|
Softpanorama
(slightly skeptical)
Open Source Software Educational Society |
May the
source be with you,
but remember the KISS principle ;-)
|
Chronicle of Phishing Expeditions
Addressed To Softpanorama
Notes:
- This is a Spartan WHYFF (We Help
You For Free) site written by people for whom English
is not a native language.
Some amount of grammar and spelling errors should be
expected.
- The site contain some broken links
as it develops like a living tree...
Please try to use Google, Open directory,
etc. to find a replacement link (see
HOWTO search the WEB for details). We would appreciate
if you can
mail us a correct link.
|
|
|
|
Judging from the stream of e-mail scams delivered to Softpanorama
mail boxes it
looks like two largest growing categories of scams are attempts to lure
the user into revealing his financial account information (identity fraud)
or infecting the computer with Spyware and/or viruses. This page is maintained
episodically as we get another scam in our mailboxes, so you probably should
try to get a more recent information from more specialized sites.
A scam email usually contains links just clicking on which in case
your email client is outlook and is not patched can lead to undesired consequences.
If you are using Outlook think twice before clicking on any link in suspicious
e-mails. Do not download and install any component
or plug-in even if the site is suggesting it is necessary to
view the content of email. Typical scams include
Gator As of April 2002, Gator has been implicated in a
questionable practice some are calling "drive-by-downloads". In this
scheme, a normal banner or popup ad will attempt to install software (executable
code) on the user's PC. Depending on the browser's security settings, the
software will either download silently and without any user action, or present
an install dialogue. Novice users may choose "Yes" thinking the browser
is asking to download a legitimate page-display plug-in.
Ben Edelman, a Student Fellow at the Harvard Law School, has performed
detailed analysis of the Gator/GAIN software as part of a pending legal
case between Gator and sites it displays competitors' advertising on.
Always question Internet promotions and e-mail that came from strangers,
including electronic greeting cards. If promotions are too good to be
true, they probably are. In case of electronic greetings cards, always verify
pertinent information (e.g. check if the site is legitimate or a bogus,
never accept greeting cards from domains other than large legitimate free
greeting cards services like
Yahoo!
Greetings or
Hallmark Greeting Cards; in case you encounter another you should check
it using some list of reputable vendors, for example
FreebieList.com
Free Digital Postcards and Electronic Greetings).
Do not respond to the deceptive Web or email advertising. Deceptive
advertising is illegal. "A nationwide
class action lawsuit
was filed on November 25, 2002, in the Superior Court of Spokane County
against Bonzi Software, Inc. Bonzi is among the world’s most prolific issuers
of internet advertising banners. Their ads are highly misleading. See
some samples. It is Bonzi, which is responsible for those irritating
popup ads which say things like 'Your computer is broadcasting an internet
IP Address...' and 'Your internet connection is not optimized
...'"
In no way you should disclose any personal information in e-mail or
in the Internet form that was send by email (this scam is called phishing,
see for example Bank Account
Deactivation scams, or Bank loan spam);
In all such ceases email contains a form that the
user needs to fill. If e-mail
contain a form it is usually a bogus: reputable providers never send e-mail
forms to customers. The form usually contains sensitive personal
data need to withdraw money from the account. The recent scam of this kind
pretends to be from corporate payroll and it asks you where they need to
transfer your next paycheck.
| Security and trust are major issues for e-commerce
users should be especially vigilant about Internet fraud and
identity theft over the Christmas period. See for example
Ebay identity theft
scam below |
Internet scam letters are usually customized (often with the user name
in the body of the message). That makes them pretty close to normal business
correspondence and thus they are not filtered by the spam filter.
|
Internet scam letters are usually customized
and thus are not always filtered by the spam filter.
|
Phishing ("Password fishing") is the use of spam to lure people to
fake Web sites that imitate those of reputable companies, and deceive
them into divulging personal data usually credit card information.
[Dec 27, 2008] Congratulations!!! Reference Number: BMW/2551256003/23
Subject: Congratulations!!! Reference Number: BMW/2551256003/23
From: THE BMW AUTOMOBILE COMPANY
Date: Sat, 27 Dec 2008 16:10:46 -0800
... ... ...
Received: from fia-lotta (81.199.225.236) by mta2.glocalnet.net (7.3.130) (authenticated as fia-lotta@privat.utfors.se) id 492BECA8004EA306; Sat, 27 Dec 2008 16:11:51 +0100
Reply-To: bmwprizeclaimcenter@live.com
Message-ID: <492BECA8004EA306@mta2.glocalnet.net>
MIME-Version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Content-type: text/plain; charset=Windows-1251
Content-transfer-encoding: 8BIT
X-Priority: 3
X-MSMail-priority: Normal
THE INTERNATIONAL AWARENESS
PROMOTION DEPARTMENT OF
THE BMW AUTOMOBILE COMPANY.
22 Garden Close, Stamford,
Lincs, PE9 2YP, London
United Kingdom.
Reference Number: BMW/2551256003/23
Congratulations!!!
The Board of Directors, members of staff and the International
Awareness Promotion Department of the BMW Automobile Company, wishes to
congratulate you on your success as the STAR PRIZE WINNER in this end of of
year BMW Automobile International Awareness Promotion (IAP)held in London,
England.
This makes you the proud owner of a brand new BMW 2008 X6 35i
M(2008 moden) and a cash prize of Ј,750,000.00 GBP.The car comes with a
special BMW Insurance Cover for one whole year, that is, till the next
promotion in 2009.It also comes with a one year warranty and FREE repairs at
any BMW AUTOMOBILE depot or service station worldwide.
DESCRIPTION OF PRIZE VEHICLE.
YEAR: 2008
MODEL: 2008 X6 35i Sport Saloon
The selection process was carried out through random selection in our
Computerized Email Selection System(C.E.S.S.)from a database of over a million
email addresses from the world wide web drawn from all the continents of the
world.For you to collect your prizes,kindly contact Barrister Anis Rahman
through email,stating your receipt of this notification.He has been mandated to
offer you legal assistance and fascilitate the urgent delivery of your prizes
directly to you.
The Chambers of Anis Rahman
Direct Public Access Barrister
Commissioner for Oaths
1st Floor
8 - 10 Greatorex Street
London E1 5NF
EMAIL: bmwprizeclaimcenter@live.com
1. FULL NAME:
2. SEX:
3. AGE:
4. NATIONALITY:
5. RESIDENCIAL ADDRESS:
6. CITY:
7. STATE:
8. ZIP CODE:
9. OCCUPATION / POSITION HELD:
10. PHONE NUMBER:
11. FAX:
12. EMAIL ADDRESS:
Congratulations once more, and keep trusting BMW Automobile for top quality
automobiles.
Engr. Thorbjorn Andersson
DIRECTOR OF PROMOTIONS,
INTERNATIONAL AWARENESS PROMOTIONS,
BMW AUTOMOBILE.
LONDON, UNITED KINGDOM.
[Dec 19, 2008] FedEx Courier Service
Subject:
From: FedEx Courier Service
Date: Fri, 19 Dec 2008 17:40:35 +0100 (CET)
:
... ... ...
Received: from [62.99.145.15] (port=55124 helo=mx.inode.at) by mailbackup.inode.at with esmtp (Exim 4.67) (envelope-from ) id 1LDiWF-0004qy-4z; Fri, 19 Dec 2008 17:48:07 +0100
Received: from [213.47.214.141] (port=5056 helo=webmail) by smartmx-13.inode.at with esmtp (Exim 4.50) id 1LDiSD-0000IU-5e; Fri, 19 Dec 2008 17:43:57 +0100
Received: from [127.0.0.1] (helo=inode.at) by webmail.inode.at with smtp (Exim 4.67) (envelope-from ) id 1LDiOw-0001F7-VE; Fri, 19 Dec 2008 17:40:35 +0100
Received: from 196.207.3.12 (proxying for 10.0.0.67) (SquirrelMail authenticated user p.hocken@inode.at) by webmail.inode.at with HTTP; Fri, 19 Dec 2008 17:40:35 +0100 (CET)
Reply-To: admin@fedex-ng.at.tt
Message-ID: <196.207.3.12.1229704835.wm@webmail.inode.at>
MIME-Version: 1.0
X-Mailer: SquirrelMail (version 1.2.8)
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3
FEDEX COURIER SERVICE,
EDO STATE,NIGERIA
WEST AFRICA.
19th-12-2008.
Dear Customer!
SHIPMENT CODE: CPEL/OWN/9856
PARCEL #: EG2272
We have been waiting for you to contact us regarding the delivery of your
package to you. We assumed that our contact details was given to you by
Heineken.The content of your package itself is a Bank Draft worth of
$800,00.00USD.The package is registered with us for mailing by Heineken,
We are sending you this email because your package has been registered on a
Special Order.
What you have to do now, is to send us your residential address.Note that as
soon as we confirms your information, it will take only two working day
(48 hours) for your package to be delivered to you. For your
information,the VAT & Shipping charges as well as Insurance fees have been
paid by Heineken before your package was registered.Also note that the
payment that is made on the Insurance, Premium & Clearance Certificates,
are to certify that the Bank Draft is not a Drug Affiliated Fund (DAF)
neither is it funds to sponsor Terrorism in your country. This will help
you avoid any form of query from the Monetary Authority of your country.
However, you will have to pay a sum of ($160.00USD) to the FedEx Delivery
Department being full payment for the Security Keeping Fee of the FedEx
company as stated in our privacy terms & condition page. Also be informed
that Heineken would have paid for the Security Keeping fee,but we do not
accept such payment considering the facts that all items & packages that
is registered with us have a time limitation and we cannot accept payment
not knowing when you will be picking up the package or even responding to
us.So we cannot take the risk to have accepted such payment in case of any
possible demurrage.
Kindly note that Heineken did not leave us with any further information.
We hope that you respond to us as soon as possible because if you fail to
respond before the expiry date we may refer the package to the Nigerian
Commission for Welfare as the package do not have a return address.
Kindly get back to us (FedEx Delivery Post) by filling the form and send
it to the back to this office.This is mandatory to re-confirm your Postal
address
and telephone numbers.
Full Name:
Contact Address:
Country:
State:
City:
Sex:
Occupation:
Mobile/Fax No:
As soon as your details are received, our delivery team will give you the
necessary payment procedure so that you can effect the payment for the
Security Keeping Fees and hence the delivery of your package to you takes
place immediately.
Yours Faithfully,
Mrs. Asari Victor.
FedEx Online Admin Team.
Tel:+234-709-3073-270
[Nov 24, 2008] Internet Banking Upgrade
E-mail Security Information.
Chase logo
Welcome to Chase
Dear Customer,
Unsubscribing and getting in touch If you would prefer not to receive information about other products and services from us, please reply to this email with 'opt-out' in the subject line. Please don't reply to this message if you wish to contact Chase & Co. about any other matter, as we will not be able to respond to you. Instead you can contact Chase & Co. by calling us on 800 648 4833 or sending us a secure message by logging in to your accounts at www.chase.com and selecting the option to 'Report fraud and e-mail scams'. Calls may be recorded or monitored. No responsibility is accepted by the Chase & Co.in this regard and the recipient should carry out such virus and other checks as they consider appropriate.
Click Here, Security Profil Update..
Sincerely,
Customers Services
E-mail Security Information
If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here.
Note: If you are concerned about clicking links in this e-mail, the Chase Online services mentioned above can be accessed by typing www.Chase.com directly into your browser.
ABOUT THIS MESSAGE
Dear Customer, In the past few weeks we have being informing our customers about the upgrade in our security sever. To ensure your protection, we've now blocked access to your accounts. You now need to update your security. You won't be able to gain access to your accounts until you've done this.
Note: This email is confidential and for use by the addressee only. If you are not the intended recipient of this email and have received it in error, please return the message to the sender by replying to it and then delete it from your mailbox. Internet emails are not necessarily secure. The Chase & Co.do not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect systems or data.
Your personal information is protected by state-of-the-art technology. For more detailed security information, view our Online Privacy Policy. To request in writing: Chase Privacy Operations, 451 Florida Street, Fourth Floor, LA2-9376, Baton Rouge, LA 70801.
© 2008 JPMorgan Chase & Co.
[Oct 22, 2008] IN GOOD FAITH.
... ... ...
Received: from bosmailscan07.eigbox.net ([10.20.15.7])
by bosmailout02.eigbox.net with esmtp (Exim)
id 1KspxT-00023k-3P for speditor@optonline.net; Wed, 22 Oct 2008 22:29:55 -0400
Received: from bosimpinc01.eigbox.net ([10.20.13.1])
by bosmailscan07.eigbox.net with esmtp (Exim)
id 1KspxT-000115-00 for postmaster@softpanorama.org; Wed,
22 Oct 2008 22:29:55 -0400
Received: from mail.fnbnet.net ([216.146.28.239]) by bosimpinc01.eigbox.net
with NO UCE id W2Vu1a01l59YLtk092Vuj8; Wed, 22 Oct 2008 22:29:55 -0400
Received: (qmail 8064 invoked by uid 507); Wed, 22 Oct 2008 21:00:52 -0500
Received: from localhost (HELO webmail.fnbnet.net) (glhcc9551@127.0.0.1)
by mail.fnbnet.net with SMTP; Wed, 22 Oct 2008 21:00:52 -0500
Received: from 212.100.250.230 (proxying for 41.205.163.98)
(SquirrelMail authenticated user glhcc9551) by webmail.fnbnet.net with HTTP;
Wed, 22 Oct 2008 21:00:52 -0500 (CDT)
Date: Wed, 22 Oct 2008 21:00:52 -0500 (CDT)
From: "Lady Rebecca Thatcher."
Subject: IN GOOD FAITH.
Reply-to: thatcherfunds90@hotmail.com
Message-id: <37718.212.100.250.230.1224727252.squirrel@webmail.fnbnet.net>
MIME-version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-EN-OrigIP: 216.146.28.239
X-EN-IMPSID: W2Vu1a01l59YLtk092Vuj8
User-Agent: SquirrelMail/1.4.11
From: Lady Rebecca Thatcher.
No:36 Old Shrewberry Street,
London England.
Beloved,
I am Lady Rebecca Thatcher, suffering from cancerous ailment.I used to be
married to Sir Jeremy Thatcher an English man who is dead and resting
peacefully. My husband was into private practice all his life before he
passed.When my late husband was alive he deposited the sum of Twenty
Million Pounds (20,000,000.00 Million Great Britain Pounds Sterling),which
were derived from his vast estates and investment in capital market with
his bank here in UK.Presently, this money is still with the Bank.
Recently,my Doctor told me that I have limited days to live due to the
cancerous problems I am suffering from.Though what bothers me most is the
stroke that I have in addition to the cancer.With this hard reality that
has befallen me, I have decided to donate this funds to you and want you
to use this gift which comes from my late husbands hard work to fund the
upkeep of widows, widowers,orphans,destitute,the down-trodden, physically
challenged children,barren-women and persons who prove to be genuinely
handicapped financially.I took this decision because I do not have any
child that will inherit this money.
My happiness is that I lived a life worthy of emulation. Please assure me
that you will act just as I have stated herein. Hope to hear from you
soon. You can contact me through my personal email address
at:thatcherfunds90@hotmail.com
Stay Blessed as you carry out this humanitarian task.
Sincerely yours
Lady Rebecca Thatcher.
Phisher Kings
Court Your Trust
By Brian Grow
BusinessWeek Online
Computer-based fraudsters are finding new ways to trick people --
not technology -- to get the information they seek
"Lawsuit against you," reads the subject line in an e-mail that hit
thousands of in-boxes around the world last month. In flawless
legalese, the message warns recipients that they recently sent an
unsolicited fax to the sender's office. Citing U.S. civil code, its
prohibition on sending junk faxes, and an actual $11 million
settlement by restaurant chain Hooters, the missive threatens a
lawsuit over the alleged junk fax.
"If you do not pay me $500 by the deadline for payment, I intend to
sue you for violating the Telephone Consumer Protection Act," it
reads. "If you force me to sue, I will not settle for less than
$1,000." Details of the alleged lawsuit are contained in the
document attached to the e-mail.
In today's litigious -- and digital -- society, being notified of a
lawsuit via e-mail might not seem too unusual, right? Gotcha! The
e-mail is a scam that preys on deep-seated fears of being hauled
into court. Its target: unlucky recipients who may indeed be among
thousands of companies that send junk faxes.
SPAM SANDWICH. The attachment -- labeled lawsuit.exe --
is a new variant of a computer worm called Bagle. When worried
victims open the attachment, malicious code embedded in its text
downloads onto their PCs, and then swiftly harvests all their e-mail
addresses to send out even more spam. That second wave uses the
victim's personal e-mail address to send malicious code disguised
as, say, a Paris Hilton sex video, to friends and associates.
"This is one of the most innovative ideas used by spammers to target
unsuspecting users," says Govind Rammurthy, chief executive of
computer security firm MicroWorld Technologies, which sent out a
warning about the lawsuit.exe scam in March.
As Web-based scams proliferate, it's often psychological cunning,
deployed on top of surreptitious code, that is the secret to
cyber-criminals' success. Like traditional con men on the street,
Internet fraudsters need a never-ending supply of ways to convince
victims to trust them -- to open an attachment, click a link, or
innocently enter personal data on a Web page.
IN YOUR HEAD. Overpowering instincts, rather than firewalls,
is the surest means, say analysts, to pickpocket personal identities
and online bank accounts. "You can't install a software patch for a
person's mind," says Barry C. Collin, chief executive of
cyber-security consulting firm Threat and Risk Associates.
In fact, security analysts say hackers are spending serious effort
in researching the psychological vulnerabilities of potential
targets. Security firm TrendMicro's director of global education,
David Perry, says they watch news headlines for poignant world
events and often review the success of an attack by reading press
releases and corporate warnings, in order to tweak the next attack
for greater effectiveness.
Hackers also look for situations of confusion to exploit, such as a
corporate merger. For example, at Vigilar's Intense School in Ft.
Lauderdale, Fl., where they train people in ethical hacking to help
fortify digital defenses, they use a bogus e-mail from someone
pretending to be a helpdesk employee trying to verify account data
for a database that is being combined in the wake of a merger.
TRUST ME.... "There is a lot of implied trust that you can
manufacture -- and exploit," says Ralph Echemendia, an info-tech
security instructor at Vigilar's. Echemendia used the 2004 merger of
Wachovia and SouthTrust as a model to deploy the script and tap
merger chaos.
Analysts say phishing attacks also often spike after a data security
breach hits news headlines. The reason: Customers are already
anticipating a potential request to update account data and monitor
credit reports.
"It makes them more vulnerable to psychological scams," says Herbert
H. Thompson, chief security strategist for Security Innovation.
ONE-TWO PUNCH. Take the case of a phish targeting Citibank
customers this year. To build trust, it operates in two phases, say
analysts. First, an e-mail purportedly from Citibank warns that
customer accounts may have been compromised in a previous scam. But
it doesn't ask for personal information.
Instead, the scam requests an e-mail address, just in case the
victim's account is found to be hacked. Then, later, a second phish
is sent out warning that, indeed, the account has been compromised
-- and requests an update of financial details.
"Trust was built in the first step. Then, in the second step, they
asked for confidential information," says MicroWorld's Rammurthy,
who estimates some 60% of victims who received the second e-mail
provided personal and financial data.
Indeed, with overall returns from phishing attacks falling, Web
criminals are succeeding in finding novel new ways to convince users
to open documents or click links that download data-stealing
software onto PCs. Instead of directly asking the user to enter
personal data into a fake Web site, cyber-criminals are embedding
code into fake news articles or business-oriented "requests for
proposals" which, when opened, install a backdoor into the PC, then
log keystrokes. Russian security firm Kaspersky Lab estimates the
use of data-stealing code designed specifically to steal financial
information, known as Trojans, rose 402% in 2005.
SHARING THE STEALTH. The upshot: Fewer people are,
themselves, coughing up personal info, but fraud losses continue to
climb. A 2005 survey by Gartner found that just 2.5% of phish
recipients responded with personal or financial information, down
from 3% in 2004. But fraud losses connected to the theft of such
information off the Web still rose from $690 million in 2004 to $1.5
billion last year. "If I'm a scammer, I have to do something that
will make you trust me," says John Pescatore, senior vice-president
of Internet security at Gartner.
Law enforcement agents say that while the thinking behind
cyber-scams is not much more complex than age-old cons run by
offline grifters, it's clear cyber-criminals are pooling their
brainpower to devise new techniques. A DVD available in foreign
black markets called "Hacker's Handbook" contains scores of tips on
how to trick victims, according to Trend Micro's Perry.
Former hacker Kevin Mitnick, who now runs his own security
consulting firm, hosts a two-day "social engineering" conference for
clients that includes sessions entitled "Bugs in the Human
Hardware." At hacker sites such as mazafaka.ru and
astalavista.box.sk, criminals often share ideas on how, for example,
to exploit new state laws in the U.S. requiring firms to issue
warnings when customer databases have been hacked.
ROYAL SCAM. Some scam artists still plot the old-fashioned
way: by holding physical court. Law enforcement agents say Nigerian
fraudsters often gather in Internet cafes in the country's capital,
Lagos, to concoct the newest bait.
Famous for pioneering so-called 419 letters -- pleading e-mails from
bogus foreign businessmen seeking to move money out of their country
by tapping U.S. victims' bank accounts -- the Nigerian scammers are
now establishing romantic relationships in online dating Web sites
in order to dupe lonely love interests into giving up
financial information.
"It's group brainstorm," says Gregory S. Crabb, a senior
investigator for the U.S. Postal Inspection Service in Washington,
D.C., who has hunted cyber-criminals around the world.
CHEAP THRILLS. Hackers are even finding ways to take the
pain out of writing malicious code, a move that may enable more
concentration on upgrading the psychology of the cyber-scam. On Mar.
24, security firm Sophos said it had discovered a Russian Web site
selling a spyware kit called WebAttacker for less than $20. The
pre-fab software downloads a program that tries to turn off PC
firewalls, then installs a keystroke-logging device.
Already, it has been spammed-out via e-mail touting news stories
about bird flu and the recent death of ex-president of Serbia,
Slobodan Milosevic. The technical skills required to be a
cyber-criminal have been removed as an entry-level barrier. "In
order for the cyber-crime business to continue, it is going to rely
more and more on social engineering," says Ron O'Brien, senior
security analyst at Sophos.
[Jan 22, 2006] Fake letter from Ebay member. In the test link
http://contact.ebay.co.uk/ws/eBayISAPI.dll?M2MContact&item=4589070441&requested=yamama_r6&qid=1470018712&redirect=0&sspagename=ADME:B:AAQ:UK:2
is actually linked to
http://82.165.29.85/icons/small/sec/secure/index.html
From - Sun Jan 22 09:34:40 2006
X-Account-Key: account1
X-UIDL: 18677-1053906845
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <httpd@ns2.superdomein3.nl>
... ... ...
Received: from unknown (HELO ns2.superdomein3.nl) (62.212.77.89)
by ... with SMTP; Sun, 22 Jan 2006 14:11:45 +0000
Received: (from httpd@localhost) by ns2.superdomein3.nl (8.10.2/8.10.2)
id k0J6qXW12299; Thu, 19 Jan 2006 07:52:33 +0100
Date: Thu, 19 Jan 2006 07:52:33 +0100
From: mom2lindzemi <member@eBay.com>
Subject: Question from eBay Member
To: postmaster@softpanorama.org
Reply-to:
Message-id: <200601190652.k0J6qXW12299@ns2.superdomein3.nl>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 8BIT
Delivered-to: postmaster@softpanorama.org
X-Spam-Status: No, hits=1.6 required=5.0
X-Spam-Level: +
Your registered name is included to show this message originated from eBay.
Learn more <http://pages.ebay.co.uk/help/confidence/name-userid-emails.html>.
*Question about Item -- Respond Now* eBay
eBay sent this message on behalf of an eBay member via My Messages. Responses
sent using email will go to the eBay member directly and will include your email
address. Click the *Respond Now* button below to send your response via My
Messages (your email address will not be included).
Question from mom2lindzemi
This message w! as sent while the listing was *active*.
mom2lindzemi is a *potential buyer*.
Hi,
I`m realy intrested in your item please let me know as soon as posible how to
purchase it.
Thanks
James
*Respond to this question in My Messages.*
http://contact.ebay.co.uk/ws/eBayISAPI.dll?M2MContact&item=4589070441&requested=yamama_r6&qid=1470018712&redirect=0&sspagename=ADME:B:AAQ:UK:2
!!!Actually!!! <http://82.165.29.85/icons/small/sec/secure/index.html>
Thank you for using eBay
! http://www.ebay.com/
Marketplace Safety Tip *Marketplace Safety Tip
<http://pages.ebay.co.uk/safetycentre>*
*Always remember to complete your transactions on eBay - it's the safer way to
trade.*
Is this message an offer to buy your item directly through email without winning
the item on eBay? If so, please help make the eBay marketplace safer by
reporting it to us. These external transactions may be unsafe and are against
eBay policy. Learn more about trading safely
<http://pages.ebay.co.uk/safetycentre/s! elling_safely.html>.
Is this email inappropriate? Does it breach eBay policy
<http://pages.ebay.co.uk/help/policies/rfe-unwelcome-email-misuse.html>? Help
protect the community by reporting it
<http://cgi1.ebay.co.uk/aw-cgi/eBayISAPI.dll?ReportEmailAbuseshow&reporteruserid=kevinm8205&reporteduserid=yamama_r6&emaildate=2005/11/10:09:49:34&emailtype=0&emailtext=Hi+is+the+bike+hpi+clear%3F+do+you+have+any+better+pics+of+it%3F+is+this+the+original+paint+colour%3F&trackId=1470018712>.
Learn how you can protect yourself from spoof (fake) emails at:
http://pages.ebay.com/education/spooftutorial
This eBay notice was sent to kvnmtchll200@aol.com on behalf of another eBay
member through the eBay platform and in accordance with our Privacy Policy. If
you would like to receive this email in text format, change your notification
preferences <http://cgi4.ebay.co.uk/ws/eBayISAPI.dll?OptinLoginShow>.
See our Privacy Policy and User Agreement if you have questions about eBay's
communication policies.
Privacy Policy: http://pages.ebay.com/help/policies/privacy-policy.html
User Agreement: http://pages.ebay.com/help/policies/user-agreement.html
Copyright © 2005 eBay, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.!
eBay and the eBay logo are registered trademarks or trademarks of eBay, Inc.
[Dec 20, 2005] Fake Visa letter with link
to
<http://www.coheteboy.com/usa.visa.com/index.html>
From - Tue Dec 20 08:22:22 2005
X-UIDL: 17902-1053906845
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <nobody@morpheus.dnsport.com>
... ... ...
Received: from unknown (HELO morpheus.dnsport.com) (69.56.205.220)
by ... with SMTP; Tue, 20 Dec 2005 05:37:19 +0000
Received: from nobody by morpheus.dnsport.com with local (Exim 4.52)
id 1EoaBY-0007wY-2X for postmaster@softpanorama.org; Tue,
20 Dec 2005 00:37:16 -0500
Date: Tue, 20 Dec 2005 00:37:16 -0500
From: Verified by Visa <verify@usa.visa.com>
Subject: Protect your Visa
To: postmaster@softpanorama.org
Reply-to:
Message-id: <E1EoaBY-0007wY-2X@morpheus.dnsport.com>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 8BIT
Delivered-to: postmaster@softpanorama.org
X-AntiAbuse: This header was added to track abuse,
please include it with any abuse report
X-AntiAbuse: Primary Hostname - morpheus.dnsport.com
X-AntiAbuse: Original Domain - softpanorama.org
X-AntiAbuse: Originator/Caller UID/GID - [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain - morpheus.dnsport.com
X-Source:
X-Source-Args:
X-Source-Dir:
Original-recipient: rfc822;speditor@optonline.net
Verified by Visa <https://usa.visa.com/personal/security/vbv/index.html>
Verified by Visa protects your existing Visa card with a password you create,
giving you assurance that only you can use your Visa card online.
Simply activate your card and create your personal password. You’ll get the
added confidence that your Visa card is safe when you shop at participating
online stores.
You may activate now by entering your card number over our secure server
<http://usa.visa.com/personal/security/visa_security_program/vbv/privacy.html?it=il|/personal/security/visa_security_program/vbv/how_it_works.html|secure%20server>.
If your card issuer is participating in Verified by Visa (most issuers are)
you’ll complete a brief activation process. You’ll verify your identity, create
your Verified by Visa password and you’re done.
<http://www.coheteboy.com/usa.visa.com/index.html>
© Copyright 2005, Visa U.S.A. All rights reserved.
[Dec 1, 2005] Beware fake e-commerce sites offering 'bargain' Christmas
gifts.
This sophisticated fraud works when people search on the internet
for items they want to buy, and click on a link. They are then directed
to a legitimate looking web page and instructed to 'Click here to download
images' of what they want to buy. What they end up downloading is a
self-extracting zip file that installs a Trojan on their PC.
This malware then redirects legitimate financial institution links
to fraudulent websites allowing the scammer to harvest the user's details.
Between 80 and 100 new phishing websites are starting up daily. Scammers
are getting much more sophisticated and they are harder for users to
detect.
Please remember, if it looks too good to be true, it probably is.
[Dec 2, 2005] Reminder about the identity theft emails
Recently there have been a dramatic increase of identity theft attempts
activity directed toward e-commerce site users: a sharp rise in so-called
phishing e-mails, which attempt to steal consumers' user names and passwords
by imitating e-mail from legitimate financial institutions (mainly banks).
The most recent example of such fraudulent letter is reproduced below:
Please note that all such financial scam attempts usually contain
a link in the email and a demand for immediate action to use this link
with wording like "process is mandatory", "your account may be subject
to temporary suspension." or "This instruction ... is obligatory to
follow". Please be aware that presence of such link and any "demanding
action" phases is a sign of financial scam.
We advice you to call your bank in case the letter addresses to you
looks credible. Never try to answer such requests by mail. Never put
your any financial data into the forms that are links to emails.
[Aug 18, 2005] Another Citibank scam
Subject: PIN Number Update From Citibank
From: "Citi Identity Theft Solutions" <admin34@citibank.com>
Recently there have
been a large number of identity theft attempts targeting Citibank customers.
In order to safeguard your account, we require that you update your
Citibank ATM/Debit card PIN.
This update is requested of you as a
precautionary measure against fraud. Please note that we have no particular
indications that your details have been compromised in any way.
This process is mandatory, and if not
completed within the nearest time your account may be subject to temporary
suspension.
Please make sure you have your Citibank ATM/Debit card and recent statement
at hand.
To securely update your Citibank ATM/Debit
card PIN please go to:
https://www.citibank.com /signin/citifi/scripts/login2/update_pin.jsp
Please note that this update applies
to your Citibank ATM/Debit card - which is linked directly to your checking
account, not Citibank credit cards.
Thank you for your prompt attention to this matter and thank you for
using Citibank!
Regards,
Beryl Arroyo
Head of Citi® Identity Theft Solutions
Copyright
2004 Citicorp. All rights reserved.
Do not reply to this email as it is an unmonitored alias.
'Constant
siege'
The trend neatly follows
a sharp rise in so-called phishing e-mails, which attempt to steal consumers'
user names and passwords by imitating e-mail from legitimate financial
institutions. A Gartner study released in May showed at least 1.8 million
consumers had been tricked into divulging personal information in phishing
attacks, most within the past year.
Phishing attempts
designed specifically to steal bank information began to skyrocket about
10 months ago, according to Dave Jevans, chair of the Anti-Phishing
Working Group. Overall, phishing e-mails have jumped 4,000 percent in
the past six months, and just last month, Citibank overtook eBay as
the most common target. The company faced an average of 16 attacks per
day, and 475 separate phishing attacks during April, an increase of
nearly 400 percent from March.
Citibank didn't
immediately return requests for comment.
"It's working,
there's no doubt about that...There's people who are under constant
siege now," Jevans said. "It's like people setting up fake ATMs everywhere."
Some days, banks
are targeted dozens of times, which not only leads to identity theft,
but also jam-packed customer service telephone lines.
"Clearly the issues
are far more significant than anyone expected they would be. Phishing
and spoofing (setting up look-alike bank Web sites) are really getting
to people," said Larry Ponemon, founder of privacy think tank Ponemon
Institute, and a bank consultant. "It is an epidemic. It's a very big
problem."
Creative
ways to drain accounts
But phish isn't the only way criminals gain access to online bank accounts,
according to industry experts. Computer criminals are becoming increasingly
proficient at writing Trojan horse programs and keyloggers that steal
passwords and account information. Such secret malicious programs, which
exerts say are more widespread than many realize, could be the cause
of up to half the account takeovers, Litan speculated.
Such programs can
be installed on home users' computers through virus-laden e-mails. People
who do their online banking at public computers, such as at Internet
cafes, are also at risk from this kind of password swiping.
With college tuitions skyrocketing,
families are looking for creative ways to pay for their children's
education.
But unfortunately, the Federal Trade
Commission says many families fall prey to scholarship and financial-aid
scams in the process.
The FTC has taken action against
12 financial-aid companies in the last four years.
In one case alone, at least 12,000
families were taken for more than $13 million. The companies made
promises for college money that was never received.
But the best advice from college
financial advisors is don't pay for what you can get for free.
John Casdorph has spent 25 years
helping students find financial aid at Cal State-Bakersfield. He
warned families to be weary of companies that offer financial-aid
services for a fee.
"The chancellor's office at CSU has
a position on companies that charge to provide a search service
for financial aid and they don't encourage students to use those
services," Casdorph said.
One New York-based company, Edifi,
is coming to Bakersfield this weekend to host a free workshop. However,
there is a price tag attached. If consumers decided to use Edifi
while at the workshop, they are charged $895. However, if they wait,
then the price goes up to $1,295.
Connie Alarcon of the Better Business
Bureau said consumers shouldn't sign under pressure.
"If you are going to a workshop and
they are telling you that you need to sign 'this document, at this
point in time or the discount isn't available to you,' it's better
that you are safe than sorry," Alarcon said.
Edifi has an unsatisfactory record
with the New York BBB, but has not been investigated by the FTC.
John Braat, the chief operating officer
for Edifi, defended his company and said that Edifi has been working
to resolve complaints and improve its BBB rating.
Alercon said consumers should rely
on the BBB report.
"We are here to help educate consumers
and to help them from getting scammed or be in a situation where
they aren't going to get their money back," Alercon said.
Casdorph said you should use your
free services from local colleges and university financial-aid offices.
"We exist here as a financial-aid
office to help students for free. We'll counsel them on financial-aid
applications. We'll help them fill out forms. We'll even give them
direction on how to search for scholarships, which is the harder
part of financial aid," Casdorph said.
You can use CSUB, Bakersfield College,
or any community colleges financial-aid services for free, even
if you haven't been accepted as a student.
To contact the CSUB financial office,
call (661) 664-3016 or stop by during office hours. To contact Bakersfield
College, call (661) 395-4427.
[May 12, 2004] Very similar to PayPal scam. Bank account scams: email
tries to fool the users into filling a email form with their account information.
Can take several forms, see below
Dear U.S. Bank account holder,
In an effort to protect your U.S. Bank account from future fraudulent
activities, we have issued this Information Alert.
We hereby recommend that you make an amendment to your account security
features. Once you have amended your account information, your access
to your bank account will not be interrupted and will continue as normal.
However, failure to make this amendment may result in your account suspension
for a certain period of time.
Please fill in your account information and make necessary amendments
below:
Before you reactivate your account, all payments have been frozen,
and you will not be able to use your account in any way until we have
verified your identity.
Q1: How to recognize Citibank Spoofing scam
A: While such e-mails appear to be from a well-known company they are
easily detectable as real web site the links lead to is different from the
web site shown in a link. For example link can be
https://web.da-us.citibank.com/Iogin.ref.49/scripts/cIient_conf.jsp
but actual website that is shown in the left bottom of IE screen
if you move the mouse to the link without clicking on is different,
for example
http://213.2.96.94:87/cit/index.htm
In any case banks are now never sen you emails that contain forms,
this is a very unsecure practice. This actual link leads to a
spoof web site which provide a form for updating or confirming sensitive
personal information. To bait you, they may allude to an urgent or threatening
condition concerning your account.
Please note that even if you don't provide what they ask for, simply
clicking the link could subject you to background installations of
key logging software or viruses.
Q2: I got a email with the subject
Re: official Information To Citibank
Clients [Wed, 10 Nov 2004 12:41:38 +0200]
[The letter with Citibank scam is attached]
This seems to be a scam of some sort. I suspect the java script they reference
attempts to exploit some weakness in Windows. Should I send such things
that make it through the spam filter to you or someone else, or what?
A: No this is a typical Citibank financial
scam letter: they have a form where you can of your financial data
that are enough for money transfers and they usually try to withdraw money
from this account as soon as they get the data.
A new phishing e-mail, purporting to be from the bank you use informs
your that the bank blocked your account for some reason, for example
"connected with money laundering, credit card fraud, terrorism and check
fraud activity." It also said the bank sent account data to
government authorities, and may have changed some accounts. Many types
of this scam originated oversees and carry grammatical or typographical
errors, for example:
"Citibank notifies all it's (sic)
customers in cases of high fraud or criminal activity and asks you
to check your account's balances"
or
"if you suspect or have found any
fraud activity on your account"
[Dec 2, 2004] Reminder to about the identity theft emails
Recently there have been a dramatic increase of identity theft attempts
activity directed toward e-commerce site users: a sharp rise in so-called
phishing e-mails, which attempt to steal consumers' user names and passwords
by imitating e-mail from legitimate financial institutions (mainly banks).
The most recent example of such fraudulent letter is reproduced below:
Please note that all such financial scam attempts usually contain
a link in the email and a demand for immediate action to use this link
with wording like "process is mandatory", "your account may be subject
to temporary suspension." or "This instruction ... is obligatory to
follow". Please be aware that presence of such link and any "demanding
action" phases is a sign of financial scam.
We advice you to call your bank in case the letter addresses to you
looks credible. Never try to answer such requests by mail. Never put
your any financial data into the forms that are links to emails.
Thank you for your cooperation.
An email tries to fool the users into filling a email form with thier
account information. As MSNBC article
Survey
2 million bank accounts robbed suggests:
'Constant
siege'
The trend neatly follows
a sharp rise in so-called phishing e-mails, which attempt to steal consumers'
user names and passwords by imitating e-mail from legitimate financial
institutions. A Gartner study released in May showed at least 1.8 million
consumers had been tricked into divulging personal information in phishing
attacks, most within the past year.
Phishing attempts
designed specifically to steal bank information began to skyrocket about
10 months ago, according to Dave Jevans, chair of the Anti-Phishing
Working Group. Overall, phishing e-mails have jumped 4,000 percent in
the past six months, and just last month, Citibank overtook eBay as
the most common target. The company faced an average of 16 attacks per
day, and 475 separate phishing attacks during April, an increase of
nearly 400 percent from March.
Citibank didn't
immediately return requests for comment.
"It's working,
there's no doubt about that...There's people who are under constant
siege now," Jevans said. "It's like people setting up fake ATMs everywhere."
Some days, banks
are targeted dozens of times, which not only leads to identity theft,
but also jam-packed customer service telephone lines.
"Clearly the issues
are far more significant than anyone expected they would be. Phishing
and spoofing (setting up look-alike bank Web sites) are really getting
to people," said Larry Ponemon, founder of privacy think tank Ponemon
Institute, and a bank consultant. "It is an epidemic. It's a very big
problem."
Creative
ways to drain accounts
But phish isn't the only way criminals gain access to online bank accounts,
according to industry experts. Computer criminals are becoming increasingly
proficient at writing Trojan horse programs and keyloggers that steal
passwords and account information. Such secret malicious programs, which
exerts say are more widespread than many realize, could be the cause
of up to half the account takeovers, Litan speculated.
Such programs can
be installed on home users' computers through virus-laden e-mails. People
who do their online banking at public computers, such as at Internet
cafes, are also at risk from this kind of password swiping.
It can take several forms, for example
Recently there have
been a large number of identity theft attempts targeting Citibank customers.
In order to safeguard your account, we require that you update your
Citibank ATM/Debit card PIN.
This update is requested of you as a precautionary measure against
fraud. Please note that we have no particular indications that your
details have been compromised in any way.
This process is mandatory, and if not completed within the nearest
time your account may be subject to temporary suspension.
Please make sure you have your Citibank ATM/Debit card and recent statement
at hand.
To securely update your Citibank ATM/Debit card PIN please go to:
https://www.citibank.com /signin/citifi/scripts/login2/update_pin.jsp
Please note that this update applies
to your Citibank ATM/Debit card - which is linked directly to your checking
account, not Citibank credit cards.
Thank you for your prompt attention to this matter and thank you for
using Citibank!
Regards,
Beryl Arroyo
Head of Citi® Identity Theft Solutions
Copyright
2004 Citicorp. All rights reserved.
Do not reply to this email as it is an unmonitored alias.
===================================================
Dear U.S. Bank account holder,
In an effort to protect your U.S. Bank account from future fraudulent
activities, we have issued this Information Alert.
We hereby recommend that you make an amendment to your account security
features. Once you have amended your account information, your access
to your bank account will not be interrupted and will continue as normal.
However, failure to make this amendment may result in your account suspension
for a certain period of time.
Please fill in your account information and make necessary amendments
below:
Before you reactivate your account, all payments have been frozen,
and you will not be able to use your account in any way until we have
verified your identity.
====================================================
You will usually receive a e-mail from some server on the internet that
a particular mail cannot be delivered. When you look at the subject line
it's immediately clear that this is spam that is distributed to other people
using your address as "from" address.
This is a typical spam senders trick. They used your address as "from"
address to send some questionable staff to other users, often hundreds of
them.
The other common source is Klez worm.
No need to open the ticket: we can do nothing about this problem -- it's
connected with the weakness of current version of mail protocol (SMTP) which
was designed in good old days of Internet. It makes forging "from" address
trivial and that is the weakness that spammers abuse.
See Ebay Identity Theft Scam
below for more information.
This scam involved e-mails that asked recipients to log on to a Florida-based
Web site, ebayupdates.com, and re-enter financial data for eBay.
The scam site sported the eBay logo and colors. Representatives of eBay
were not immediately available for comment, but the company has issued a
general warning on its Web site, urging caution over e-mails seeking passwords
or credit card numbers.
"Some members have reported attempts to gain access to their personal
information through e-mail solicitations that are falsely made to appear
as having come from eBay," the company said.
"These solicitations will often contain links to Web pages that will
request that you sign in and submit information...eBay employees will never
ask you for your password."
The scam e-mail, usually has subject "Ebay billing error" and begins:
Dear Ebay Member,
We at Ebay are sorry to inform you that we are having problems with
the billing information of your account.... ... ...
Beware of the next electronic greeting card you receive. It may not be
quite so friendly.
An e-card scam is circulating, conning people into clicking onto a phony
Web site where they can download a virus or enable an attacker to snatch
up their address book to spam their co-workers and friends. MessageLabs
Inc., a British company with U.S. headquarters in Minneapolis, has put out
an alert, warning users to stay clear of the latest online scam.
''It's a scam, really,'' says Angela Hauge, technical director at MessageLabs.
''The email itself does not contain a virus but it directs people to a Web
site where they can download a virus... or they might grab up everyone in
your address book...''
MessageLabs warns users that the scam, at first, comes off as an actual
email greeting, which are becoming increasingly common, even on corporate
accounts.
The email often says, ''I sent you a greeting. Please pick it up by clicking
on the link below.''
The Web site originally mentioned in the email, according to MessageLabs,
was hosted by FriendGreetings.com. But MessageLabs also has seen variations
on the original email that contains links to several similar Web sites,
such as cool-downloads.com or .net, and friend-cards.com or .net.
Hauge says it's fairly simple to distinguish a real e-card from the scam.
''When you go to a greeting card Web site, you should be able to view
your greeting automatically,'' she explains. ''You shouldn't have to download
anything. If you're asked to do that, don't and get out of there.''
America Online owns the AOL-InstaKiss.com domain, and American Greetings
Corp. holds a trademark on the term "InstaKiss," but the companies haven't
been able to stop Internet scam artists from trading on the name.
Security experts warned that similar scams are likely to resurface elsewhere
on the Internet - and separate unwary users from their online accounts.
The initial variant of this fraud, varieties of which have been used
for nearly two years, plays off a legitimate e-greeting service (AOL Keyword
InstaKiss) offered by AmericanGreetings.com, the online unit of the greeting
card giant, and promoted at America Online's singles area, LoveAtAOL.
The operator of the latest password-stealing site this week sent a bogus
invitation to AOL users by instant message and e-mail. The message informed
recipients that they had been sent an "AOL InstaKiss" by "someone who thinks
very highly of you." By clicking a link in the message, the AOL user could
receive his or her InstaKiss, according to the come-on.
For example one such site was located at
http://www.webcomps.org/instakiss/
and used to have a fake AOL logo and instructed visitors to type in their
AOL screen name and password to receive their InstaKiss. After users complained
about the site, EarthLink Network shut down the page. But an Internet search
using Google search engine can produce several still functional bogus sites
that employ the same InstaKiss "phishing" scheme, as hackers refer to such
password-stealing techniques. Besides mimicking AOL's site design, it featured
links to destinations at the online service for added credibility.
Most of the bogus InstaKiss sites are hosted by free Web page services
such as Lycos' Angelfire.com. Several rely on Web address redirection services
such as Russia's Da.ru, which enable the scammers to create a site with
an address such as http://aol-instakiss.da.ru.
This scam belongs to the so-called "social engineering" techniques employed
by hackers.
Average Internet users, who are generally not security savvy are very
likely to fall for this kind of scam. The "phish accounts" are used
for a variety of purposes, ranging from free Internet access to identity
theft.
The controversial Friend Greetings software create by Panama-based Permission
Media ( www.friendgreetings.com
) is currently causing spam outbreaks. A message arrives inviting the recipient
to view an e-greeting on its website.
To see the card users must launch an ActiveX control, which automatically
sends marketing material to everyone on the user's Outlook contacts list.
The company does mention this, but it is buried in a lengthy licence
agreement.
Naive users are still clicking on the 'yes' button and installing the
software, despite all the warnings.
Details of this can be found on the McAfee website
here.
In truth Friends Greeting isn't a Trojan, much as I hate to defend the
company that put it out. It does tell users what it is doing to do.
Deceptive advertising is illegal. "A nationwide
class action lawsuit
was filed on November 25, 2002, in the Superior Court of Spokane County
against Bonzi Software, Inc. Bonzi is among the world’s most prolific issuers
of internet advertising banners.
Ads are highly misleading.
See
some samples. It is Bonzi, which is responsible for those irritating
popup ads which say things like 'Your computer is broadcasting an internet
IP Address...' and 'Your internet connection is not optimized
...'"
Bonzi’s website has been ranked as one of the most frequently visited
websites in the world.
Escrow companies act as a third-party referee, taking payment from Internet
aution buyers, but not releasing the money to sellers until the goods are
delivered. They help to avoid fraud in Internet auction sales of big-ticket
items such as jewelry or cars. This option is widely used on eBay.
Scam artists try to tricking auction buyers into wiring money to fraudulent
bank accounts. The criminals build elaborate fake escrow Web sites, with
convincing names like Simple-Escrow.net and WhyEscrow.com. Often, the Web
sites are set up to imitate legitimate escrow services; to an untrained
eye, it can be impossible to tell the difference.
The criminals then set up a trap auction on a popular auction site like
eBay. When a winner asks how to make payment, the seller insist on the use
of a particular escrow service. Then, the winner is steered to the fake
service essentially wiring money to the con artists’ bank account.
A legitimate escrow service which was mimicked by the con artists told MSNBC.com
that it had heard from over 50 victims during the past two months. A company
employee, who requested anonymity, said the average victim had lost over
$10,000, with some having sent as much as $30,000 thinking they were buying
items like gold watches, jewelry, or cars.
Since the money was sent via wire transfer, there is often no recourse
for victims, especially if they were destined for overseas accounts.
Consumers should never buy or sell items to anybody who insists on using
a specific escrow service. Propose an alternative — if that disturbs the
other party, they are almost certainly con artists. If the escrow
service and the seller appear to be working closely together, that’s also
a bad sign. One victim MSNBC spoke to got instructions on how to send money
to the escrow company from the seller’s e-mail address, for example. And
wiring money to a bank outside the country is always a bad idea, experts
say.
For more information, see
Phishing for your identity
The newest scams to hit the Web are authentic-appearing
e-mails requesting verification of financial information. The scam technique,
nicknamed "spoofing" or "phishing" (as in "fishing for information" but
with a "p" like "phony"), is causing so many problems that the FTC, the
Federal Bureau of Investigation, the National Consumers League and Earthlink
held a press conference recently in Washington, D.C., to raise the public's
awareness of the problem.
"Bogus e-mails that try to trick customers into giving
out personal information are the hottest, and most troubling, new scam on
the Internet," says Jana Monroe, Assistant Director of the FBI's Cyber Division.
In this scam, the phisher sends out a legitimate-looking e-mail that
claims to be from a company the reader does business with and tells the
reader that there is an account error, possible fraud or other problem with
the account. The reader is asked to click on a link in the e-mail and enter
account information on the linked Web site. The link takes the reader to
a phony Web site that gathers the information and could use the information
to drain the reader's bank account, charge up their credit card and steal
their identity.
Recently, it was reported that con artists were attempting
to trick EBay, PayPal, AOL, BestBuy.com and Discover Card users into revealing
their Social Security number, bank account and credit card information.
Now, we learn that the same trick is being used on customers of Earthlink
and SonyStyle.com.
All of these companies have stated that they would never ask their customers
for personal information in an e-mail.
Remember that
anyone can build a legitimate-looking Web site. Don't fall for this
scam.
Tax rebate scam
Knowing that many parents are eager to get their Advance Child Tax Credit,
con artists having been calling American homes, promising to speed up the
rebate process for a fee of $39.99 -- to be placed on a credit card. While
the tax credit of as much of $400 per child, issued by the government is
real, the promise of the cons is not.
The Internal Revenue warns that persons who give the cons their credit
card number may find large charges on their bill -- and their tax credit
won't be coming any sooner.
The IRS began sending out the
tax credit checks July 25.
"The only thing the taxpayer needs to do is cash the check," said Mark
W. Everson, IRS Commissioner. "If you qualify, we will send you a notice.
There's no need to call, no need to apply, no need to fill out another form.
The IRS will do all the work. A few days after the notice, you will get
the check."
This scam is similar to other
tax scams the IRS has reported in the past.
When U.S. troops shipped out to Iraq, con artists
headed for Americans' wallets, using patriotism to make a profit.
Unfortunately, this is not a new phenomenon. "Fraud perpetrators pick newsworthy
events to trigger interest in their marketing ploys," says Ken Hunter, president
and CEO of the Council of Better Business Bureaus. The latest batch of con
artists are profiting off the war effort in a number ways -- from hawking
deals on unnecessary survival gear to collecting for bogus charities.
Would you pay $100 a month to get daily updates on your family member
serving in the military? Many families would, but that's not a service the
government is selling. It's a scam thought up by con artists. Jerry Maness
of Service, Ala., has a nephew named William who is serving in the Navy.
Maness received a call in early April from a man who seemed to think he
was talking to William's father -- not his uncle. The caller promised that
for $100 a month his company would give Maness a daily update on William's
status. The man asked for Maness's credit card number. Maness didn't fall
for it. He called the sheriff.
Federal banking regulators say scam artists are impersonating banks around
the country and committing both ID theft and wire fraud. The scam starts
with fake ads in newspapers, complete with authentic bank logos, regulators
say. The ads offer great loan terms, but the supplied phone numbers actually
connect callers to the alleged perpetrators. Consumers who agree to refinance
their home loans then lose all their personal information, and usually the
first month’s payment, too. Fifty financial institutions have been so impersonated,
the Federal Deposit Insurance Corp. says.
The Federal Deposit Insurance Corporation recently released a warning
to consumers about bogus ads placed in small or community newspapers. The
bogus ads offer mortgage, small business, debt or consolidation loans. The
ads look real because they use the logos of real banks -- but with different
contact information. The contact numbers in the ads have been traced to
prepaid cell phones.
Potential victims who apply for these bogus loans
are asked to provide their Social Security number and are then told their
loan has been granted. The scammers fax the victim a loan application, requesting
bank account information and sometimes a copy of the applicant's driver's
license and Social Security card. The scammer then asks for an advance payment
through a Western Union wire transfer. Only when the fake loan never appears
does the victim realize what has happened -- he's wired cash to a thief
and his identity has been stolen.
The FDIC warns that you should be suspicious of any bank that requests
you to wire money outside of the banking system or to what the scammers
are calling a "third-party consultant."
If you think you may be a victim of this scam, you should file a complaint
with the
Federal Trade Commission and contact one of the
credit bureaus to request a fraud alert be placed on your credit report.
The FDIC has discovered that the scammers are communicating with the
newspapers through prepaid cell phones purchased in Canada. This scam sounds
remarkably similar to another
advance loan scam being run out of Canada.
The recent scam of this kind pretends to be from corporate payroll and
it asks you where they need to transfer your next paycheck. Please remember
that corporate payroll uses WEB form for this and in no way your bank accounts,
credit card numbers or social security numbers can be disclosed in email
to anybody.
ID thieves are very inventive in trying to provoke consumers into disclosing
credit card information. On Oct 23, 2003, a new identity theft scam that
uses a sensational and upsetting email to attempt to shock consumers into
giving up valuable financial information is surfaced on the Internet.
The scammers' email states:
We have just charged your credit card for money laundering
service in the amount of $234.65 because you are either a child pornography
webmaster or deal with dirty money, which requires us to launder them
and then send to your checking account. If you feel this transaction
was made by our mistake, please press 'No.' If you confirm this transaction,
please press 'Yes.
If you press "No" you are asked to enter your credit card number and
expiration date in the form at the bottom of the email. The form with
this information must be filled out in order for the recipient to be able
to press "No" (and thus deny being involved in any of the criminal activities
mentioned in the message.)
The email scam was first reported in North Carolina by officials with
the Land-of-Sky Regional Council of Governments in Asheville and has since
been reported by recipients across the state.
e-commerse site users who receive this email should delete it and should
not attempt to respond in any way. Consumers who have responded to the email
and provided their credit card information should contact their credit card
company immediately.
Catherine, a recruiting
specialist, was out of work for nearly a year when a friend sent her
a job opening listed at Vault.com. Ready to try almost anything,
she quickly responded to the ad and e-mailed her resume, applying for
a position as "correspondence manager."
And just that quickly, she became
an unwitting member of an Internet scam that's being blamed for a half
billion dollars in attempted thefts from U.S. firms during the past
18 months. The crime has Internet merchants, along with the FBI
and U.S. Postal Inspection Office, fit to be tied.
Within days, before
Catherine even knew she had been hired, packages containing a digital
camera and a computer monitor arrived at her door. Her instructions
were simple: repack the items and ship them to an address in Russia.
For her trouble, she would earn 13 percent of the sale price. It seemed
reasonable enough, so she sent the package along.
Days later, she
got a phone call from a man who said he was told to wire $10,000
into her bank account.
"I had no idea
what he was talking about," she said.
Her caller was
an eBay.com user, who had recently won the bidding for a classic electric
guitar and then been told to wire the large payment to Catherine.
She was then instructed to move the money overseas, to an account controlled
by her new boss.
Catherine knew
right away something was terribly wrong. She called the FBI, which informed
her that she'd unknowingly helped a global crime ring. An agent then
told her the FBI had an ongoing investigation into the crime ring, and
asked that she "play along" with the con artists for a while in an attempt
to unearth more information about them.
Within a week,
dozens of packages and wire transfers were headed Catherine's way —
some $35,000 in money and merchandise in less than 10 days.
"These people are
very, very organized." she said.
Out of control
Catherine had unwittingly signed
up to be part of a new scam that's raging on the Internet, dubbed "postal
forwarding," or "reshipping fraud" by the U.S. Postal Inspection Service.
According to authorities, thousands of job seekers have been caught
up in the con.
"It's out of control,"
Barry Mew, spokesman for the Postal Inspection Service, said. "My phone
rings off the hook. ... There are hundreds more like (Catherine)."
At best guess,
Mew said, the con artists have already made off with between $5 million
and $10 million. One major credit card company has seen losses of $1.5
million to the scam, and a payment processing company for an Internet
site is out $1 million, he said. Mew declined to name the companies.
Some of the recruited
helpers are losing big money, too, Mew said. One woman passed on $25,000
to Eastern Europe before she caught on to the con. When one of the victims
who sent money to her stopped payment on his $2,500 check, his bank
withdrew the money from her account — leaving her with a $2,500 loss.
She had to sell a mutual fund devoted to her child's college education
fund to cover the loss, Mew said.
FBI spokesman Paul
Bresson said he couldn't comment on specific investigations, but that
the agency did have ongoing investigations into reshipping frauds.
"This is something
we are familiar with," he said.
'This
is a huge crime. It's phenomenal.
It's been hovering under the radar
a bit, but it's giant.'
— Susan Henson
spokeswoman,
Merchant Risk Council
|
|
|
During a sweep of Internet-related arrests
announced last month by the FBI, the agency issued a warning about reshipping
schemes. As part of that warning, the Merchant Risk Council, a non-profit
organization created by a consortium of electronic commerce firms, released
the results of a 120-day study of fraud at the top eight Web retailers.
The council found
5,000 consumers had participated in the scam from July to October, enabling
con artists to steal $1.7 million from those eight sites during that
120-day period. A host of other fraud attempts were stopped by the sites.
Total attempts to steal merchandise using the reshipping scam add up
to an estimated $500 million, said Susan Henson, spokeswoman for the
Merchant Risk Council.
"This is a huge
crime," Henson said. "It's phenomenal. It's been hovering under
the radar a bit, but it's giant."
The elaborate scam
is a mixture of credit card fraud, identity theft, and auction fraud.
The Net of victims is wide, ranging from eBay auction winners, to credit
card firms, to major online retailers. Catherine said she received packages
purchased from Amazon.com with stolen credit cards.
Amazon spokeswoman
Patty Smith denied the scam had hit online retailer very hard.
"This really isn't
a big issue for us," she said. "Our fraud detection systems are
sophisticated enough ... to catch these kinds of things."
But Jonathan Lane,
a fraud investigator for online retailer PCMall.com, said major Internet
retailers are indeed being hit by the scam.
"There's a substantial
number of merchants involved," Lane said.
Ads all over the Web
It starts with hundreds of recruiting
advertisements on job sites like Monster.com and CareerBuilder.com.
At any given time, Mew said, he can spot ads on 25 different Web sites.
Other victims have been approached in Internet chat rooms and pointed
directly to the fraudulent company's Web site, where the job postings
are listed.
The help wanted
advertisements are innocuous enough.
"Our company is
engaged in correspondence managing, distributing different goods worldwide,
buying and reselling these goods," says one version of the ad, which
appeared on CareerBuilder.com for about a week, until it was removed
after MSNBC.com brought it the Web site's attention.
Con
artists have even managed to change
billing addresses on stolen credit
cards to match with their recruits.
|
|
|
The ad explained the need for U.S-based
employees to ship products overseas: "Everybody knows Russia is a part
of Europe, but most of foreign people are afraid to have business with
{sic} country ... We would like to prove our respectableness, but when
we communicate with people from other countries they can't avoid stereotypes.
So, we are looking for the persons who can represent our company in
his country. Their duty will be to accept money and different goods,
because often people don't want to send money to my country."
Put simply, the
employees are used to move merchandise or money out of the United States.
But behind the scenes, the organized crime ring is using a variety of
confusing tactics.
One flavor of the
scheme is designed to circumvent fraud protections at mail order companies
and Web sites while stealing popular items such as handheld computers,
digital cameras and DVD players. To avoid raising suspicion, the con
artists make sure the shipping address -- the address of the "recruit"
-- is in the same state as the billing address on the stolen credit
card. To do so, the con artists have a wide variety of employees and
stolen credit cards to choose from. They have also managed to change
billing addresses on stolen credit cards so they match the recruit's
locale. Some 1,300 accounts were updated with new billing addresses
at one credit card company victimized by the con artists, Mew said.
Auction bidders,
such as the man who was trying to purchase a $10,000 classic guitar,
are also targeted. Con artists impersonate a recruit and place auction
items for sale. They then tell the winners to wire funds to the recruit's
U.S. bank account, avoiding any suspicions aroused by the mention of
overseas wire transfers. The recruit, of course, is then instructed
to wire the funds overseas.
Enticing terms
In tough economic times, the promise
of a 15 percent cut is enticing. Catherine wasn't the only one who fell
for the ad she answered at Vault.com. At one point, her new boss accidentally
sent a bulk e-mail that listed 17 other e-mail addresses, all recruits
who had signed up to work for the alleged company.
The homebound are
at special risk of being caught up in the scam, said PCMall's Lane.
"When the recruits
are Social Security recipients, people on disability, single parents,
and unemployed people from coast to coast, it's a story that hits pretty
hard," he said.
Not every recruit
catches on as quickly as Catherine. One California recruit sent 750
packages — average value, $1,500 — to Russia between October 2002 and
March 2003, Mew said.
While often not
legally guilty of theft, recruits are often guilty of falsifying government
documents, as they are instructed to declare the packages as "gifts"
on Customs forms. They might also be guilty of income tax evasion, Lane
said. And then there's the humiliation.
"Not only was I
arrested for theft by receiving," one anonymous victim posted to a Web
site, "[I] lost my computer, my dignity, the humiliation, my dog went
to the pound, had to bail him out to! Attorney cost $2000.00," he wrote.
"I was only involved with them for 3 weeks before I was arrested and
I only made $200.00."
Recruits are also
at risk of identity theft, since they usually give the con artists their
bank account information and other critical data while signing up for
the job. A victim named Brenda said that after she realized she'd been
scammed, and went to the police, the con artists threatened her.
"These people have
my identification; Social Security Number, address and handwriting sample,"
she said. "Since this investigation began, I have received emails
that state 'I KNOW WHO YOU ARE.' I fear for the safety of myself and
my family." She eventually moved, believing she wasn't safe at her old
address.
'It's
surreal. You're sitting here looking
for a job, and all these thousands
of dollars are slipping through
your hands.'
—
Catherine
recruited
to work for online scam
|
|
|
Catherine said she received calls from
dozens of angry auction winners as she played possum for the FBI.
When she tried to explain she was an unwitting character in the con,
many didn't initially believe her.
"I was getting
threats from people saying, 'I'm going to sue you,' " she said.
"It's surreal. You're sitting here looking for a job, and all these
thousands of dollars are slipping through your hands." Her bank
ultimately accepted about $4,000 in wire transfers, even though she
told the firm to reject all wire payments. Meanwhile, she lost the $108
she spent shipping the initial package to Russia. She also learned
a disturbing lesson about human nature when she sent an e-mail to all
her 17 "co-workers," warning them that the job was really a scam.
"One guy wrote,
'I don't care where the money is coming from,' " she said. "It's amazing
this person wrote this to a stranger. The FBI's going to take a look
at him."
Surfers
trust online job postings
Pam Dixon, executive director of the
World Privacy Forum, said she has been studying the growing help wanted
scam for several months. It works because unemployed people are vulnerable
and an easy target for con artists, she said. One victim she spoke to
"had been out of work for a year. That's a common factor," Dixon said.
"We are capable
of extraordinary rationalization" when unemployed, she said.
'There’s
no job at home receiving and forwarding
packages. ... People like to think
there are jobs like that, and that’s
why it's so successful.'
— Barry Mew
spokesman,
Postal Inspection Service
|
|
|
Making matters worse, online job sites
often give users a false sense of security, Dixon said, because consumers
have the impression the ads have been vetted by the site -- as newspaper
classified ads often are. What's more, many surfers arrive at
CareerBuilder.com by clicking "help wanted" buttons while browsing local
newspapers online, as the sites act as the employment section for hundreds
of newspaper Web sites around the country. CareerBuilder.com is owned
by newspaper conglomerates Gannett, Knight-Ridder, and The Tribune Company.
"I believe there's
an implied trust when job seekers go there," Dixon said.
Jenni Sullivan,
a spokeswoman for CareerBuilder.com, said her company has employees
who regularly review job listings on the site for fraud.
"Customer service
representatives use different search methods. ... They continually monitor
the site and if they come across anything suspicious they take immediate
action," she said. "This is not as prevalent as I believe other
people are saying it is. We haven’t seen an indication that there’s
been a rise in this activity (at CareerBuilder)."
Monster.com spokesman
Kevin Mullins said some of the fraudulent ads have been placed on his
company's site, but said their appearance is "rare."
"Most often we
take the job down within a couple of hours," Mullins said.
The use of fraudulent
postal forwarding companies in a scam was
first
chronicled in April by MSNBC.com, but there is evidence the
crime rings has been operating since April 2002, Lane said.
Mew said said he's
not optimistic the criminals will be caught any time soon; only consumer
education can even slow them down.
"We need to educate
the masses. There’s no job at home receiving and forwarding packages,"
Mew said. "And there's no job sitting at home receiving money
and sending the money to Eastern Europe. People like to think there
are jobs like that, and that’s why it's so successful."
In case of broken links
please try to use Google search. If you find the page please notify
us about new location
http://pages.ebay.com/education/spooftutorial
Learn how you can protect yourself from spoof (fake) emails at:
Bankrate.com
has a list of common e-mail scams. Jusr serach the site for the work 'scams"
FTC Dirty Dozen 12 Scams Most Likely To Arrive Via Bulk Email
AT&T
Fraud Education At Home
Nigerian "Frozen Assets" Scams - UM Virus Busters
www.scamorama.com
Copyright © 1996-2009 by Dr. Nikolai Bezroukov.
www.softpanorama.org was
created as a service to the UN Sustainable Development Networking Programme (SDNP)
in the author free time.
Submit
comments This document is an industrial compilation designed and created
exclusively for educational use and is placed under the copyright of the
Open Content License(OPL).
Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made
for educational purposes only in compliance with the fair use doctrine.
Disclaimer:
- The statements, views and opinions presented on
this web page are those of the author and are not endorsed by, nor do they necessarily
reflect, the opinions of the author present and former employers, SDNP or any other
organization the author may be associated with.
- We do not warrant the correctness of the information provided or its
fitness for any purpose
- In no way this site is associated with or endorse cybersquatters
using
the term "softpanorama" with other main or country domains (e.g. softpanorama.com) with
bad faith intent to profit from the goodwill belonging to
someone else.
Last modified:
December 28, 2008
