Just throwing this out there to see if people like this rule and if you
would like to improve it. Bank phishing usually involves a lot of
phrases to get you to give up your information. This rule looks for 5
matches out of the following list.
body __BANK_PHISH_00 /\byour account\b/i
body __BANK_PHISH_01 /\baccount ownership\b/i
body __BANK_PHISH_02 /\b(account|ownership)
.{0,9}verification\b/i
body __BANK_PHISH_03 /\bverify your\b/i
body __BANK_PHISH_04 /\bsecure\b/i
body __BANK_PHISH_05 /\bmembership details\b/i
body __BANK_PHISH_06 /\byour identity\b/i
body __BANK_PHISH_07 /\baccount activity\b/i
body __BANK_PHISH_08 /\bsecure server\b/i
body __BANK_PHISH_09 /\blog ?[io]n\b/i
body __BANK_PHISH_10 /\byour membership\b/i
body __BANK_PHISH_11 /\bupdate your\b/i
body __BANK_PHISH_12 /\bpassword|pass ?code\b/i
body __BANK_PHISH_13 /\bsuspend\b/i
body __BANK_PHISH_14 /\bsuspension\b/i
body __BANK_PHISH_15 /\bsuspended\b/i
body __BANK_PHISH_16 /\baccount information\b/i
body __BANK_PHISH_17 /\bbank account\b/i
body __BANK_PHISH_18 /\bcard services\b/i
body __BANK_PHISH_19 /\bconfirm your\b/i
body __BANK_PHISH_20 /\baccount access\b/i
body __BANK_PHISH_21 /\baccess your\b/i
body __BANK_PHISH_22 /\baccount alert\b/i
body __BANK_PHISH_23 /\bonline account\b/i
body __BANK_PHISH_24 /\bregain access\b/i
body __BANK_PHISH_25 /\baccount details\b/i
body __BANK_PHISH_26 /\bsecurity system\b/i
body __BANK_PHISH_27 /\bdear {0,9}customer\b/i
body __BANK_PHISH_28 /\baccount holder\b/i
body __BANK_PHISH_29 /\byour informations?\b/i
body __BANK_PHISH_30 /\baccount information\b/i
body __BANK_PHISH_31 /\bbank of\b/i
body __BANK_PHISH_32 /\blogin.php\b/i
body __BANK_PHISH_33 /\b(click|log ?in|log ?on) here\b/i
meta CT_BANK_PHISH (__BANK_PHISH_00 + __BANK_PHISH_01 +
__BANK_PHISH_02 + __BANK_PHISH_03 + __BANK_PHISH_04 + __BANK_PHISH_05 +
__BANK_PHISH_06 + __BANK_PHISH_07 + __BANK_PHISH_08 + __BANK_PHISH_09 +
__BANK_PHISH_10 + __BANK_PHISH_11 + __BANK_PHISH_12 + __BANK_PHISH_13 +
__BANK_PHISH_14 + __BANK_PHISH_15 + __BANK_PHISH_16 + __BANK_PHISH_17 +
__BANK_PHISH_18 + __BANK_PHISH_19 + __BANK_PHISH_20 + __BANK_PHISH_21 +
__BANK_PHISH_22 + __BANK_PHISH_23 + __BANK_PHISH_24 + __BANK_PHISH_25 +
__BANK_PHISH_26 + __BANK_PHISH_27 + __BANK_PHISH_28 + __BANK_PHISH_29 +
__BANK_PHISH_30 + __BANK_PHISH_31 + __BANK_PHISH_32 + __BANK_PHISH_33 > 4)
describe CT_BANK_PHISH Wants your account information
score CT_BANK_PHISH 8
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
