Phishing & Spoofing Alerts - Please Do Not Link Directly

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
mike
Contributor
Contributor
Posts: 452
Joined: 20 Mar 2005 14:42

Post by mike »

bipendifudi wrote:PS To date, i hae NEVER made an on-line purchase, because that has in the past turned out to be the biggest problem when the info is stolen from the company you happen to buy on-line.
Have a nice day!
I have but very few transactions.

I do not trust this way of buying. Every now and again one hears of laptops with confidental data being left in cars and stolen.

I do not even do on line banking.

Call me old-fashioned but we all managed very well before the internet showed up.
Last edited by mike on 21 Nov 2005 13:42, edited 1 time in total.
User avatar
Norbert Schlenker
Veteran Contributor
Veteran Contributor
Posts: 7960
Joined: 16 Feb 2005 09:56
Location: An Argument Surrounded By Water
Contact:

Post by Norbert Schlenker »

A paypal phish to FWF administration's email this a.m. Note the peculiar return address. Note that FWF doesn't have a Paypal account.
From: service@paypal.com [pp@paypalssl.com]

As part of our security measures, we regularly screen activity in the PayPal system. We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

We have reason to believe that your account was accessed by a third party. Because protecting the security of your account is our primary concern, we have limited access to sensitive PayPal account features. We understand that this may be an inconvenience but please understand that this temporary limitation is for your protection.

Case ID Number: PP-104-695-073

This is a reminder to log in to PayPal as soon as possible.

Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.

Follow the link bellow to proceed
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run

In accordance with PayPal's User Agreement, your account access will remain limited until the issue has been resolved. Unfortunately, if access to your account remains limited for an extended period of time, it may result in further limitations or eventual account closure. We encourage you to log in to your PayPal account as soon as possible to help avoid this.


--------------------------------------------------------------------------------
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.
Nothing can protect people who want to buy the Brooklyn Bridge.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

phisherperson wrote:Follow the link bellow to proceed https://www.paypal.com/cgi-bin/webscr?cmd=_login-run
Norbert, it got lost in the cut-and-paste here, but if you go to the original e-mail and examine the URL behind the link you'll also see that it goes, not to paypal.com, but to http://24.2*7.2*0.2*6/~test/.ws/

(I've *'d out some of the IP so that no one inadvertently goes to the phishing site.)
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

Hah! I get them too!
I especially like the "Follow the link bellow to proceed"

Their link (which I've never visited) looks real :D

fightidentitytheft.com has a picture.
User avatar
yielder
Veteran Contributor
Veteran Contributor
Posts: 4911
Joined: 16 Feb 2005 07:47
Location: Hastings, Ontario

Post by yielder »

And this one that I got this morning asking me to **Validate Your RBC Account** which would be a tad difficult to do since I don't have an account there. It's not all that well done because the RBC logo is distorted horizontally.

Image
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

I'm not sure if this belongs here or in the BCE thread or if I should start a new thread called something like "Boneheaded Corporate Move-of-the-Day" but this came in my e-mail:
Thank you very much for your participation in the Bell.ca Customer Advisory Panel. Your feedback is important to us.

In the interests of improving Bell.ca, we are conducting a survey with panel members. We’d like to give selected panel members a sneak preview of the new Bell.ca and get your feedback.

The survey should take about 10-15 minutes to complete. Everyone who completes the survey will be entered into a draw to win a GRAND PRIZE of an Apple iPod (valued at approx. $250) or one of three prizes of $100 music downloads from the Sympatico Music Store.

All information will be treated confidentially and used for research purposes only.

To continue, please click the link below, or copy and paste it into your browser, to access the survey. Your will also find your password to access the survey below.


Survey URL: : http://ws4.voxco.com/intweb.dll/online/phase5/bell_personal_e
Password: ******
Yeah, voxco.com is a market research company. But for Bell to use such a URL in the midst of all the publicity over phishing exploits is bonehead stupid. And what's even more stooopid than that? Well that link takes me to a live beta version of their new customer service website. The first thing the survey instructions want me to do there is to login using my real account and password. Duh!

P.S. You too can be one of the first million people to get a sneak preview of Bell's new site. And you can do it by going to a legitimate bell.ca url: http://www1.bell.ca/
Sedulously eschew obfuscatory hyperverbosity and prolixity.
pitz
Veteran Contributor
Veteran Contributor
Posts: 2878
Joined: 27 Oct 2005 18:41
Location: Canada/Costa Rica

Post by pitz »

I received a very sophisticated and slick one impersonating RBC Royal Bank yesterday.

For 'fun', I decided to actually try using it, on another computer, with completely fake information. Of course, the tipoff was the fact that it came from a host entitled "megastorm.xtardns.com", 70.86.90.18 in the SMTP headers, but it led me to this URL:

Deleted by moderator. Please do not link directly to the site. Use a picture which is safe.

-- another dead giveway, as obviously RBC's login-screen uses https, ie: SSL (Secure Sockets Layer) for customer transactions.

So I enter completely fake data, and remarkably, I get into something that looks incredibly like their website. The site starts asking me things such as verification questions, etc. At that point I quit, but quite frankly, I have yet to see a site that scared the bejezus out of me quite as much as that one.

I see RBC Corporate Security has arranged for the entire domain of rbcroyalbk.com to be wiped from the WHOIS database and the nameservers (DNS system) of the Internet, limiting potential damage. Kudos to them, but the industry really has got to become 100% serious about security on all levels, even if it involves spending big money on new IT projects and accelerating biometric verification procedures.
User avatar
yielder
Veteran Contributor
Veteran Contributor
Posts: 4911
Joined: 16 Feb 2005 07:47
Location: Hastings, Ontario

Post by yielder »

Got this one this morning. Every link leads to this page which is not an eBay page. It appears to be prison ministry.:shock: What's interesting is that I currently have an item that I'm selling on eBay. I wonder if this was a coincidence. :?: :?: :?:



Image
User avatar
picard
Contributor
Contributor
Posts: 411
Joined: 27 Feb 2006 17:12
Location: Canada

Post by picard »

this is a scam to steal your identity.
George$
Veteran Contributor
Veteran Contributor
Posts: 2612
Joined: 18 Feb 2005 20:46
Location: Toronto

Post by George$ »

This morning I received one with the following text (with realistic graphics):
From: TD Canada Trust

Sent: Tuesday, March 07, 2006 10:00 AM
Subject: TD Canada Trust Account Information

--------------------------------------------------------------------------------
personal & business account

Security Alert
Please note that Your TD Canada EasyWeb Online Account is about to expire. In order for it to remain active, please use the link below to proceed and access Your Account.

https://easyweb.tdcanadatrust.com/
In reporting it to TD Trust I received the following reply ---
Thank you for writing us about the email you received. I certainly
understand your concern and appreciate the time you've taken to bring this
matter to our attention.

The email you received is not associated with TD Canada Trust. It is an
example of a type of fraud called Phishing, whereby there is an attempt
made to obtain your confidential information through a fake website. TD
Canada Trust will never ask you to verify your confidential information via
email.

Please note that this instance is currently under investigation. The
criminals who sent you the message have no idea who you are, or if you have
accounts with TD Bank. The fraudulent emails are mass mailed to sometimes
randomly generated email addresses, or addresses found in online lists. As
long as you do not respond to the message and provide your information,
there is no cause for concern. Please feel free to forward such messages to
customer.service@td.com if you should receive them in the future.

We are now offering a new free security tool (for Internet Explorer 5 for
Windows and above users) called Web Caller-ID, which is available at:

http://www.tdcanadatrust.com/ebanking/webcallerID.jsp

Web Caller-ID will assist you in identifying phishing or spoofed websites
should you navigate to them accidently or click on a link in a fraudulent
email you receive. It also helps report the site with the click of a
button.

I hope this direction is helpful. Thank you for bringing this issue to our
attention.
User avatar
Norbert Schlenker
Veteran Contributor
Veteran Contributor
Posts: 7960
Joined: 16 Feb 2005 09:56
Location: An Argument Surrounded By Water
Contact:

Post by Norbert Schlenker »

Most of us by now know these insipid scams are nothing more than fodder for the delete button. But every once in a while, a real gem of the genre sneaks past the spam filter and talks a good enough game to give even a twitchy trigger finger pause.

I recently received one like that. It was purportedly from PayPal, and that alone raised my suspicions. But this one was different. Instead of pretending to be another ho-hum warning about an account problem, it masqueraded as a receipt for a $410.55 credit card purchase of a "Microsoft Xbox 2360 Premium Edition System" paid through PayPal. The e-mail subject line read: "Receipt of your payment to gamerslair," and inside it showed the seller's e-mail as sales@gamerslair.com (the e-mail of an actual company in Canada).

Despite my doubts, there was just enough of a hint that maybe a crook was using my credit card that I looked it over. Inside, it didn't start with the usual "Dear PayPal User" -- a reliable clue that an e-mail is definitely not from PayPal and should be sent directly to Spam Hell. This one greeted me by name. Under Shipping Information, it even listed some shnook in Concord, N.C., as the guy getting the Xbox 360 I was supposedly paying for.

But just as my blood pressure began to rise, I spotted a flaw. The message at the bottom of the e-mail read as if it came from some parallel consumer universe where -- you'll love this! -- refunds are actually simple matters. "If you haven't authorized this charge," states the e-mail, "click the link below to cancel the payment and get a full refund."...
Sneakier all the time (WashPost)
Nothing can protect people who want to buy the Brooklyn Bridge.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

inside it showed the seller's e-mail as sales@gamerslair.com (the e-mail of an actual company in Canada)
I got one yesterday from '"Royal Bank Of Canada" <accountserv@royalbankofcanada.com>' with a Subject of "Online Banking Account Update." Inside was a very legitmate-looking [I'm posting only the text, not the graphics and links]
Online Services 1 800 769-2555

Dear Sir/Madam,

RBC Financial Group always looks forward for the high security of our clients. Some customers have been receiving an email claiming to be from RBC Financial Group advising them to follow a link to what appear to be a RBC Financial Group web site, where they are prompted to enter their personal Online Banking details. RBC Financial Group is in no way involved with this email and the web site does not belong to us.

RBC Financial Group is proud to announce about their new updated secure system. We updated our new SSL servers to give our customers a better, fast and secure online banking service. Due to the recent update of the servers, you are requested to please update your account info at the following link. https://www1.royalbank.com/english/netaction/sgne.html

RBC Financial Group
Security Advisor

This web site is operated by Royal Bank of Canada
Privacy | Legal | Trade-marks & Copyrights | Online Banking Security ® Royal Bank of Canada 1996, 2002
Now apart from the giveaways (a) that I'm not an RBC customer, (b) the generic Dear Sir/Madam (c) the "®" that should be a "©", (d) the lousy grammar, etc. it turns out that the domain name, royalbankofcanada.com, while it looks like it might belong to RBC, actually doesn't nor is there even a real website there (try http://www.royalbankofcanada.com/ ). The domain is owned by:
Oversee.net
818 W 7th Street
Suite 700
Los Angeles, CA
US
Also the link to "https://www1.royalbank.com/english/netaction/sgne.html", which is RBC's real signon page, has an underlying URL that goes to a fake RBC website whose ISP is in Paris.

BTW the 1-800 is legit -- it actually goes to RBC's security department -- as are the links to Privacy, Legal etc.

Be careful. It's a dangerous world out there.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
Gus
Veteran Contributor
Veteran Contributor
Posts: 2311
Joined: 11 Mar 2005 13:01
Location: Salt Spring Island, BC

Post by Gus »

Here's a good one, it had me wondering for a minute or two. There's a degree of subtlety here: they don't actually say that there is an unclaimed inheritance to be picked up: they just provide the rather heavy hint that the deceased was an art dealer. They also just want a yes or no answer; presumably, they will set the hook firmly with a follow-up email once their target has obligingly confirmed that they are gullible, greedy and dishonest.

I have a fairly rare surname, so when I first read this I assumed that these people might have targeted me because of this, which added a certain authenticity to the message.

There are a number of tell-tale signs that this is a scam: the lack of personalization of the message; the lack of websites or mailing addresses; the use of generic email addresses; the spelling of "Piere". The give away is the "Respectful Greetings" at the beginning, which no Brit would use in business correspondence.

But they are getting better all the time...

Link to jpeg image of message: http://i2.tinypic.com/t983ee.jpg
Money ain't got no owners, just spenders. Omar Little
User avatar
dakota
Veteran Contributor
Veteran Contributor
Posts: 3270
Joined: 27 Feb 2005 12:00
Location: Bay of Quinte

Post by dakota »

Shees...with all the hits maybe they're getting addresses from this forum. :wink:
A fool and his money are lucky to get togethere in the first place
worthy
Veteran Contributor
Veteran Contributor
Posts: 4117
Joined: 27 Mar 2005 09:58

Post by worthy »

getting better all the time...
OTOH, there is a Stephen Bland & Co. chartered accountancy in Ealing. But it is evidently unknown to the Institute of Chartered Accountants in England and Wales.
"Every decent man is ashamed of the government he lives under." H.L.Mencken
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

If it sounds too good to be true...
Richard Johnson <richjohnson@ozu.es>
25/04/06 08:50
To: ********
Subject: Notification Of Next Of Kin

Dear Beneficiary,
It is with a deep sense of urgency that I write you.
On January 31st in the year 2000, tragedy struck and if you can recollect fully, the tragic incident was the fatal air mishap of Alaska airlines flight 261 from Puerto Vallarta, Mexico enroute sanfrancisco and Seattle.
Eighty-eight people were onboard that flight, eighty-three passengers and five crew members, none of them made it alive.
Onboard that ill fated flight was a worthy and highly respected customer with caixacatalunya bank of Spain in the name of Morris Thompson. He was onboard that flight in the company of his wife Thelma and his only child Sheryl Thompson. They had been in Mexico for vacation as at that time.
Let me add here that I had the rare privilege of meeting late Morris Thompson on two occasions and I can attest to the fact that he was a very fine gentleman, very simple, very humane and admired by all.
He was one of the state of Alaska most wealthy
businessmen and prominent native.
Late Thompson had in a domiciliary account with caixacatalunya bank of Spain a certain amount totalling eight million, nine hundred and seventy-five thousand ($8,975,000.00)
It would interest you to know that late Thompson had appended the name of Sheryl and yours as his next of kin and for whatever reasons late Thompson may have had to include your name as next of kin no one can question.
Consequently, Sheryl Thompson demise now leaves you as the sole beneficiary and next of kin to the said funds in the account of Late Thompson.
Frantic efforts has been made since then to locate you and the delay was actually to ascertain the authenticity of your name as the true next of kin to Morris Thompson and you must forgive us for contacting you this late.
Once again, accept my deepest apologies for the delay in reaching you.
On receipt of your acknowledgement of this mail, you can reach me at your earliest possible convenience.
Warm regards,
Richard Johnson
Sedulously eschew obfuscatory hyperverbosity and prolixity.
tedster
Veteran Contributor
Veteran Contributor
Posts: 8515
Joined: 27 Feb 2005 10:11
Location: Montreal

Phishing!

Post by tedster »

I just received my first from someone who claimed to be part of the Caisses Desjardins. I of course did not respond but I think we are supposed to send these to the OPP or RCMP. Does anyone have their email address? TIA
jiHymas
Veteran Contributor
Veteran Contributor
Posts: 1581
Joined: 03 Mar 2005 10:21
Location: Toronto
Contact:

Post by jiHymas »

Your first? You're lucky - I get five or ten a day, mainly regarding eBay and Paypal ... a few with Amazon, and then some scattered "well, it's worth a try" ones from banks I've never heard of.

I forward them all to 'spoof@XXX', e.g., spoof@ebay.com, and suggest you do the same thing with yours. The company's going to be a lot more concerned about the matter than the police.
tedster
Veteran Contributor
Veteran Contributor
Posts: 8515
Joined: 27 Feb 2005 10:11
Location: Montreal

Post by tedster »

Why would I send it to ebay when it did not come via them?
User avatar
Shakespeare
Veteran Contributor
Veteran Contributor
Posts: 23396
Joined: 15 Feb 2005 23:25
Location: Calgary, AB

Post by Shakespeare »

James meant send it to the real company, not the fake one. In your case, Caisse Desjardins.
Sic transit gloria mundi. Tuesday is usually worse. - Robert A. Heinlein, Starman Jones
tedster
Veteran Contributor
Veteran Contributor
Posts: 8515
Joined: 27 Feb 2005 10:11
Location: Montreal

Post by tedster »

Boy am I thick! lol. Good idea. I will do so.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

Shakespeare wrote:James meant send it to the real company, not the fake one. In your case, Caisse Desjardins.
I did that once (to TD: TD_Phishing__Reports@TD.COM)

Even dug out the e-mail headers and the raw HTML in the body of the message, highlighting the interesting parts like the sender's IP in Russia and the fake TD link to a site in the Ukraine. I did get a personalized acknowledgement from a "real" individual, but it was obvious that they didn't understand an iota of what I was trying to convey to them :(
Sedulously eschew obfuscatory hyperverbosity and prolixity.
tedster
Veteran Contributor
Veteran Contributor
Posts: 8515
Joined: 27 Feb 2005 10:11
Location: Montreal

Post by tedster »

well when I got on to the Caisse Desjardins site, I discovered that they have a special email address for phishing reports.
jiHymas
Veteran Contributor
Veteran Contributor
Posts: 1581
Joined: 03 Mar 2005 10:21
Location: Toronto
Contact:

Post by jiHymas »

Bylo Selhi wrote:I did get a personalized acknowledgement from a "real" individual, but it was obvious that they didn't understand an iota of what I was trying to convey to them :(
I wonder ...

I'm sure (with no other than reason other than it sounds logical) eBay and Paypal have a highly computerized system that scans the spoof, forwards an alert to the website's host and sticks the address in a tickler file for IT/Legal to deal with if it's not shut down forthwith.

Maybe you just got the clerk-in-charge-of-thanking-people.
blonde
Veteran Contributor
Veteran Contributor
Posts: 3250
Joined: 19 Feb 2005 13:43
Location: Calgary area

Post by blonde »

tedster wrote:Boy am I thick! lol. Good idea. I will do so.
er, ah,....hey!...I didn't say a thing...
Post Reply