SunTrust Spoof: Additional ways of protecting your SunTrust access

Member for

1 year 6 months
Submitted by AlReaud on Tue, 09/27/2011 - 19:50

Updated: 11/6/2016

This is a recent phish wherein you get the following email (allegedly) from SunTrust Bank:

Subject: Additional ways of protecting your SunTrust access
From: "Suntrust"<>

SunTrust Online Banking Alert:

Banking with SunTrust Online is about to become even more secure!
As a valued SunTrust online customer, the security of your identity and personal account information is extremely important. We are installing Enhanced Online Security as an additional way of protecting your SunTrust access.

Enhancing Your Online Security Access will allow SunTrust banking to verify your identity from your computer anywhere you bank online. Your online account access information's would be recognized and be notified you've signed on to SunTrust online banking. This two-way process ensures that both parties are confident of each other's identity.
Every customer that uses SunTrust online banking is required to Re-activate his or her Online Security.

Click on sign in, in your Online Banking page for quick and easy process to Re-activate your Online SecurityAccess .

Sign in to Online Banking

Thanks for taking the time to learn about our upcoming plan for Enhanced Online Security - it's one more way that SunTrust Building Society online banking can make your online banking experience better. Endeavour to fill in your Memorable word correctly

© 2011 All Rights Reserve

Not too bad of a spoof, though paying careful attention to this page will immediately indicate that it is a phishing attack. Look carefully for things that give it away. It's from a US bank, right? What evidence stares you in the face yelling that it's a spoof? So assuming you clicked on the link above, where does it send you? It sends you to sign in at a spoof sign up page, imaged below (Tab label blurring has been used to give anonymity to the tools the author uses to explore phishing scams. Two tools that I use daily, though, are NoScript and Ghostery, both anti-spamming tools available for the Firefox browser. Clicking on the images below opens full size images in another page/tab.):

SunTrust Phish Login page.

If you got this far, well, the phishers now have your SunTrust Bank login information. Insure that you immediately contact your bank, follow their instructions, then if the bank hasn't already, change your password and User ID (if allowed). Continuing on, when you submit the above, you get sent to their fly trap, which is:

SunTrust Spoof form page where the get all your information.

If you complete this form and sign on, the phishers have every bit of information they need to steal your ID. This is a great social engineering attack, in that one has to be paying attention to things outside of the main focus, like the address bar.

In both spoofed SunTrust pages, the key is in the address bar, because though the page can be spoofed, the domain itself,, usually can't be. Does the website address start with https://? If there is no lock icon anywhere on your browser, and it doesn't say https in the address bar, are you really at your bank's website? Phishers (except in rare circumstances) can't forge the required digital certificate to spoof your bank's https address.

There is also usually subtle English language flaws in the original email. Reputed to come from a world class bank usually (but which evidences not, LOL), you will see things like:

  • © 2011 All Rights Reserve
  • your Online SecurityAccess
  • is required to Re-activate his or her Online Security.
  • …Endeavour to fill in your Memorable word correctly

So where does this lead?

The SunTrust spoof winds up leading to the followers of OBL...

Yes, to the confused followers of the long deceased Osama bin Laden… So please make sure that you pay attention to those address bars, and where you are being sent, watch the whole browser, and stay a Happy Kitty. The author will be willing to bet that the followers of OBL don't much like cats! angry

Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol type start> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id> <u> <s> <sup> <sub> <hr>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
Enter the characters shown in the image.