Sponsored by..

Tuesday 3 July 2012

TD Ameritrade spam / princess-sales.net

This fake spam leads to malware at princess-sales.net:

Date:      Tue, 3 Jul 2012 21:38:09 +0530
From:      "Micah Bright" [client@notifications.tdameritrade.com]
Subject:      sbj

TD Ameritrade
Your account ending in XXX7     Log on
Your statement is now available online

Dear Valued Client,

Your statement for your TD Ameritrade account ending in XXX7 is now available online.

Access your statements
To view your statement (along with previous statements), please Log On to your account and choose "History & Statements" (under Accounts). Then click the "Statements" tab, select the appropriate month(s) under the "View statements" drop-down menu, then click the "View" button.

We're here to help
If you have any questions, please log on to your account and click "Message Center" (under Home) to write us. A representative will respond through your Message Center inbox. You can also call Client Services at 800-669-3900. We're available 24 hours a day, seven days a week.


Tom Bradley
President, Retail Distribution
TD Ameritrade

The malicious payload is at [donotclick]princess-sales.net/main.php?page=7e45713861176c6b (report here) hosted on in Korea.

No comments: