SpamBITS

BancorpSouth is very interesting for the phishing spammers. A new email spread the Internet containing false information about an important security update. The victim receive an email starts with a line saying it is with !Importance: High and claiming that there is an “IMPORTANT SECURITY NOTICE”. It is also tagged as Important!
This security update concerns “All Users” and of course an action is required. What they have to to do is:
“Must Accept New Digital Security Certificate 2007 (Security ISO 27001 Certification Consulting)”

Lets see the whole spam message:

 ! Importance:
High

BancorpSouth
Inview

IMPORTANT
SECURITY NOTICE

All Users - Must Accept New Digital
Security Certificate 2007 (Security
ISO 27001 Certification Consulting)

Customers of numerous banks have been victims of ACH
and wire transfer fraud in recent weeks, resulting in the origination of
unauthorized ACH entries and wire transfers from customers’ computer
systems.

BancorpSouth Enhanced
Security Authentication
We have enhanced the BancorpSouth
security access to further safeguard access to your account information.

IT IS VITALLY
IMPORTANT THAT YOU REMEMBER AT ALL TIMES THAT THE SECURITY AND INTEGRITY OF
YOUR CONFIDENTIAL INFORMATION AND CASH MANAGEMENT APPLICATIONS DEPEND UPON
YOUR OWN COMPUTER SYSTEM BEING ADEQUATELY PROTECTED FROM OUTSIDE THREATS.

BancorpSouth now
requires all InView users to enroll in our 2-way authentication security
system, Passmark.
You will be able to provide your Passmark information quickly and easily
using our secure server web form.
Please understand that without promptly providing your Passmark information,

your BancorpSouth Corporate Cash Management Online service may be
discontinued.

To update your Passmark at this time, please visit our secure server web
form by clicking the hyperlink below:

Login by clicking here:

https://www.bxs.com/inview/

2007 BancorpSouth Corporate Cash Management Online Passmark Services

The email claims you have take some action to protect yourself from “ACH and wire transfer fraud”. It informs you that clients of other banks have already become victims. Don’t take action immediately, check the origin of this email.
The original address the link point to is :
http://www.bxs.inview.session35047.certificate-logon2007.serial64854920-0004.kug7.com/login.htm

It has nothing in common with bxs.com except the URL starts with www.bxs
Splitting the address by dots disclose the original address:

• www
• bxs
• inview
• session35047
• certificate-logon2007
• serial64854920-0004
• kug7.com

At the end we see the original domain where this phishing spam points to: kug7.com
The email pretend to be sent From:”BancorpSouth Inview support”
But the return path is ten@ten-arquitectos.com

I don’t think I need to get in deep in those spams. It is important to remember - always look at the address where such a suspicious emails points to.