The "phishing" industry is morphing their tactics as people are becoming wise to their past methods. These criminals learn quickly and are becoming more sophisticated in ways to fool you.
I just received the following message from a bank. I immediately knew that it was bogus, since I did not have an account with it... but as I read the mail, I first started to think that is was legit, just sent to me by mistake.
I then looked it over more closely... valid return address, valid contact information about the bank, no suspicious links (just plain text), a warning about the dangers of "phishing", low-key suggestion to write a letter, email or call the included phone number. I thought, "Okay, it appears legitimate," and if I was the average account holder I would probably be seriously considering calling the phone number "immediately" as directed.
After checking the bank's web site (which I located independently, never use the supplied links/addresses as they may be pointing to a fake site), the only difference I noted was that the bank's phone numbers where in XX state and the phone number provided was in Illinois. (Which did not necessary mean it was fake, as many organizations have support numbers in different locations.)
However, by this time I was certain it was bogus for reasons I don't want to publish here, so out of curiosity I dialed the number included several times in the email, so they obviously were intending to drive responses to it.
On the phone, I encountered an automatic, official sounding message that said, "Welcome To XXXXX State Bank's Account Reactivation System... to start, please have your credit card information available and press 1 when ready..."
Here is an actual text of the email and actual phone number, the only change I made was to conceal the bank, as it was in no way their fault. (I did report the incident to them.)
| -------------------------------------------------------------- Consumer Alert: Increase in Fraudulent e-mails -------------------------------------------------------------- XXXXX State Bank has confirmed that a small number of people were recently phished. "Phishing" is when a criminal replicates a legitimate web site to deceive individuals into providing personal financial, or other confidential information. An unknown number of people recently received an email that appeared to be sent from XXXXX State Bank. We currently working to shut down the phishing site, and determining the extent to which our clients may have been affected. Due to this attempts we have had to temporary suspend any future authorizations being conducted with your Credit Card. Please call us immediately at 1-309-807-0946 We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account. Please disregard this notice if you already re-activate your card. XXXXX State Bank cares about you and we want to ensure the highest level of protection for you. Sincerely, XXXXX State Bank Fraud Department You can contact us by phone, U.S. mail, or email. We look forward to hearing from you. By phone: 1-309-807-0946 Or contact Customer Care at 1-309-807-0946 By U.S. mail: XXXXX State Bank Box 1234 1234 Main St. XXXXX, XX 12345 |
Bottomline: You can never be too careful when it comes to protection against criminals gaining access to your personal information.
Click here for additional Security related articles
Copyright 2008 by Lawrence Yerkes. All Rights Reserved.
|
Home Website | NJ Property Search | Sell | Buy | Rent | Search | Relocate | Resources | Contact Me | Commercial |
It is a little crazy. I something like this from a EBAY or Paypal thing about every other week and about every three months from Chase.
After contacting the institution they tell me that any email they will every send will include my last name. In fact when I get them I forward the email to spoof@ebay.com and spoof@paypal.com.
With Chase I have to call them
Thanks
Tony
Thank you for your comments...
Toll free numbers have also had their share of abuse.
Also, if you dial a Toll Free phone# they automatically will have all your caller ID information (including last name, whether you have it blocked or not, as they are paying for the call), so you can't rely on just one thing to trust that it is legitimate.
First mailing:
Subject: Required Security Update
Required Security Update
Click "Begin" to update your account for Multi-Factor Authentication
Upgrades were made to our internet banking site on March 5, 2008. You must complete this one-time security update to access your accounts.
Begin
Login here if you have completed the above security update. If you haven't please see above for instructions before proceeding to login.
Second Mailing:
Subject: Notification letter #6286
Example Central Credit Union department temporary suspended your account.
After three unsuccessful login attempts your account was temporary suspended until further investigations.
All cards from this account are suspended.
You must reactivate your account immediately, or you won't be able to use your cards again.
Once you have completed these steps, we will send you an email notifying that your account is available again.
The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party.
Sorry for any inconvenience this may cause and thank you for your patience.
To continue please click the link below:
http://nwtd.pt/www.ExampleCentralCU.org/index.html <actual link does not match visible link>
© 2008 Example Central Credit Union. All rights reserved.
Subject: IRS - Notification Letter #8123
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $116.40. Please submit the tax refund request and allow us 6-9 days in order to process it.
A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Regards,
Internal Revenue Service
Subject: Tax Refund (Message ID H12347d7)
<-- Originally pointing to someone's site for picture
A Secure Way to Receive Your Tax Refund
After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $873.20.
Please submit the tax refund request and allow us 3-9 days in order to
process it.
A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
To access the form for your tax refund, please click here
Note: For security reasons, we will record your ip-address, the date and time.
Deliberate wrong inputs are criminally pursued and indicated.
Regards,
Internal Revenue Service
Yes, I think it's quite amusing that all the phishing emails now talk about security in their emails and give all kinds of security advice. I guess this stuff fools people because these guys send a lot of it.
However, my point continues to be that phishing emails are getting more and more sophisticated and you need to continually be on guard and hone your abilities to spot them. It is not uncommon (from personal experience) for organizations to ask you to confirm information and/or to log back into their site or call their service number and then ask you to supply some information to improve "security" or let you access confidential information, etc.
The issue is not that they are banks, but it could be any organization, including non-profit and governmental, that could be used by phishers as we've already seen.
Here's another variation...
Dear XXXXXXXX customer,
We would like to inform you that we are currently carrying out scheduled maintenance.
In order to guarantee the high level of security to our business customers, we require you to complete "Business Internet Banking Form".
Please complete BIB Form using the link below:
http://business.xxxxxxxx.com/system_directory/isa/file.aspx?session=723456789012345789012345789012357890235986823590873908
Please do not respond to this e-mail.
I just received it a few minutes ago. While it's another banking example, I wanted to point out the subdomain ("business") is invalid, while the xxxxxxxx.com is VALID. (The session number string is not the original, but it was the same length.)
Your registered name is included to help confirm this message originated from eBay. Learn more.
eBay New Unpaid Item Message from rockstarsports : #280086969984-- response required
Regards,
BTW, Here's a plain old scam....
Dear Friend, I have been waiting for you since to contact me for your Confirmable Atm Card value of $10.500.000.00 United States Dollars, but I did not hear from you since that time. Then I went and deposited the Atm Card with FEDEX COURIER SERVICE, before I traveled out of the country for a 3 Months Course.
What you have to do now is to contact the FEDEX COURIER SERVICE as soon as possible to know when they will deliver your package to you because of the expiring date. For your information, I have paid for the delivering Charge, Insurance premium and Clearance Certificate Fee of the Cheque showing that it is not a Drug Money or meant to sponsor Terrorist attack in your Country. The only money you will send to the FEDEX COURIER SERVICE to deliver your Atm Card direct to your postal Address in your country is ($370.00 US)Dollars only being Security Keeping Fee of the Courier Company so far.
Again, don't be deceived by anybody to pay any other money except $370.00US Dollars. I would have paid that but they said no because they don't know when you will contact them and in case of demurrage. You have to contact the FEDEX COURIER SERVICE now for the delivery of your Atm Card with this information bellow; Contact Person: Mr. David Wood Email Address: fedexng1@live.com Finally, make sure that you reconfirm your Postal address and Direct telephone number to them again to avoid any mistake on the Delivery and ask them to give you the tracking number to enable you track your package over there and know when it will get to your address.
Let me repeat again, try to contact them as soon as you receive this mail to avoid any further delay and remember to pay them their Security Keeping fee of $370.00 US Dollars for their immediate action. You should also let me know through email as soon as you receive your Atm Card.
Yours Faithfully,
Dr. David William
E-mail : drdavidw1@yahoo.es
This example is another bank, requesting "non-sensitive and anonymous" information with the comforting assurance that it will not be passed down to a third-party...
XXXXXXXX Central Credit Union department temporary suspended your account.
After three unsuccessful login attempts your account was temporary suspended until further investigations.
All cards from this account are suspended.
You must reactivate your account immediately, or you won't be able to use your cards again.
Once you have completed these steps, we will send you an email notifying that your account is available again.
The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party.
Sorry for any inconvenience this may cause and thank you for your patience.
To continue please click the link below:
http://host123-12-123-123.in-addr.btopenworld.com/www.XXXXXXXX.org/
© 2008 XXXXXXX Central Credit Union. All rights reserved.
In the above example, despite the comforting assurances, what look's like the base path for the bank, www.XXXXXXXX.org, is really a directory (folder) at ...btopenworld.com (whatever that is). Just looking at this fast, some might miss that and think it's a valid link.
We were speaking about the use of phone numbers and not giving out your name, etc.... this was received on March 4th..
Subject: Message from XXXXXXXX, Customer Service
Dear Member,
All Co-op Services Credit Union and Internet Banking will
be closed on Saturday, March 8th and Monday, March 10th during
the Memorial Day Holiday weekend for a scheduled computer upgrade.
Your participation is required at this event !
We need you to confirm your personal data with our existing database.
To continue this application we kindly ask you to click here and update your XXXXXXXX profile.
Our Member Call Center Representatives will be available on:
Saturday, March 8th 8:00 a.m. -9:00 a.m.
Sunday, March 9th 11:00 a.m. - 5:00 p.m.
(800) 321-8570 to assist you with your financial needs.
We apologize for any inconvenience this may cause you.
Sincerly,
Russ XXXXXXX Vice President XXXXXXXX Credit Union.
Copyright © XXXXXXXX Credit Union, All Rights Reserved.
I'm not going to comment on the obvious errors.
The point I want to make here is that in these case, because it's an 800#, if you call they will instantly have your name and phone number at a minimum.
From: XXXXXXX Credit Union"<xxxxxx@accountsecurity.com
Subject: Card Deactivation
Card Deactivation
Message from: Customer Service
Date: 04/07/2008
We detected irregular activity on your ATM/Check Card on 04/07/2008.
For your protection we have had to suspend any future authorizations
being conducted with your card.
For your security we have deactivate your card.
How to activate/re-activate your card ?
You may stop by your branch or call our Activation Center.
Activation Center: (866) 578-0982 (24 Hour Line)
Our automated system allows you to quickly activate your card.
We apologize for any inconvenience this may cause.
© XXXXXX CU 2008
Notice how they are attempting to disarm any suspicions you may have about the email, or at least get you to the point of thinking that you don't know for sure as to it's validity and call the number just to see for yourself.
As previously mentioned, calling that number will give them your name and phone# at a minimum; and the automated system will get everything else they need.
If you see something like this and are in doubt, call the organization using a number listed on your billing statement or you have used previously and verified.