this impact you? If you have entered information into this fraudulent website, you may subsequently be the victim of fraud. Fraudulent e-mail that includes links and/or attachments may contain computer viruses and/or keystroke loggers and should not be clicked on or opened. And remember, TD Banknorth will never ask a customer to confirm their account number, PIN, password or any other personal information via e-mail. How can you find out more information? If you believe you have entered any of your personal information into this fraudulent website, please contact our Direct Banking department immediately at 800-893-8554. For more information: http://tdbanknorth.com/bank/security.html

N O S C R I P T

Prevent Malicious Scripts! If you surf a lot, you meet new unknown sites all the time. Should they all be trusted at first sight? Only if you don't care about security. However, asking your browser to disable all scipts permanently is not practical. Then again accepting all scripts simply isn't safe. A differentiated response would be optimal. Here NoScript comes to the rescue: Stop malicious JavaScript and block Java, Silverlight, Flash and plugins on untrusted sites. Applets, Flash movies / application, Quicktime clips and other annoying content won't be even downloaded: save bandwidth and increase navigation speed.". Great add to FireFox security. http://noscript.net

C O M P L A I N T E R A T O R

Want to Complain? Here's an automated spam site Complaint Generator running under Windows. It drives your keyboard, mouse and screen looking up site's registrar and name servers registrars. Preview messages prepared, add your evidence, and hit "Send" to release your complaint. It's all automatic. Complainterator has suspended thousands of spammed and illegal web sites since first release. http://www.complainterator.com