Phishing & Spoofing Alerts - Please Do Not Link Directly

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
tedster
Veteran Contributor
Veteran Contributor
Posts: 8515
Joined: 27 Feb 2005 10:11
Location: Montreal

Post by tedster »

er, ah,....hey!...I didn't say a thing...
Keep up the good work. lol
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

This is nothing new, but it arrived a couple of hours after I paid for something using PayPal. (The hotlinks point to a bogus site.)

Image
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

Yet another one of them thar PayPal e-mails:
------------------------------------------------------------------------------
Dear Paypal User,
In accordance with our major database relocation ... blah blah blah

Choosing to ignore this message will result in a temporary suspension of your account within 24 hours ... blah blah blah

Thank you for using PayPal!
The PayPal Team

------------------------------------------------------------------------------
I notice that the e-mail says: "Dear Paypal User" ... a bad sign.
I forward the e-mail to spoof@paypal.com and get this reply:
------------------------------------------------------------------------------
Dear Peter Ponzo,

Thank you for contacting PayPal about a fraudulent (spoof) email or Web
site. We appreciate you bringing this suspicious email to our attention.

We can confirm that the email you received was not sent by PayPal. Any
website which may be linked to this email is not authorized or used by
PayPal.

Our fraud prevention team is working to disable any website linked to
this email. In the meantime, please do not enter any information into
this website. If you have already done so, you should immediately log
into your PayPal account and change your password, as well as your
security questions and answers. We also recommend that you contact your bank and credit card company immediately.

Please follow the instructions below to report an unauthorized
transaction associated with your PayPal account:

If you are able to log into your PayPal account:

1. Log in to your account at https://www.paypal.com
2. Select the "Resolution Center" subtab.
3. Click "Open a dispute."
4. Select "Unauthorized transaction," then click "Continue."
5. Enter or select the transaction ID for the transaction you would like
to dispute, then click "Continue."
6. Complete the report for Unauthorized Use on a PayPal Account, then
click "Continue."
7. Confirm that the claim is correct, then click "Submit."

If you cannot log in to your account, follow the instructions below to
report an unauthorized transaction associated with your PayPal account:

1. Go to https://www.paypal.com/
2. Click on the "Security Center" link located at the bottom of any
page.
3. Under the "Report a Problem" column, click on "Unauthorized
Transaction."
4. Click "Continue" under "Unable to log in?"
5. Confirm that the transaction in question is unauthorized then click
"Continue."
6. Complete the report for Unauthorized Use on a PayPal Account, then
click "Preview."
7. Confirm that the claim is correct, then click "Submit."
8. Confirm your account ownership by entering the financial information
requested, then click "Continue."

Lastly, we recommend taking a few steps to protect yourself from
identity theft:

1. Download the SafetyBar, a toolbar for Outlook and Outlook Express,
which identifies known spoof emails.
2. Get eBay Toolbar with Account Guard which warns you when you're on a
potentially fraudulent (spoof) Web site.
3. Sign up for Equifax Credit Alerts for PayPal Users, a program that
provides an early warning detection system in the event of identity
theft. Find out more by visiting the PayPal Identity Protection Center
at www.paypal.com/idprotection.
4. Frequently monitor your PayPal account for suspicious activity.

For additional tips please visit the PayPal Security Center at
https://www.paypal.com/security.

Thank you again for sending us your report. We appreciate your efforts
to keep PayPal safe.

Sincerely,
PayPal Account Review Department
User avatar
dakota
Veteran Contributor
Veteran Contributor
Posts: 3270
Joined: 27 Feb 2005 12:00
Location: Bay of Quinte

Post by dakota »

Dear PayPal . valued member,

Due to concerns we have for the safety and integrity of the PayPal
community we have issued this message.

It has come to our attention that your PayPal account information needs to be updated.
If you could please take 5-10 minutes out of your online experience and update your
records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension.
Please update your records by August 20 2006.

Once you have updated your account records your PayPal account will not be
interrupted and will continue as normal.
Please follow the link below
and update your account information.
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run


PayPal Service Department

Guess I'll have to open an account so I can do that for them :lol:
A fool and his money are lucky to get togethere in the first place
User avatar
angelocardoc
Contributor
Contributor
Posts: 108
Joined: 04 Apr 2005 00:13

Post by angelocardoc »

Hi

I recently put an add in a paper to sell some junk I have lying around.
Looks like the scam artists are looking for suckers everywhere.
Here's the response I got from the supposed buyer...

Message:

hello seller, i saw your advertisement on this items in which l'm have interest on it,i wish to know the condition of the items.l am very serious wet your ltem,l will transfer money to your account you will sulely receive your money and l we need your bank detal so that l can order my bank to tranmsfer the money to your account with your full name and yourhome address with country and your zipcode so that l can forword your informition to my bank for the transferand l we give you 60 dollar for the shiping cost to Nigeria and you we see your money in your account.you can via me back through this mail and i wish to purchase it at the rate of your price.thanks.
User avatar
kcowan
Veteran Contributor
Veteran Contributor
Posts: 16033
Joined: 18 Apr 2006 20:33
Location: Pacific latitude 20/49

Post by kcowan »

angelocardoc wrote:I recently put an add in a paper to sell some junk I have lying around.
Looks like the scam artists are looking for suckers everywhere...
I have items in list4all.com and innlog.com and both attract these mailings.
The trick is that they never refer to a specific item so I just ignore them. I have to open them though...
For the fun of it...Keith
User avatar
dakota
Veteran Contributor
Veteran Contributor
Posts: 3270
Joined: 27 Feb 2005 12:00
Location: Bay of Quinte

Post by dakota »

Thieves drain two online accounts
IDA says tens of thousands taken Warning issued

to Internet traders
Aug. 25, 2006. 07:06 AM
TARA PERKINS
BUSINESS REPORTER


The Investment Dealers Association of Canada issued a warning to online traders yesterday after two accounts were broken into and wiped out in recent days, and the hijacker or hijackers reinvested the money in over-the-counter stocks.

Authorities suspect the aim was to manipulate the price of the over-the-counter stocks that had been invested in, at least one of which was issued by a Canadian-based company.

Passwords had been obtained to get into the discount brokerage trading accounts, but the IDA isn't sure how.

One possibility is that invasive software was used to monitor keystrokes on home computers.

Another theory is that an individual or individuals were "phishing" for the passwords and log on information by sending an email that purported to be from the discount brokerage firm and asked the victims to confirm their identity details.

Another possibility is that corporate websites were compromised so that when clients attempted to log in, their information was captured on a pirate site.

The Investment Dealers Association said that at this point there is "no suggestion that the security of member firms' online systems has been compromised."
http://www.thestar.com/NASApp/cs/Conten ... 9048863851

So far my little portfolio is still intact 8)
A fool and his money are lucky to get togethere in the first place
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

This is potentially even more serious than some may imagine. If you follow the IDA's advice to check your account balances daily you could still miss a hijack. That's because e.g. TD Waterhouse's standard portfolio summary shows balances as of close of business the previous day, so if someone has liquidated your account today (or within the T+3 settlement period) you won't see any indication unless you drill down into pending transactions or real-time balances. Dunno if other brokerage's online systems work the same way.

Also, from the Star's article, note, "[Vice-president of enforcement at the IDA Alex] Popovic said victims could examine contract details with the brokerages." What all contracts say is that if you give someone else your account and password, such as what happens when you get victimized by a phisher or a keylogger, then your broker is off the hook to make you whole. Scary, eh?
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
gyrfalcon
Contributor
Contributor
Posts: 644
Joined: 22 Feb 2005 12:51

Post by gyrfalcon »

yielder wrote: Paypal was quick (within 2 minutes) to confirm that it was a scam when I forwarded it to them. When I clicked on the link my trojan tracker immediately caught a trojan. (I would not recommend that people try this unless they're pretty confident in their software's ability to catch nasties and have backups just in case they need to restore their system.)
I just want to pick up on this POINT about clicking thru these, to see where they go. Many of us here "know" we won't be taken in & will not give any personal info.

When I reported an obvious Spoof to eBay last week, the confirmation included the comment that IF YOU CLICK ON ANY LINK in many of these Spoofs today, a KEYSTROKE LOGGER will be installed on your PC. And in fact, I got the impression they meant that may be the ONLY aim of some of these.

We all need to realize, it's hard to be as devious as these ****ards, when you really aren't. :(
User avatar
angelocardoc
Contributor
Contributor
Posts: 108
Joined: 04 Apr 2005 00:13

Post by angelocardoc »

Every few months I reformat my computer.
It gets rid of everything and I reinstall Windows fresh.

I don't think McCafee and Norton antivirus programs can possibly keep up with all the viruses, spam-ware, ad-ware, etc, out there.
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

Here's one I ain't seen before:
--------------------------------------------------------------
Image

Image
--------------------------------------------------------------
Beware those that click Cancel Transaction ! :D
brucecohen
Veteran Contributor
Veteran Contributor
Posts: 13310
Joined: 20 Feb 2005 16:47

Post by brucecohen »

This was on the For Advisors Only board this morning.
Hello, All,

It seems that someone has hacked into Capital One's computer or server system and they are being a bit less than forthcoming about it. I received an e-mail today that was not of the usual "phishing" variety. It not only had my correct e-mail address, but also the last four digits of my actual credit card number, which lent more-than-usual legitimacy, with a "your statement is ready to be accessed online" message, as legitimate banks often send. However, the link enabling one to save time by logging in directly from the e-mail was something illegitimate. Since it was capitalone.(numerical untraceable domain).com I did not click it.

When I called Capital One to ask them about this, they at first claimed that it was because the last four digits of a credit card number are reported to the respective credit bureaux. However, my question about how they got my e-mail address to match with a portion of my real account number (which would never be the case in a standard phishing attack) was met with stony silence. I said, "they have hacked into your computers, haven't they?" The response? "These are criminals, and we are trying to find this out now."

So, I just thought I would warn all on this forum, since a phishing attack that has both your legitimate e-mail address AND your actual credit card suffix is so unusual that it might catch you off guard. And, also, to let you know that Capital One isn't telling people about it. There is no message about this specific threat, just a general statement about phishing that does not identify this situation where a hacker has seemingly obtained specific accountholder information.

Regards, Kent Jacobson

re: Capital One Mastercard warning 2006-12-14 20:05:00 <James Cousineau>


Thanks Kent for the caution on the Capital One Mastercards phishing scam. It is obvious that someone has done a good hack job into part of their database structure. Just like large government, though, "Deny, Deny, Deny".

It is always best to err on the side of caution for any financial information/transactions/accounting. The banks and credit card companies never send out such emails - just as a matter of simple security.

I do transactions daily, every day, online ... banking, credit card purchases and receiving payments. Never any problems, but we are fully knowledgeable in the security aspects of it all. In fact I would rather do a transaction online than handing/exposing my card to a real person. OK .. I'm a Geek!

As a side note to your caution to all, I might add to NEVER follow a link in such an email - even if it looks totally legitimate. If you have any concern always login to your online financial account through the URL link you always use. Then you can establish if anything is wrong. Always monitor your online accounting/transactions, and ALWAYS report such emails to your bank/card company. Every institution has links on their websites to report these things.

Microsoft has introduced Anti-Phishing filters:
http://www.bgs-support.com/antiphishingms.html

Firefox Users aren't left out:
http://www.bgs-support.com/antiphishingff.html

Note that Netcraft has anti-phishing plugins for both IE and FireFox .... but it still takes education.

I think I better create a mini-course on personal financial 'digital' security for the financial planning industry. Been on my mind for some time now and maybe the time is now.

Considering that the vast majority of users (agents, planners, or just the regular consumer - all cut from the same cloth) are usually (80%-85%) computer and Internet illiterate (technophobic in many cases), so an educational report is due. All technical knowledgeable contributors are welcome to put in their 2 cents worth, with due credit for contribution. My personal background is technical, editorial and educational, so I'll do a professional job of it :)

This isn't a plug for a sale, as it would be free for all - and even for your clients.

A quick slap to the side of my head as I tell myself that I've got enough on my plate to do, but ...... a bit of 'pay-it-forward'.

Jim Cousineau
james@infotrendscanada.com
www.InfotrendsCanada.com
www.The-Educated-Insurance-Agent.com
866-897-3674
User avatar
Norbert Schlenker
Veteran Contributor
Veteran Contributor
Posts: 7960
Joined: 16 Feb 2005 09:56
Location: An Argument Surrounded By Water
Contact:

Post by Norbert Schlenker »

As if there weren't enough things to worry about.

Attack of the Zombie Computers
Nothing can protect people who want to buy the Brooklyn Bridge.
User avatar
Arby
Veteran Contributor
Veteran Contributor
Posts: 3125
Joined: 20 Feb 2005 19:23
Location: Ottawa, ON

Post by Arby »

Here's one person who won't be doing any more phishing for a looooong time ....
AOL phisher faces up to 101 years in prison
By Joris Evers, CNET News.com
Published on ZDNet News: January 16, 2007, 3:14 PM PT

A California man faces up to 101 years in federal prison after a jury found him guilty of sending out e-mail scams as well as related crimes.

Jeffrey Brett Goodin, 45, of Azusa, was convicted Friday on multiple counts by a jury in the U.S. District Court for Central District of California in Los Angeles, the U.S. Attorney's Office said in a statement.

Goodin, who was arrested last year, was found guilty of operating a sophisticated phishing scheme, the prosecutors said in the statement. As part of the scam, he sent e-mails posing as AOL's billing department to trick people into giving up their credit card information, according to the statement. He then used the credit card data to make purchases, prosecutors said Tuesday.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

Many net users 'not safety-aware' [my bold]
Fewer than half of the UK's 29m adult internet users believe they are responsible for protecting personal information online, a survey suggests... "We don't blame the police when we get burgled and we must take responsibility for what we do online in the same way we do for securing our houses and cars."

Some 48% of the internet users surveyed online between 2 and 5 March felt they were primarily responsible for the online safety of their personal information. One in six thought it was their bank which was wholly responsible, while 13% thought it was up to their internet service provider...

Other key findings of the survey include the discovery that 18% had responded to spam messages. A further 10% had clicked on a link in a spam message. Almost 50% do not have anti-spyware, while 13% of broadband users do not have a firewall on their PC. Some 53% of the those surveyed said there should be a standard internet safety test - much like the driving test - for web users...
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

Whooeee!
My email address has been selected from jillions and I've just won 150,000 GBP.
Indeed, they send me a certificate to verify my winnings.
It has my winning ID number and other neat info.

'course, I gotta pay fer that certificate, eh? :lol:
User avatar
arthur
Veteran Contributor
Veteran Contributor
Posts: 4620
Joined: 19 Feb 2005 13:10
Location: The Town of the Blue Mountains

Post by arthur »

Trout are running, I'm going phishing with my Phriends.

Nothing better than a 4 pounder on the BBQ with REAL Charcoal, not the woosy Gas Grills. :thumbsup:
You want the truth, you want the truth, you can't handle the truth.

The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.

If you do not risk anything , you risk even more. Jong
habanero
Contributor
Contributor
Posts: 70
Joined: 15 May 2006 09:33

Post by habanero »

Not for the easily offended (and this may have been mentioned before) but there are groups of people currently spamming the spammers. Their sole objective is to get the spammers to waste as much time and money as possible in pursuit of their "prospect".

One individual had the spammers recreate the "Dead Parrot" sketch from Monty Python's Flying Circus. It gets tired, fast, as it tends to drop into pretty juvenile territory, but it's worth a gander.

www.419eater.com
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

'Money Mules' Help Haul Cyber Criminals' Loot
The e-mail offer of a work-at-home job was a godsend to Deena Monroe, a Statesville, N.C., single mom who had just been laid off from her position as a warehouse supervisor. The prospective employer said Monroe's resume had been spotted on job search site Careerbuilder.com and offered her the chance to make a few hundred dollars a week completing sales for a marketing company based in Australia.

Monroe said she researched the company named in the solicitation -- Adamant Global Pty Ltd. -- and concluded it was a legitimate firm. In mid-September, she decided to take the offer. She was asked to add an e-mail address to her account at PayPal, which the Adamant rep explained that she needed to transfer money on the company's behalf.

Soon after, Monroe received a deposit of $2,601 into her PayPal account, with instructions to transfer the money to her checking account, withdraw it and wire the bulk of the amount via Western Union to two separate addresses in India. She was told to keep 10 percent as her commission.

Less than two weeks later, Monroe received a terse e-mail from an eBay user who was curious when he might receive the new computer he'd won at auction, the one for which he'd sent precisely $2,601 to her PayPal account.

EBay investigated, concluding that Monroe's phantom employer had tied her PayPal account to a fraudulent auction. The auction site's verdict: She was responsible for repaying the full amount to the blameless auction winner. Monroe is now working two part-time jobs to pay the bills and to make the other victim whole. "At first, the [buyer] was really mad and understandably so," Monroe said. "But I was just as irate because I had gotten taken, and there was nothing anyone could do about it."

Monroe was the victim of a "money mule" scam, in which criminals make use of third parties (often unsuspecting victims like Monroe) to launder stolen funds. Mule recruitment is an integral part of many cyber crime operations because money transferred directly from a victim to an account controlled by criminals is easily traced by banks and law enforcement. The mules, therefore, serve as a vital buffer, making it easier for criminals to hide their tracks...
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

Interview with Nitesh Dhanjani and Billy Rios, Spies in the Phishing Underground
Both Nitesh and Billy are well-known security researchers that have recently managed to infiltrate the phishing underground. What started as a simple examination of phishing sites, turned into an extraordinary view of the ecosystem that supports the phishing effort that plagues modern day financial institutions and their customers.

They saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers.

In this interview, they expose the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and even how they phish each other...
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

As if a total global financial meltdown isn't enough to drain your savings...
With all of the confusion and money involved you knew there would be cyber-vultures out there looking to cash in. Well the Federal Trade Commission today issued a warning that indeed such increased phishing activities are taking place.

Specifically the FTC said it was urging user caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer's bank, savings and loan, or mortgage. In many case such emails are only looking to obtain personal information - account numbers, passwords, Social Security numbers - to run up bills or commit other crimes in a consumer's name, the FTC stated...
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
Shakespeare
Veteran Contributor
Veteran Contributor
Posts: 23396
Joined: 15 Feb 2005 23:25
Location: Calgary, AB

Post by Shakespeare »

Don't know about anyone else, but I just got an "Rbc Sercurity [sic] Update." from the so-called "RBC Sercurity Team".

Too dumb to use spellcheckers. :roll:
Sic transit gloria mundi. Tuesday is usually worse. - Robert A. Heinlein, Starman Jones
WishingWealth
Veteran Contributor
Veteran Contributor
Posts: 6701
Joined: 27 Feb 2005 10:53

Post by WishingWealth »

The CIBC web site was giving a few dozen examples of those phishing letters/e-mails.
Goes from utterly rediculous to quite clever.

WW
User avatar
Pickles
Veteran Contributor
Veteran Contributor
Posts: 4215
Joined: 27 Sep 2006 09:44
Location: Toronto

Post by Pickles »

Shakespeare wrote:Don't know about anyone else, but I just got an "Rbc Sercurity [sic] Update." from the so-called "RBC Sercurity Team".

Too dumb to use spellcheckers. :roll:
WishingWealth wrote:
The CIBC web site was giving a few dozen examples of those phishing letters/e-mails.
Goes from utterly rediculous to quite clever.
So, WW, is this a typo, sly humour or the fiendish manifestation of a nefarious spammer???
Regards,
Pickles
WishingWealth
Veteran Contributor
Veteran Contributor
Posts: 6701
Joined: 27 Feb 2005 10:53

Post by WishingWealth »

Make this sly [attempt at] humour; that's all I have left, make up a word here and there.

WW
Post Reply