Phishing & Spoofing Alerts - Please Do Not Link Directly

Banking and Saving strategies, maximizing interest rates, budgeting, GICs, HISAs.
Post Reply
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Phishing & Spoofing Alerts - Please Do Not Link Directly

Post by gummy »

It's getting tiring :(

The third e-mail scam this week from** (what appears to be):
http://www.charteronecom/home/
noting that our Charter One account
"... may have been accessed by an unauthorized third party".

Dear Charter One Bank customer:
Just sign in and "fill in all the required information, including your name and you account number"


Needless to say, we don't got a Charter One account.

** The link we got don't hardly go to the Charter One bank site, but to IP address 200.199.203.235
which can't be located by this guy:

http://www.geobytes.com/IpLocator.htm?GetLocation

:)
User avatar
yielder
Veteran Contributor
Veteran Contributor
Posts: 4911
Joined: 16 Feb 2005 07:47
Location: Hastings, Ontario

Post by yielder »

Try this guy: http://www.all-nettools.com/toolbox

eniac.opencorps.com (200.199.203.235)

200.199.203.192 - 200.199.203.255

Forum Consultoria e Informatica Ltda.
SRT/SUL Quadra 701 Bloco, 605,
70340-907 - Brasilia - DF
Brazil
(061) 314-1141 []
Created on 04-01-2000
Last updated on 04-01-2000

Brasil Telecom S. A - Abuso
abuse@noc.brasiltelecom.net.br
Created on 24-06-2003
Last updated on 14-02-2005

Roberto Moura de Albuquerque Maranhao
forum@forumci.com.br
Created on 27-01-1998
Last updated on 16-09-2004
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Re: Charter One bank, eh?

Post by Bylo Selhi »

gummy wrote:It's getting tiring :(
It's called phishing and it's a good thing you didn't byte.

(OTOH, if everyone responded to phishers with false information it would stop them dead in their tracks.)
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

Hey Yielder!
That all-nettools site is so much better than the one I've been using
... so I had to go back and fix up my (lousy) link, here:
User avatar
yielder
Veteran Contributor
Veteran Contributor
Posts: 4911
Joined: 16 Feb 2005 07:47
Location: Hastings, Ontario

Post by yielder »

And this one that I just received. The link goes to a jpg at my website - it's safe to click.

Paypal was quick (within 2 minutes) to confirm that it was a scam when I forwarded it to them. When I clicked on the link my trojan tracker immediately caught a trojan. (I would not recommend that people try this unless they're pretty confident in their software's ability to catch nasties and have backups just in case they need to restore their system.)
ModeratorQ
Moderator
Moderator
Posts: 344
Joined: 16 Feb 2005 08:07

Post by ModeratorQ »

I've changed the thread header from Charter One bank eh? to make it a repository for any items like gummy's Charter one post.

Moderator
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

Phishing and spoofing?
Did somebuddy say ...
spoofing?
Image Image Image Image
User avatar
dakota
Veteran Contributor
Veteran Contributor
Posts: 3270
Joined: 27 Feb 2005 12:00
Location: Bay of Quinte

Post by dakota »

Makes me wonder why I never get that shit on my computer? Noooo-don't send it to me...just wondered :?
A fool and his money are lucky to get togethere in the first place
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

Here's an interesting scam:

My wife answers the phone.
"Hello, this is the Police Association.
We're asking you to make an $11 contribution to send a child to camp. If so, could you give us your credit card number ..."


The Missus says: "Sure, but I'd rather you sent me a request by mail."

A long pause, then:
"Certainly, we'll do that."

Then they hang up without asking for an address.
User avatar
Bylo Selhi
Veteran Contributor
Veteran Contributor
Posts: 29493
Joined: 16 Feb 2005 10:36
Location: Waterloo, ON
Contact:

Post by Bylo Selhi »

gummy wrote:"Hello, this is the Police Association. We're asking you to make an $11 contribution to send a child to camp.
Ask the person if s/he's a police officer. Betcha they won't answer that.

(And if they are, what does this say for the credibility of the police force?)
Then they hang up without asking for an address.
What makes you think they don't have that information from the same source as your phone number? In any case, you probably won't get anything in the mail simply because it's so much easier to go to the next phone number.
Sedulously eschew obfuscatory hyperverbosity and prolixity.
User avatar
gummy
Veteran Contributor
Veteran Contributor
Posts: 2173
Joined: 19 Feb 2005 17:38
Location: Burlington, Ontari-ari-ari-O
Contact:

Post by gummy »

What makes you think they don't have that information from the same source as your phone number?
We go thru this ritual every year, several months before the "send-a-kid-to-camp" event:
Heidi asks for (and gets) a written request, they ask to check our address, etc.
This time they ask just a few days before the event and don't send a written request ... and ask for a credit card number !!

Neat trick.
Think I'll try it on my brother-in-law :D
User avatar
arthur
Veteran Contributor
Veteran Contributor
Posts: 4620
Joined: 19 Feb 2005 13:10
Location: The Town of the Blue Mountains

Cyber Fraud

Post by arthur »

Venture on CBC yesterday illustrated how fraudsters are able to dupe us into sharing info such as Credit Card Numbers, Bank Accounts etc, the fraudulent requests even duped some so called Internet experts.

NEVER reply to a request, no matter how official the we b site is, that asks for confidentail information.

The servers were in such places as Romania, and the owners of the Servers were complicit with the Fraud Artists in delaying any attempts to shut them down. :(
mike
Contributor
Contributor
Posts: 452
Joined: 20 Mar 2005 14:42

Post by mike »

I'm Howard wrote:Venture on CBC yesterday illustrated how fraudsters are able to dupe us into sharing info such as Credit Card Numbers, Bank Accounts etc, the fraudulent requests even duped some so called Internet experts.

NEVER reply to a request, no matter how official the we b site is, that asks for confidentail information.

The servers were in such places as Romania, and the owners of the Servers were complicit with the Fraud Artists in delaying any attempts to shut them down. :(
Few weeks ago I got an email from the Royal Bank. It asked me to go to a site and confirm my personal data; the resaon given was to protect my security and thus prevent fraud. This sounded quite reasonable.

Problem is I have never ever done business with RBC. So I spoke to them and they asked me to forward this email. A few days later the real RBC confirmed it was a new fraudster technique and explained to me it was phishing, a term I had never heard of.

I also watched the program yesterday on CBC. I hope many here saw it.
Last edited by mike on 07 Nov 2005 09:54, edited 1 time in total.
User avatar
arthur
Veteran Contributor
Veteran Contributor
Posts: 4620
Joined: 19 Feb 2005 13:10
Location: The Town of the Blue Mountains

Post by arthur »

that's it, PHISHING, that trem should be highlighted onall sites.

there is even a site for CROOKS ONLY, where they can exchange this info.
You want the truth, you want the truth, you can't handle the truth.

The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.

If you do not risk anything , you risk even more. Jong
mike
Contributor
Contributor
Posts: 452
Joined: 20 Mar 2005 14:42

Post by mike »

Here is another phony :


Subject: Credit Card Scam From FBI Regional Office

--------------------------------------------------------------------------------

It is now operating in the New York Metro Area! Share with others in your office and friends. Personal Financial Warning from the Regional FBI Office, Columbia Region. This information is for the general public

WARNING...New Credit Card Scam.

Note, the callers do not ask for your card number; they already have it. This information is worth reading. By understanding how the VISA & MasterCard Telephone Credit Card Scam works, you'll be better prepared to protect yourself.

A man was called on Wednesday from "VISA", and his wife was called on Thursday from "MasterCard". The scam works like this: Person calling says,"This is (name), and I'm calling from the Security and Fraud Department at VISA. My Badge number is 12460, your card has been flagged for an unusual purchase pattern, and I'm calling to verify. This would be on your VISA card which was issued by (name of bank). Did you purchase an Anti-Telemarketing Device for $497.99 from a Marketing company based in Arizona?"

When you say "No", the caller continues with, "Then we will be issuing a credit to your account. This is a company we have been watching and the charges range from $297 to $497, just under the $500 purchase pattern that flags most cards. Before your next statement, the credit will be sent to (gives you your address), is that correct?"

You say "yes". The caller continues - "I will be starting a Fraud investigation. If you have any questions, you should call the 1-800 number listed on the back of your card (1-800-VISA) and ask for Security.

You will need to refer to this Control Number. The caller then gives you a 6 digit number. "Do you need me to read it again?" Here's the IMPORTANT part on how the scam works. The caller then says, "I need to verify you are in possession of your card". He'll ask you to "turn your card over and look for some numbers". There are 7 numbers; the first 4 are part of your card number, the next 3 are the security Numbers' that verify you are the possessor of the card. These are the numbers you sometimes use to make Internet purchases to prove you have the card. The caller will ask you to read the 3 numbers to him. After you tell the caller the 3 numbers, he'll say, "That is correct, I just needed to verify that the card has not been lost or stolen, and that you still have your card. Do you have any other questions?"

After you say No, the caller then thanks you and states, "Don't hesitate to call back if you do", and hangs up. You actually say very little, and they never ask for or tell you the Card number. But after we were called on Wednesday, we called back within 20 minutes to ask a question.

Are we glad we did! The REAL VISA Security Department told us it was a scam and in the last 15 minutes a new purchase of $497.99 was charged to our card.

Long story made short - we made a real fraud report and closed the VISA account. VISA is reissuing us a new number. What the scammers want is the 3-digit PIN number on the back of the card. Don't give it to them. Instead, tell them you'll call VISA or Master card directly for verification of their conversation. The real VISA told us that they will never ask for anything on the card as they already know the information since they issued the card! If you give the scammers your 3 Digit PIN Number, you think you're receiving a credit. However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost to late and/or more difficult to actually file a fraud report.

What makes this more remarkable is that on Thursday, the wife got a call from a "Jason Richardson of MasterCard" with a word-for-word repeat of the VISA scam. This time I didn't let him finish. I hung up!

We filed a police report, as instructed by VISA. The police said they are taking several of these reports daily! They also urged us to tell everybody we know that this scam is happening.
Last edited by mike on 07 Nov 2005 10:12, edited 1 time in total.
User avatar
arthur
Veteran Contributor
Veteran Contributor
Posts: 4620
Joined: 19 Feb 2005 13:10
Location: The Town of the Blue Mountains

Post by arthur »

i thought the partwhere the reporter called the guy in the States and read him off his Credit card #, his birth date, his Bank access #, as they were passing on the screen and incurring charges.

My Sons have always lectured me on this, to date i thought thye were overreacting.

One good rule, if you use a Charge Plate, use one with a low credit limit.
You want the truth, you want the truth, you can't handle the truth.

The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.

If you do not risk anything , you risk even more. Jong
dagan
Contributor
Contributor
Posts: 476
Joined: 18 Feb 2005 14:25
Location: Greater Toronto Area

Post by dagan »

Great informatin Howard and mike. I have always been pretty careful, but your posts made me think again about such things as the proper use of the security codes on the back of cards. Few cardholders are even aware of these numbers or their significance.
Jo Anne
Veteran Contributor
Veteran Contributor
Posts: 3648
Joined: 19 Feb 2005 21:33

Post by Jo Anne »

mike wrote:However, by the time you get your statement you'll see charges for purchases you didn't make, and by then it's almost to late and/or more difficult to actually file a fraud report.
This is nonsense. You get your statement, you act on fraudulent charges. No credit card company expects customers to be mind readers and know in advance that stuff is going on with their account.
mike
Contributor
Contributor
Posts: 452
Joined: 20 Mar 2005 14:42

Post by mike »

Jo Anne wrote:This is nonsense. You get your statement, you act on fraudulent charges. No credit card company expects customers to be mind readers and know in advance that stuff is going on with their account.
I tend to agree with you here. And legally speaking you may well be within your rights to act.

But the point here is that the focus should be on preventing fraud (by being aware of the pitfalls) rather than reacting to it (once the damage is done).

Obviously if you have been a victim of fraud then you go after the credit card company for restitution. If you are in some way responsible for the predicament you are in then you may have a tough time collecting, if in fact you collect at all.

In the example given above, a person unwittingly or stupidly divulges confidential data. So is this person an innocent victim of (Financial) rape OR an unwitting accomplice who didn't properly resist being seduced?
Last edited by mike on 07 Dec 2005 17:29, edited 1 time in total.
User avatar
amphitryon
Contributor
Contributor
Posts: 497
Joined: 27 Mar 2005 21:34
Location: Toronto

Post by amphitryon »

my simple recipe to reduce the risk:

never open an e-mail where I do not recognize the sender. delete!
do not use "auto-preview"
know that my bank won't send me an e-mail -- ever (my account manager might, but this address is specific)
check my statements (bank and card) on receipt, match invoices to charges, even parking meters.
keep a notice (must renew on regular basis) on my record at Equifax and Transunion, to contact me personally if a loan is being applied for.
check MPAC (property records) twice a year on line.
shred all records before discarding.

so far so good, in spite of doing almost all banking on-line, use my card a lot and keep a fairly high limit. if anyone can think of something else, please add.
homo sum, humani nihil a me alienum puto
User avatar
AltaRed
Veteran Contributor
Veteran Contributor
Posts: 33398
Joined: 05 Mar 2005 20:04
Location: Ogopogo Land

Post by AltaRed »

The last part (shredding) is what we do without exception. Utility statemetns, bank statements, etc. Even those unsolicited credit card applications that have your name on the intro letter. Thieves can patch together enough stuff to steal an identity. A $20 investment in a crosscut shredder at Walmart is the cheapest insurance there is.
Imagefiniki, the Canadian financial wiki The go-to place to bolster your financial freedom
User avatar
arthur
Veteran Contributor
Veteran Contributor
Posts: 4620
Joined: 19 Feb 2005 13:10
Location: The Town of the Blue Mountains

Post by arthur »

AR, I am with you, I do the same.

Shredder costs a few bucks at Crappy Tyre, shreddings go into compost bin.
You want the truth, you want the truth, you can't handle the truth.

The masses have never thirsted for the truth, whoever supplies them with illusions is their master, whoever supplies them with the truth, their victim.

If you do not risk anything , you risk even more. Jong
bipendifudi
Contributor
Contributor
Posts: 68
Joined: 28 Feb 2005 11:21

Post by bipendifudi »

I go one step further, I shred then put the stuff in the stinkiest 'garbage' bin, which once collected, gets buried in the ground.
I know, I know, we are suppose to recylce (which I do diligently!), but when it comes to sensitive personal info., I try not to take ANY chances.
PS To date, i hae NEVER made an on-line purchase, because that has in the past turned out to be the biggest problem when the info is stolen from the company you happen to buy on-line.
Have a nice day!
Post Reply