Joining the league of local banks victim of phishing attacks, Bank One makes an entry. I received an email appearing from; naturally the email didn’t originate from the bank’s servers.


Received-SPF: none ( does not designate permitted sender hosts); Authentication-Results:; spf=none ( does not designate permitted sender hosts) Received: from fisika by with local (Exim 4.85) (envelope-from <>)
Extract from email header

I think I gotta stop talking about SPF and DKIM now, as the local banks don’t feel at all concerned about leveraging their security and fight email forgery.

The email contains a link on the text AccountStament.df which would open to a fake page appearing like Bank One’s website. At the time of writing the web host has suspended that account, therefore the page isn’t available.

Nevertheless, phishing attackers would continue sending these emails while hosting pages on other compromised servers.

Update #1

An Indonesian university website was compromised and used to send the phishing emails.