From: "Elavon, Inc." [sobolan@myvirtualmerchan-02.com]
Date:Fri, 06 Jan 2012 16:09:48 +0100
Subject: Urgent-Notification
--Elavon 2012 Update--
Dear Customer,
We regret to inform you that your retail merchant account is locked.
To re-activate it please download the file attached to this e-mail and update your login information.
2012 Elavon Inc,
-Please note only RETAIL account are locked-
-Example : Market Segmet : Retail-
Attached is a file called myvirtualmerchant_login.html which is the phish itself, displaying the following screen.
The form itself sends the details to mail.xinsanjing.com on 220.189.213.181. (HangZhou XinSanJing Food Co. Ltd. China) which is possibly a hacked server. In this case the email originated from 209.91.252.206 in Puerto Rico.
If you use Elavon's services, watch out for this phish.