Phishing & Spoofing Alerts - Please Do Not Link Directly
- gummy
- Veteran Contributor
- Posts: 2173
- Joined: 19 Feb 2005 17:38
- Location: Burlington, Ontari-ari-ari-O
- Contact:
Phishing & Spoofing Alerts - Please Do Not Link Directly
It's getting tiring
The third e-mail scam this week from** (what appears to be):
http://www.charteronecom/home/
noting that our Charter One account
"... may have been accessed by an unauthorized third party".
Dear Charter One Bank customer:
Just sign in and "fill in all the required information, including your name and you account number"
Needless to say, we don't got a Charter One account.
** The link we got don't hardly go to the Charter One bank site, but to IP address 200.199.203.235
which can't be located by this guy:
http://www.geobytes.com/IpLocator.htm?GetLocation
The third e-mail scam this week from** (what appears to be):
http://www.charteronecom/home/
noting that our Charter One account
"... may have been accessed by an unauthorized third party".
Dear Charter One Bank customer:
Just sign in and "fill in all the required information, including your name and you account number"
Needless to say, we don't got a Charter One account.
** The link we got don't hardly go to the Charter One bank site, but to IP address 200.199.203.235
which can't be located by this guy:
http://www.geobytes.com/IpLocator.htm?GetLocation
Try this guy: http://www.all-nettools.com/toolbox
eniac.opencorps.com (200.199.203.235)
200.199.203.192 - 200.199.203.255
Forum Consultoria e Informatica Ltda.
SRT/SUL Quadra 701 Bloco, 605,
70340-907 - Brasilia - DF
Brazil
(061) 314-1141 []
Created on 04-01-2000
Last updated on 04-01-2000
Brasil Telecom S. A - Abuso
abuse@noc.brasiltelecom.net.br
Created on 24-06-2003
Last updated on 14-02-2005
Roberto Moura de Albuquerque Maranhao
forum@forumci.com.br
Created on 27-01-1998
Last updated on 16-09-2004
eniac.opencorps.com (200.199.203.235)
200.199.203.192 - 200.199.203.255
Forum Consultoria e Informatica Ltda.
SRT/SUL Quadra 701 Bloco, 605,
70340-907 - Brasilia - DF
Brazil
(061) 314-1141 []
Created on 04-01-2000
Last updated on 04-01-2000
Brasil Telecom S. A - Abuso
abuse@noc.brasiltelecom.net.br
Created on 24-06-2003
Last updated on 14-02-2005
Roberto Moura de Albuquerque Maranhao
forum@forumci.com.br
Created on 27-01-1998
Last updated on 16-09-2004
- Bylo Selhi
- Veteran Contributor
- Posts: 29493
- Joined: 16 Feb 2005 10:36
- Location: Waterloo, ON
- Contact:
Re: Charter One bank, eh?
It's called phishing and it's a good thing you didn't byte.gummy wrote:It's getting tiring
(OTOH, if everyone responded to phishers with false information it would stop them dead in their tracks.)
Sedulously eschew obfuscatory hyperverbosity and prolixity.
And this one that I just received. The link goes to a jpg at my website - it's safe to click.
Paypal was quick (within 2 minutes) to confirm that it was a scam when I forwarded it to them. When I clicked on the link my trojan tracker immediately caught a trojan. (I would not recommend that people try this unless they're pretty confident in their software's ability to catch nasties and have backups just in case they need to restore their system.)
Paypal was quick (within 2 minutes) to confirm that it was a scam when I forwarded it to them. When I clicked on the link my trojan tracker immediately caught a trojan. (I would not recommend that people try this unless they're pretty confident in their software's ability to catch nasties and have backups just in case they need to restore their system.)
-
- Moderator
- Posts: 344
- Joined: 16 Feb 2005 08:07
- Bylo Selhi
- Veteran Contributor
- Posts: 29493
- Joined: 16 Feb 2005 10:36
- Location: Waterloo, ON
- Contact:
Most bank websites now feature warnings about the dangers of phishing, e.g.
https://www.tdcanadatrust.com/easyweb5/ ... shing2.jsp
https://www.rbcroyalbank.com/onlinebank ... ice05.html
http://www.cibc.com/ca/legal/fraud-examples.html
So do many online merchants, e.g.
http://pages.ebay.ca/securitycentre/sto ... sites.html
https://www.paypal.com/cgi-bin/webscr?c ... of-outside
https://www.tdcanadatrust.com/easyweb5/ ... shing2.jsp
https://www.rbcroyalbank.com/onlinebank ... ice05.html
http://www.cibc.com/ca/legal/fraud-examples.html
So do many online merchants, e.g.
http://pages.ebay.ca/securitycentre/sto ... sites.html
https://www.paypal.com/cgi-bin/webscr?c ... of-outside
Sedulously eschew obfuscatory hyperverbosity and prolixity.
- gummy
- Veteran Contributor
- Posts: 2173
- Joined: 19 Feb 2005 17:38
- Location: Burlington, Ontari-ari-ari-O
- Contact:
Here's an interesting scam:
My wife answers the phone.
"Hello, this is the Police Association.
We're asking you to make an $11 contribution to send a child to camp. If so, could you give us your credit card number ..."
The Missus says: "Sure, but I'd rather you sent me a request by mail."
A long pause, then:
"Certainly, we'll do that."
Then they hang up without asking for an address.
My wife answers the phone.
"Hello, this is the Police Association.
We're asking you to make an $11 contribution to send a child to camp. If so, could you give us your credit card number ..."
The Missus says: "Sure, but I'd rather you sent me a request by mail."
A long pause, then:
"Certainly, we'll do that."
Then they hang up without asking for an address.
- Bylo Selhi
- Veteran Contributor
- Posts: 29493
- Joined: 16 Feb 2005 10:36
- Location: Waterloo, ON
- Contact:
Ask the person if s/he's a police officer. Betcha they won't answer that.gummy wrote:"Hello, this is the Police Association. We're asking you to make an $11 contribution to send a child to camp.
(And if they are, what does this say for the credibility of the police force?)
What makes you think they don't have that information from the same source as your phone number? In any case, you probably won't get anything in the mail simply because it's so much easier to go to the next phone number.Then they hang up without asking for an address.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
- gummy
- Veteran Contributor
- Posts: 2173
- Joined: 19 Feb 2005 17:38
- Location: Burlington, Ontari-ari-ari-O
- Contact:
We go thru this ritual every year, several months before the "send-a-kid-to-camp" event:What makes you think they don't have that information from the same source as your phone number?
Heidi asks for (and gets) a written request, they ask to check our address, etc.
This time they ask just a few days before the event and don't send a written request ... and ask for a credit card number !!
Neat trick.
Think I'll try it on my brother-in-law
- arthur
- Veteran Contributor
- Posts: 4620
- Joined: 19 Feb 2005 13:10
- Location: The Town of the Blue Mountains
Cyber Fraud
Venture on CBC yesterday illustrated how fraudsters are able to dupe us into sharing info such as Credit Card Numbers, Bank Accounts etc, the fraudulent requests even duped some so called Internet experts.
NEVER reply to a request, no matter how official the we b site is, that asks for confidentail information.
The servers were in such places as Romania, and the owners of the Servers were complicit with the Fraud Artists in delaying any attempts to shut them down.
NEVER reply to a request, no matter how official the we b site is, that asks for confidentail information.
The servers were in such places as Romania, and the owners of the Servers were complicit with the Fraud Artists in delaying any attempts to shut them down.
Few weeks ago I got an email from the Royal Bank. It asked me to go to a site and confirm my personal data; the resaon given was to protect my security and thus prevent fraud. This sounded quite reasonable.I'm Howard wrote:Venture on CBC yesterday illustrated how fraudsters are able to dupe us into sharing info such as Credit Card Numbers, Bank Accounts etc, the fraudulent requests even duped some so called Internet experts.
NEVER reply to a request, no matter how official the we b site is, that asks for confidentail information.
The servers were in such places as Romania, and the owners of the Servers were complicit with the Fraud Artists in delaying any attempts to shut them down.
Problem is I have never ever done business with RBC. So I spoke to them and they asked me to forward this email. A few days later the real RBC confirmed it was a new fraudster technique and explained to me it was phishing, a term I had never heard of.
I also watched the program yesterday on CBC. I hope many here saw it.
Last edited by mike on 07 Nov 2005 09:54, edited 1 time in total.
- arthur
- Veteran Contributor
- Posts: 4620
- Joined: 19 Feb 2005 13:10
- Location: The Town of the Blue Mountains
that's it, PHISHING, that trem should be highlighted onall sites.
there is even a site for CROOKS ONLY, where they can exchange this info.
there is even a site for CROOKS ONLY, where they can exchange this info.
You want the truth, you want the truth, you can't handle the truth.
The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.
If you do not risk anything , you risk even more. Jong
The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.
If you do not risk anything , you risk even more. Jong
Here is another phony :
Subject: Credit Card Scam From FBI Regional Office
--------------------------------------------------------------------------------
It is now operating in the New York Metro Area! Share with others in your office and friends. Personal Financial Warning from the Regional FBI Office, Columbia Region. This information is for the general public
WARNING...New Credit Card Scam.
Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.
A man was called on Wednesday from "VISA", and his wife was called on Thursday from "MasterCard". The scam works like this: Person calling says,"This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460, your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona?"
When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"
You say "yes". The caller continues - "I will be starting a Fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security.
You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again?" Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers' that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?"
After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up. You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question.
Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.
Long story made short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost to late and/or more difficult to actually file a fraud report.
What makes this more remarkable is that on Thursday, the wife got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up!
We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.
Subject: Credit Card Scam From FBI Regional Office
--------------------------------------------------------------------------------
It is now operating in the New York Metro Area! Share with others in your office and friends. Personal Financial Warning from the Regional FBI Office, Columbia Region. This information is for the general public
WARNING...New Credit Card Scam.
Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.
A man was called on Wednesday from "VISA", and his wife was called on Thursday from "MasterCard". The scam works like this: Person calling says,"This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460, your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona?"
When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"
You say "yes". The caller continues - "I will be starting a Fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security.
You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again?" Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers' that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?"
After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up. You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question.
Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.
Long story made short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost to late and/or more difficult to actually file a fraud report.
What makes this more remarkable is that on Thursday, the wife got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up!
We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.
Last edited by mike on 07 Nov 2005 10:12, edited 1 time in total.
- arthur
- Veteran Contributor
- Posts: 4620
- Joined: 19 Feb 2005 13:10
- Location: The Town of the Blue Mountains
i thought the partwhere the reporter called the guy in the States and read him off his Credit card #, his birth date, his Bank access #, as they were passing on the screen and incurring charges.
My Sons have always lectured me on this, to date i thought thye were overreacting.
One good rule, if you use a Charge Plate, use one with a low credit limit.
My Sons have always lectured me on this, to date i thought thye were overreacting.
One good rule, if you use a Charge Plate, use one with a low credit limit.
You want the truth, you want the truth, you can't handle the truth.
The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.
If you do not risk anything , you risk even more. Jong
The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.
If you do not risk anything , you risk even more. Jong
This is nonsense. You get your statement, you act on fraudulent charges. No credit card company expects customers to be mind readers and know in advance that stuff is going on with their account.mike wrote:However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost to late and/or more difficult to actually file a fraud report.
I tend to agree with you here. And legally speaking you may well be within your rights to act.Jo Anne wrote:This is nonsense. You get your statement, you act on fraudulent charges. No credit card company expects customers to be mind readers and know in advance that stuff is going on with their account.
But the point here is that the focus should be on preventing fraud (by being aware of the pitfalls) rather than reacting to it (once the damage is done).
Obviously if you have been a victim of fraud then you go after the credit card company for restitution. If you are in some way responsible for the predicament you are in then you may have a tough time collecting, if in fact you collect at all.
In the example given above, a person unwittingly or stupidly divulges confidential data. So is this person an innocent victim of (Financial) rape OR an unwitting accomplice who didn't properly resist being seduced?
Last edited by mike on 07 Dec 2005 17:29, edited 1 time in total.
- amphitryon
- Contributor
- Posts: 497
- Joined: 27 Mar 2005 21:34
- Location: Toronto
my simple recipe to reduce the risk:
never open an e-mail where I do not recognize the sender. delete!
do not use "auto-preview"
know that my bank won't send me an e-mail -- ever (my account manager might, but this address is specific)
check my statements (bank and card) on receipt, match invoices to charges, even parking meters.
keep a notice (must renew on regular basis) on my record at Equifax and Transunion, to contact me personally if a loan is being applied for.
check MPAC (property records) twice a year on line.
shred all records before discarding.
so far so good, in spite of doing almost all banking on-line, use my card a lot and keep a fairly high limit. if anyone can think of something else, please add.
never open an e-mail where I do not recognize the sender. delete!
do not use "auto-preview"
know that my bank won't send me an e-mail -- ever (my account manager might, but this address is specific)
check my statements (bank and card) on receipt, match invoices to charges, even parking meters.
keep a notice (must renew on regular basis) on my record at Equifax and Transunion, to contact me personally if a loan is being applied for.
check MPAC (property records) twice a year on line.
shred all records before discarding.
so far so good, in spite of doing almost all banking on-line, use my card a lot and keep a fairly high limit. if anyone can think of something else, please add.
homo sum, humani nihil a me alienum puto
The last part (shredding) is what we do without exception. Utility statemetns, bank statements, etc. Even those unsolicited credit card applications that have your name on the intro letter. Thieves can patch together enough stuff to steal an identity. A $20 investment in a crosscut shredder at Walmart is the cheapest insurance there is.
finiki, the Canadian financial wiki The go-to place to bolster your financial freedom
- arthur
- Veteran Contributor
- Posts: 4620
- Joined: 19 Feb 2005 13:10
- Location: The Town of the Blue Mountains
AR, I am with you, I do the same.
Shredder costs a few bucks at Crappy Tyre, shreddings go into compost bin.
Shredder costs a few bucks at Crappy Tyre, shreddings go into compost bin.
You want the truth, you want the truth, you can't handle the truth.
The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.
If you do not risk anything , you risk even more. Jong
The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.
If you do not risk anything , you risk even more. Jong
-
- Contributor
- Posts: 68
- Joined: 28 Feb 2005 11:21
I go one step further, I shred then put the stuff in the stinkiest 'garbage' bin, which once collected, gets buried in the ground.
I know, I know, we are suppose to recylce (which I do diligently!), but when it comes to sensitive personal info., I try not to take ANY chances.
PS To date, i hae NEVER made an on-line purchase, because that has in the past turned out to be the biggest problem when the info is stolen from the company you happen to buy on-line.
Have a nice day!
I know, I know, we are suppose to recylce (which I do diligently!), but when it comes to sensitive personal info., I try not to take ANY chances.
PS To date, i hae NEVER made an on-line purchase, because that has in the past turned out to be the biggest problem when the info is stolen from the company you happen to buy on-line.
Have a nice day!