Absa Phish

[Screeper]

Morning guys,
Got this email in my gmail account this morning. An exceptionally good phish I must say...

Dear Customer

Absa Bank have been receiving complaints from our Customers
about unauthorised use of their Online Bank Accounts.
As a result we periodically review certain Customers' Accounts and temporarily restrict access
to those which we think are vulnerable to unauthorised use.

This message has been sent to you from Absa Bank because
we have noticed some invalid login attempts into your account.
Due to this we are temporarily limiting and restricting
your account access until we confirm your identity.

To confirm your identity and avoid limitations to your Online Banking Access,
Please click on the button below

http://www.absa.co.za/
Thank You.

Legal Advisor
Absa Bank.

When you hover over the 'verification' link it shows http://newlook.co.za/absa.co.za/ib.html
An exact replica of Absa's login page. Just the one frame that you require to put in your details in is fake the rest of it links directly to Absa's official site.

What I was wondering was:
1) How they got my email address? I'm not an Absa customer so how would the phish'ers know that myname@gmail.com belongs to a South African user?
2) the http://newlook.co.za looks like a legit site, have the phish'ers hacked and taken over the domain or would they just put up a fake site (with quite a bit of detail)?

[Sojourn]

you probably used that e-mail addr on a south african site somewhere to register where they bought it, or you posted it in a forum?
As for the domain use... methinks they are probably in cahoots with them.

[Prime]

Got this too. For Absa and I am with sb.

[doo_much]

It's already been taken down.

[D3PART3D]

Me too. Can't remember using my email addy anywhere dodge though.

[doo_much]

Got this too. For Absa and I am with sb.

Guess that's why it's called phishing. They just had the wrong type of bait for you.

[Sojourn]

In Prime's case they should have had links to transsexual gay midget websites.
Fast easy money, he falls for it everytime. Srsly.

[KillerByte]

i recieve those mails often. Some very good attempts so I usually try login with fake details just to mess them around.

[Screeper]

It's already been taken down.

Still up for me. Just cleared my cache and it's still loading the screen.

i recieve those mails often. Some very good attempts so I usually try login with fake details just to mess them around.

Yes I get them often as well, but usually to my work email. The fact I found slightly puzzling was that it was a south african specific phish and they somehow knew my that my gmail address was from a South african user.
I guess like Sojourn said they could've picked/hacked it up from an SA registered site that I was registered on for some reason. Although I'm really careful with my email address.. hmm.. not careful enough it appears.

[doo_much]

Interesting.

Can anyone else still access that page?

[Frozenfireside]

i recieve those mails often. Some very good attempts so I usually try login with fake details just to mess them around.

dude srsly those darth vader account details are pssn me off proper. Im trying to do an honest days phishing and you are messing me around...what the hell?

Joking...crackers before I get banned for being a smart bottom.

[Ron2K]

WHOIS on the domain

[doo_much]

WHOIS on the domain

Did that first. Mailed Noise Hosting and they replied that they'd taken it down.

[KALSTER]

Got a few of those as well. Can't really muck them around too much. You can though with those idiots that mail you about some money they have to get out of their country and that they'd give you a certain percentage for helping them do it. Then when they have swindled you out of large sums of money with the promise of lots in return they disappear. I love to correspond with them for a while and take them on a wild goose chase before sending one final large in your face and f*** you email.

[Screeper]

Interesting.

Can anyone else still access that page?

I can't access it anymore.
Was accessing it at work so even though I cleared my browser cache our proxy server could've still cached it for a while..

[Hman]

I got it too, but I deleted it the instant I saw it.

[Anthro]

Should ABSA not contact one *Person's name and address*?
I got it too blocked that domain from my email server immediately lol

[Tribble]

I get them daily - just ignore them.

[Frozenfireside]

I got 5 yesterday!!!

[Prime]

In Prime's case they should have had links to transsexual gay midget websites.
Fast easy money, he falls for it everytime. Srsly.

Yeah, well after that experience with your momma, I keep hoping for more videos of her.

*keep on topic - BOTH of you... - jee*

[Hman]

I see they've got a new url