Scam (fishing) alert (BanReservas).

J D Sauser

Silver
Nov 20, 2004
2,940
390
83
www.hispanosuizainvest.com
I just got this in my company e-mail.
Since it's faking to be from a DR bank I post this here

This is a scam to try to get users to "re-enter" their private data on a fake site! Do NEVER re-enter your personal login or ATM data anywhere.

moz-screenshot-9.jpg
<form name="frmAddAddrs" action="http://address.mail.yahoo.com/yab/us?v=YM&.rand=34606&A=m&simp=1" method="post"> <input name="fn" value="Banreservas" type="hidden"> <input name="ln" value="A.C" type="hidden"> <input name="e" value="servicios@reservas.do" type="hidden"> <input name=".done" value="http://b9.mail.yahoo.com/ym/hispanosuizainvest.com/ShowLetter?MsgId=6172_1080615_7866_1941_3416_0_3701_12306_484576728&order=down&inc=&sort=date&view=&head=&box=@B@Bulk&YY=45680" type="hidden"> </form> <!-- type = text --> <table bgcolor="#ffffff" height="209" width="100%"> <tbody> <tr> <td valign="top"> <table align="center" border="0" cellpadding="0" cellspacing="8" width="66%"> <tbody> <tr> <td> <table align="center" border="0" cellpadding="0" cellspacing="0" height="96" width="97%"> <tbody> <tr> <td bgcolor="#ffffff" width="98%">
logo2.gif
?Tiene usted alguna sugerencia? Mensaje al Administrador General
noticia.GIF
</td> </tr> </tbody> </table>
<table border="0" cellpadding="0" cellspacing="0" width="609"> <tbody> <tr> <td bgcolor="#006666" valign="top" width="609">
<table style="width: 559px; height: 474px;" border="0"> <tbody> <tr> <td align="center" bgcolor="#ffffff" height="470">
banner-tarjeta.gif

BANRESERVAS
Estimado Cliente:

Debido al numero de tentativas de conexion incorrectas, BANRESERVAS por su seguridad a limitado el Acceso a su Cuenta en Linea. En tanto usted puede afrontar restricciones en sus ajustes de Cuenta, por lo cual le pedimos verificar su Informacion de Cuenta para volver a Restablecer su Acceso.

Este Monitoreo es un nuevo Sistema de Seguridad el cual verifica cada 2 Hrs los destinatarios que acceden a Nuestra Banca y se Etiquetan para tener un Control Total de su Seguridad.

Esta medida de seguridad solicitara por unica vez exclusiva verificar el estado de su cuenta y datos Personales para reportar cualquier anomalia. Por ello le invitamos a Restablecer su Cuenta ingresando a la Misma mediante los Accesos Siguientes:

<form target="_blank" id="Login" name="Login" method="post" action="https://www.banreservas.com.do/fportal/frames/LeftMenu.aspx" onsubmit="return ShowFormWarning()"> <table id="table10" style="border-collapse: collapse;" border="0" cellpadding="0" width="192"> <tbody><tr> <td>
</td> </tr> <tr> <td bgcolor="#224057"> <table id="table11" style="border-collapse: collapse;" border="0" cellpadding="0" height="19" width="192"> <tbody><tr height="20"> <td bgcolor="#89c022" height="19" valign="center" width="100%"> </td> </tr> </tbody></table> </td> </tr> </tbody></table>
Le recordamos que esta amplia medida es para ofrecer una mayor seguridad y confidencialidad en el manejo de sus cuentas.
</form>
En BanReservas nos interesa proteger su seguridad, es por ello que le aconsejamos no revelar a ninguna persona sus contrase?as, datos de usuario, pines, n?meros de cuentas y/o tarjetas de cr?dito o d?bito.
BanReservas pone a tu disposici?n, sin costo adicional nuevos servidores que cuentan con la ?ltima tecnolog?a en protecci?n y encriptaci?n de datos y recuerde si la direcci?n de procedencia no es: servicios@reservas.do
</td> </tr> </tbody> </table>​
</td> </tr> <tr> <td valign="top"> <table style="width: 571px;" border="0" cellpadding="0" cellspacing="0"> <tbody> <tr> <td bgcolor="#ffffff" width="571">



<table id="table8" border="0" cellpadding="0" cellspacing="0" width="564"> <tbody><tr> <td bgcolor="#dddddd"> <table class="tblMrg" id="table9" align="left" border="0" cellpadding="0" cellspacing="0" width="599"> <tbody><tr> <td class="v10" height="23">
Sobre Nosotros ? Cont?ctenos ? Mapa del Sitio ? Preguntas Frecuentes ? Pol?ticas de Seguridad
</td> </tr> <tr> <td height="30">
? 2008 BanReservas, C. por A. Santo Domingo, Rep?blica Dominicana.
</td> </tr> <tr> <td> </td> </tr> </tbody></table>






</td></tr></tbody></table>​
</td></tr></tbody></table></td></tr></tbody></table>​


</td></tr></tbody></table></td></tr></tbody></table>
 

Squat

Tropical geek in Las Terrenas
Jan 1, 2002
2,239
168
63
Yeah... Had the same one, twice... Out of curiosity, I visited the fake website... It was marked as a phishing site by Firefox... So I just marked the email as spam, and haven't received any since (that was about 3 months ago...).
 

Keith R

"Believe it!"
Jan 1, 2002
2,984
36
48
www.temasactuales.com
that's "phishing", not "fishing." ;)

I get (and dispose of) several of these every day, most from banks I never had a relationship with, a few from my current bank. They usually look exactly like what your bank might send, logos and all -- except (a big exception) when you roll over the links with your cursor you'll see that the links don't go to where they say they do or go to site with a wacky domain name...
 

Chirimoya

Well-known member
Dec 9, 2002
17,850
982
113
Also, the Banco de Reservas domain is 'banreservas.com.do', not 'reservas.do'
 

Hillbilly

Moderator
Jan 1, 2002
18,948
514
113
There are also a couple of gramatical errors that a bank would probably not tolerate in an email to customers..

HB
 

Chip

Platinum
Jul 25, 2007
16,772
429
0
Santiago
Here's one below that a friend sent me supposedly from Bancopopular:

Estimado Cliente de BDP.COM.DO


BANCO POPULAR: Durante nuestro mantenimiento regular y procesos de verificaci?n de los datos entregados por nuestros clientes, hemos detectado un error en la informaci?n que usted a proporcionado a la entidad bancaria.
Esto se debe a algunos de estos factores:

1. Un cambio reciente en su informaci?n personal (Cambio de direcci?n, tel?fono, etc.)

2. Que usted haya provisto informaci?n inv?lida durante el proceso inicial de registro para Atl?ntida Online o que usted no haya realizado dicho registro.

3. Accesos a su cuenta de Banca en L?nea que hayan sido efectuados desde diferentes direcciones IP.
Esto seguramente se debe a que la direcci?n IP de su PC es din?mica y var?a constantemente, o debido a que usted ha utilizado mas de un computador para acceder a su cuenta.

Por esta raz?n hemos realizado un informe detallado con la actividad de su cuenta.

Para verificar la actividad de la misma y evitar el proceso de baja de su cuenta, debe actualizar los datos que puedan ser err?neos haciendo clic en la imagen correspondiente a su tipo de cuenta:

Cuenta Personal: Banco Popular - Internet Banking

En Banco Popular nos interesa proteger su seguridad, es por ello que le aconsejamos no revelar a ninguna persona sus contrase?as, datos de usuario, pines, n?meros de cuentas y/o tarjetas de cr?dito o d?bito.
Banco Popular pone a tu disposici?n, sin costo adicional nuevos servidores que cuentan con la ?ltima tecnolog?a en protecci?n y encriptaci?n de datos y recuerde si la direcci?n
 

Lambada

Gold
Mar 4, 2004
9,478
410
0
80
www.ginniebedggood.com
When I get these from any 'bank' I forward to spoof@ or whatever the appropriate security department name is of the real bank - usually the website of the real bank has security department info on it. I don't go to the fake website because some of these contain Trojans which enable remote entry to personal details stored on one's computer.
 

J D Sauser

Silver
Nov 20, 2004
2,940
390
83
www.hispanosuizainvest.com
When I get these from any 'bank' I forward to spoof@ or whatever the appropriate security department name is of the real bank - usually the website of the real bank has security department info on it. I don't go to the fake website because some of these contain Trojans which enable remote entry to personal details stored on one's computer.


Well yes, but as these deals "from" Dominican banks are a new one to me (mostly us banks and providers), it would seem that the local banks are also not yet much used or to the issue. Today I checked to no avail the BanReservas web site for an e-mail address to forward "spoof alarms" to (?).

... J-D.
 

Rocky

Honorificabilitudinitatibus
Apr 4, 2002
13,993
208
0
111
www.rockysbar.com
I've received them from several "DR banks".
I used to forward them to the correct banks at the correct addresses and nobody ever even responded.
Apparently, the banks themselves could care less.
 

sascha

New member
Oct 4, 2007
254
0
0
When I get these from any 'bank' I forward to spoof@ or whatever the appropriate security department name is of the real bank - usually the website of the real bank has security department info on it. I don't go to the fake website because some of these contain Trojans which enable remote entry to personal details stored on one's computer.

i work in the corporate security dept of a credit union and let me tell you, this happens all the time!! the key is not to click on anything in the email or provide any personal/banking info. you wouldnt believe how many people actually do!

like lambada said...definitely try and forward the email to the "real" bank's security department. they can shut the site down to avoid trojans/spyware. unfortunately though, the minute we shut one down, another one pops up pretty quickly :paranoid:
 

Fishguy

New member
Oct 22, 2006
54
12
0
Since Mr. Mendoza's name is also associated with the Banco Popular scam, it's a pretty good bet he's at least partly involved (or someone with access to his email is).

Best bet would be to contact Banco Atlantida to find out if one of their employees is the crook.

Domain ID: D304-LRCC
Domain Name:BANCATLAN.HN
Created On:01-Jan-2000 05:00:00 UTC
Last Updated On:01-Jan-2008 19:25:33 UTC
Expiration Date:01-Jan-2009 05:00:00 UTC
Sponsoring Registrar:Red de Desarrollo Sostenible Honduras Registrar (R5-LRCC)
Status:OK
Registrant ID:119580
Registrant Name:Oscar mauricio Arita Martinez
Registrant Organization:Banco Atlantida, S.A.
Registrant Street1:Col. San Ignacio, edificio Sonisa
Registrant Street2:
Registrant Street3:
Registrant City:Tegucigalpa
Registrant State/Province:Francisco Morazan
Registrant Postal Code:N/A
Registrant Country:HN
Registrant Phone:+504.5042323797
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: oarita@bancatlan.hn

Website: Banco Atlantida

Other scam involving his email address: Article on Phishing
 

Sanation

New member
May 21, 2007
273
20
0
I would recommend reporting any phishing to the Anti-Phishing Working Group at:

APWG

I learnt about this group when I studied IT at University a few years ago. They are a "global pan-industrial and law enforcement association focused on eliminating the fraud and identity theft that result from phishing, pharming and email spoofing of all types."

The site also has some very interesting resources about phishing and how to protect yourself (APWG: Resources) and should be read by everyone online.