Receiving phishing emails is not new to me. In fact, I blogged before about how email users can identify phishing emails.
Just three days ago, I received again an email which I thought trying to extract some sensitive information.
It was said to be an Online Alert from Maybank, the largest financial services group in Malaysia listed on the Kuala Lumpur Stock Exchange. Just check the screenshot below to see how the email looks like.

The signature below the message used the name Maybank Berhad, with a website address http://www.maybank2u.com.my
I checked the website by typing manually the URL on my browser’s address bar, and I was diverted to the legitimate website of Maybank. However, when I hovered the cursor over there I was able to check that the Maybank website was only used as an anchor text of the real site which I was about to be diverted once I clicked the link. Clicking http://www.maybank2u.com.my on the email will divert you directly to … This prompted me to conduct a WHOIS search so I can track this phising email.

The email sender used at Thu, 26 Nov 2009 00:49:46 +0100 the IP address: 85.114.46.90 from Croatia, Vukovar. Take a look on these details:

IP address: 85.114.46.90
IP address country: Croatia
IP address state: Vukovarsko-Srijemska
IP address city: Vukovar
IP address latitude: 45.3433
IP address longitude: 18.9997
ISP of this IP: OT – Optima Telekom d.d.
Organization: Vukovarsko-Srijemska Zupanija
Local Time of this IP country: 2009-11-28 05:36

85.114.46.90 Whois Information

Inetnum: 85.114.46.88 – 85.114.46.95
Netname: VSZ
Descr: Vukovarsko-Srijemska Zupanija
Descr: Zupanijska 9
Descr: 32000 Vukovar
Country: HR
Admin-c: HR2098-RIPE
Tech-c: HR2098-RIPE
Status: ASSIGNED PA
Remarks: INFRA-AW
Mnt-by: OT-MNT
Source: RIPE # Filtered

Person: Hrvoje Radman
Address: Vukovarsko-Srijemska Zupanija
Address: Zupanijska 9
Address: 32000 Vukovar
Address: Croatia
Phone: +385 32 454402
Nic-hdl: HR2098-RIPE
Mnt-by: OT-MNT
Source: RIPE # Filtered

The information on the WHOIS search I conducted is for reference only. I didn’t guarantee my readers the full accuracy of the result since I used third party software. However, I’m certain that the email is a phishing type… So beware!

To get news and updates about similar phishing scams, you can subscribe either by E-mail or by RSS Feeds.

Bert Padilla

Hi, I'm Bert! I've been blogging about technology since 2008, just a year after I graduated from college. Currently managing this blog and acting as the Editor-In-Chief as well, I keep myself busy exploring the world of tech and talk some of it here. You can connect with me on Google+ or through the other portals below.

More Posts - Website - Twitter - Facebook - YouTube

After Reading This Post, Other People Went on to Read: