The Newest Phishing Lure: Hex IPs Comments
I got this e-mail on Saturday:
Dear Bank of America client,
You have received this email because you or someone had used your account from different locations.For security purpose, we are required to open an investigation into this matter.
In order to safeguard your account, we require that you confirm your banking details.
The help speeed up to this process, please access the following link so we ca complete the verification of your Bank of America Online Banking Account registration information.
http://0×40164870/www.bankofam
erica.com/sslencrypt218bit /online_banking If we do no receive the appropriate account verification within 48 hours, then we will assume this Bank of America account is fraudulent and will be suspended.
The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community. We appreciate your support and understanding and thank you for your prompt attention to this matter.
Now this has all the hallmarks of a phishing scam, poor grammar, spelling, punctuation, and a bad premise for getting you to type in your personal information. Oh yeah and I don’t use BOA, so that was a help. I flagged it as a phishing scam in gmail and took a closer look at the address:
it almost looks like a weird subdomain:
http://0×40164870/www.bankofamerica.com/sslencrypt218bit/online_banking
That 0X40164870 bit is actually a IP address, just converted into hexadecimal. You can do this kind of thing yourself if you want, not phishing, but making hex IP addresses, there’s a really easy tool at KLOTH.NET that will convert an IP address for you, here’s an example using google:
First we ping Google from a command prompt (Start>>Run>> type cmd and press enter) type in ping www.google.com and you’ll get some stats, but more importantly for us, the IP address:
We plug that address into KLOTH :
And we have the Hex version of Google’s address so going to http://0×40e9A968 will take us to google! The ‘0x’ i used as a notification of a hex address. So now that you know what it is, you can avoid it!
[?]
