Thursday, February 22, 2007

Never Mind the UIGEA, We're Phishing For Party Poker Nickels

Here's one of those that slipped through the cracks a week or so back, courtesy of Yahoo! doing one of its random "bulk file" dumps, and ridding me of lots of e-trash. I was one of the fortunate souls who received a Party Poker phishing scam, which was quite a hoot, given that I haven't been able to play there for some months now.

I had to wait for the scam to resurface elsewhere, as it now has over at in their library of known phishing attempts. Here's what the test of the e-mail proffered:

Party Poker news!!!

Dear poker player,
Information for US and all over the World based customers on the passing of the 'Unlawful Internet Gambling Enforcement Act of 2006. On September 30, 2006, the United States Congress passed The Safe Port Act.

That measure also contained certain provisions known as the ‘Unlawful Internet Gambling Enforcement Act of 2006’. On October 2, 2006, Party Gaming made an announcement regarding the impact the act would have on business when, as expected, it is signed into law.

Please update your username:

[URL now toast]

Information About deposit:
Does not accept US accounts!Deposit options: VISA, MasterCard, NETeller, FirePay, Western Union, eChecks (by iGM-Pay)bank draft, cashier's check, money order, check.
Cash out options: NETeller, wire transfer, check, eChecks (by iGM-Pay). Party Poker+1 (866) 604-7794 (Toll free for US and Canada only)+350 41120 (International rates apply)

It wasn't even a good phish, in case you're wondering. I get at least one PayPal phish a week, including some which have been scary good, of late; fortunately, I've yet to fall for one. This Party Poker attempt was clear hokiness, and I wouldn't have mentioned at all if it weren't for its being, to the best of my knowledge, the first ever mass phishing tried on an online poker site's clientele. Websense even visited the site, showing that the phishers did try to put a bit of effort into the process, even if they did use a mailing list at least six months out of date:

[Image source:]

What's funny is that soon after the Party phish arrived, I was then buried under a whole slew of phishes, which just might be connected --- one of the fake addresses buried in the thing is, with a heavily obfuscated address that really went to forged account on a university server in Poland. These of course, used the old Nigerian 9-1-1 approach of saying that someone sent you a chunk of money, and you need to go check it out. Funny, people kept sending me money, and they were always sending me the same amount....

1 comment:

jhazen said...

I got at least one of the moneybookers phishing attempts, too. As far as I know, I've never given my email address to Party Poker, so they may have just used a generic "poker players" spam list.