Just Got a Security Alert Email from ANZ...

... and it smells fishy. I found in my spam basket, reported by SpamAssassin, and apparently it tries to impersonate itself as sending from the ANZ bank. Here is the header of that email, with some information masked.

  Return-Path: <newzs@anzbank.com>
  Delivered-To: my email address
  Received: from 24-116-146-56.cpe.cableone.net (24-116-146-56.cpe.cableone.net [24.116.146.56])
          by <my email server> (Postfix) with SMTP id 2294E33B3
          for my email address; Fri, 11 Apr 2003 03:39:57 +1000 (EST)
  Received: by anzbank.com (Postfix, from userid 37123)
           id bjnd; Thu, 10 Apr 2003 21:37:49
  Received: from 24-116-146-56.cpe.cableone.net (24-116-146-56.cpe.cableone.net [24.116.146.56])
           by anzbank.com (Postfix) with ESMTP id 61149
           for <my email address>; Thu, 10 Apr 2003 21:37:49
  Subject: Security Server Update
  From: www.anzbank.com <newzs@anzbank.com>
  To: SCOTTY <my email address>
  X-Mailer: Sylpheed version 0.8.2 (GTK+ 1.2.10; i586-alt-linux)
  X-Priority: 1
  X-MSMail-Priority: High
  Mime-Version: 1.0
  Content-Type: text/html; charset="iso-8859-1"
  Content-Transfer-Encoding: 7bit
  Date: Thu, 10 Apr 2003 21:37:49

The content of the email basically says that a new security system has been installed by ANZ to avoid fraud transactions, and due to technical updates, they recommend all the ANZ account holders to re-activate their account. To do so, you need to log into www.anz.com - but the trick is, the hyperlink actually has a different href which points to http://64.46.114.91/. Hmmm. Dodgy. Why would ANZ establish their account server in Florida in US (according to the WHOIS for the above address), and why did the customer email being sent out from Cable One Inc.'s network, using a Linux box running Sylpheed as email client?

I actually went to the address, and its hosting ISP has done the right thing by suspending that account. I am hoping the Cable ISP company can also take care of this guy. I'll forward this to Cable One to see what they can do about it...