Here's a short list of banks often spoofed in phishing scams. I'm using
this list as follows:
If the FCrDNS matches one of these domains it is ham.
If the sender or from address matches one of these domains and the
domain doesn't appear in the Received headers - it's a phish.
If anyone has any additions to the list that would be great.
2checkout.com
2co.com
abbey.co.uk
adp.com
anz.com.au
banknorth.com
bankofamerica.com
bankofoklahoma.com
bankofthewest.com
barclays.co.uk
bmm.com.au
boh.com
capitalone.com
careerbuilder.com
careercantre.com
centralbank.net
charterone.com
charteronebank.com
chase.com
chasebank.com
cibc.ca
citibank.com
citizensbank.com
clearmountainbank.com
csfcu.coop
cu.org
cuna.org
downeysavings.com
e-gold.com
ebay.com
egg.com
eppicard.com
fleetbank.com
fnb.co.za
halifax-online.co.uk
hsbc.co.uk
huntington.com
lasallebank.com
maxfcu.com
mbna.com
nafcu.org
natwest.co.uk
natwest.com
navyfcu.org
nwolb.com
paypal.com
pvfcu.org
rbs.co.uk
regionsbank.com
royalbankofcanada.com
southtrust.com
suntrust.com
suntrustbank.com
tcfbank.com
uboc.com
unionplanters.com
usbank.com
visa.com
wamu.com
wellsfargo.com
westernunion.com
