From PhishLabs Security Operations to Indybay.org

Here is the voice mail message:

https://www.indybay.org/uploads/2014/06/28/instructions_for_fabricating_foreclosure_documents.mp3

Indybay.org:

Voice Message
From +1 304 951 0269
6/12/14

From: soc [at] phishlabs.com
To: sfbay [at] indymedia.orgsfbay-web [at] lists.indymedia.org
Subject: [PL-182025] Confidential material on your site – hXXp://http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf
Date: 6/12/14

Our company investigates computer crime incidents on behalf of banks and other companies.

We have discovered that your web site, http://www.indybay.org , is hosting material that is confidential in nature and bears the Wells Fargo name without authorization.

hXXp://http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf

We kindly request that you remove this material as soon as possible.

If you believe we have contacted you in error, or if we can provide any assistance with this incident, please contact us and let us know.

Thank you for your assistance with this matter,

Eric George
PhishLabs Security Operations
soc [at] phishlabs.com
+1.202.386.6001
http://www.phishlabs.com/

From: soc [at] phishlabs.com
To: abuse [at] telx.comipadmin [at] telx.comsfbay [at] indymedia.orgsfbay-web [at] lists.indymedia.org
Subject: [PL-182025] Unauthorized Material on your website: indybay.org / 192.235.78.70
Date: 6/25/14

Hello,

Our company investigates computer crime incidents on behalf of banks and other companies.

We have discovered that your web site, http://www.indybay.org , is hosting material (PDF file) that is confidential in nature and bears the Wells Fargo name without authorization.

Link to content:
http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf
IP: 192.235.78.70

We kindly request that you remove this material as soon as possible.

If you believe we have contacted you in error, or if we can provide any assistance with this incident, please contact us and let us know.

Thank you for your assistance with this matter.

Regards,

Marnie King
PhishLabs Security Operations
soc [at] phishlabs.com
+1.202.386.6001
http://www.phishlabs.com/

From: soc [at] phishlabs.com
To: sfbay [at] indymedia.orgipadmin [at] telx.comnamehost [at] worldnic.comtie [at] telx.comsfbay-web [at] lists.indymedia.orgabuse [at] telx.com
Subject: [PL-182025] Phishing hosted on http://www.indybay.org
Date: 6/27/14

Our company investigates computer crime incidents on behalf of banks and other companies.

A site containing unauthorized material was found to be operating on your network and displaying Wells Fargo material:

192.235.78.70 – j0.ramona.indybay.org

hXXp://http://www.indybay.org/uploads/2014/03/22/wells-fargo-foreclosure-manual.pdf

If possible, please provide the following information to assist our investigation:

– Web server and FTP server log files for the past several days
– Copies of all phishing files, hack tools, or other hacker files

Finally, we kindly request that you disable or remove the site as soon as possible.

If we have contacted you in error, or there is a better way for us to report this incident, please let us know.

Thank you for your assistance,

Israel Perez
PhishLabs Security Operations
soc [at] phishlabs.com
+1.202.386.6001
http://www.phishlabs.com/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s