View Full Version : Warning: Latest email scam... "puddle phishing"

12-01-2005, 11:23 PM
Just thought I would warn folks to watch out, and see if anyone else has seen such emails. As far I know so far, I'm the only one I've talked to who's seen this kind of email. I'd be curious to know if anyone here has seen anything similar.

I'm probably top 5-10% when it comes to being technically inclined. Software Engineering degree, my own web development company, etc. I'm no sucker when it comes to junkmail and other email fraud tactics.

But the latest one that I found in my junkmail folder really impressed me.

In the last several years, the same folks who have for a long time tried to steal your PayPal (or similar) accounts by sending you faked up PayPal, eBay, or Amazon.com emails asking you to login (using your ID and password) to confirm your account... etc.

In my experience, bogus emails have been targeted at users of high profile national companies like eBay, PayPal and Amazon.

Well lately I've noticed that I've begun to receive similar "phishing" emails supposedly from one of Tucson's local credit unions. It's a credit union that's only here in Tucson. Only a few branches. It just so happens that I've got a car loan through them, so it's not at all unreasonable that I'd get an email from them.

Because it was a local-only company that I regularly do business with, I actually gave this email a 2nd look and moved it from my Junk Mail folder to my regular folder.

Now I'm not stupid, I checked the IE toolbar before clicking on the link to see where the link was going to take me, and when it came up as an IP address instead of "mycreditunionswebsite.com", I knew it was bogus.

But it got me thinking that these people are sending out very targeted phishing emails now. Somewhere in some "phishers" database someone has linked my email address to Tucson, AZ and then identified a number of Tucson-only banks/credit unions to use in targeting me.

I did a quick google search on my full email address and noticed that there were 5 or 6 websites that my email address came up on. I've changed the sites I have access to, to remove my email address, but one of them is a list-serv at the UofA that publishes posts to the listserv on a website (funny how things end up on the web sometimes).

Anyway, I've noticed that I don't get a bunch of fake emails from Credit Unions in any other city - just Tucson. So I can tell that they've put some thought/effort into targeting me (or people).

I think that what these phishers are doing, is using google to search for "@hotmail.com" (and "@yahoo.com" and other obvious email domains), and pulling out any email address it finds in google. Then looking at the context of from the rest of the page (and maybe the IP address of the domain host) to identify the city that the email address is likely affiliated with. Then they've got a list of local banks to that city and they send out emails under the names of those banks.

It's a hell of a good scam to slip under the radar (at least momentarily) of even the most skeptical of email readers.

12-01-2005, 11:30 PM
Note: I changed the thread title because this practice appears to have a name. It's called "puddle phishing" and it appears it cropped up this past summer. Which makes sense, that's about when I remember first seeing it.

Here's an article on it.

12-01-2005, 11:42 PM
That's phreaky stuff. I should watch the sites I phrequent that want my phrickin' e-mail address so I can download a phree program.

Bob Dole
12-02-2005, 05:54 AM
Bob Dole has gotten some of them for localized banks and credit unions, but they have all been for the wrong locale.

12-02-2005, 07:45 AM
They're starting to get a little smarter with the Paypal emails. I always check the url attached in the email and, as expected, it's always some crazy address nowhere near Paypal.com. However, the latest email I got had the url with something like paypaluserservice in it instead of the normal 38.2389.892.gonnastealyourmoney.

I've been getting more and more of the Nigerian "let me have your bank account details so I can wire you $50,000,000,000,000,000" emails lately too. I discovered a site called 419eater.com, where people reverse-scam these Nigerian asses into doing things like sending them money, takings embarassing pictures of themselves, and even getting tattoos. It's a pretty funny site that I would recommend.

12-02-2005, 07:53 AM
I've been getting them for Commercial Federal Bank out of Omaha, so yes, I've been getting them, and they're locally significant.

12-02-2005, 08:49 AM
The stuff I get come from .jp or .ch domains
so out of USA making them bogus.

Bob Dole
12-02-2005, 08:53 AM
That 419eater.com is some of the funniest shit Bob Dole has seen in a long, long time.

It's right up there with threads where Denial claims to be a Chiefs fan.

12-02-2005, 09:08 AM
Bob Dole has gotten some of them for localized banks and credit unions, but they have all been for the wrong locale.

I have too. Local banks, but banks I've never heard of. Usually with a poorly writen email.

I have still yet to see a phishing scam that you wouldn't have to be a complete sap to fall for.