Department of Finance Phishing Scam

Summary:
Scam email purporting to be from Canada’s Department of Finance claims that the
recipient is eligible for a tax refund

 

Status:
False - the email is an attempt to steal personal information.

Example:(Submitted, January 2007) From:
Department of Finance

Subject: Notification - Please Read This.

After the last annual calculations of your fiscal activity we have determined
that you are eligible to receive a tax refund of $112.80. Please submit the tax
refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting
invalid records or applying after the deadline.

To access the form for your tax refund, please click here.[LINK REMOVED]

Regards,
Department of Finance Canada

 

 

Commentary:
This phishing scam email attempts to convince recipients that they are eligible
for a tax refund from Canada’s Department of Finance. A link in the scam email
opens a fake web form that asks for sensitive personal information. Recipients
are instructed to fill in this form in order to claim their “tax refund”.

The email arrives complete with official looking Department of Finance logos,
and formatting designed to make the message appear legitimate. However, the
message does not originate from the Department of Finance. Information entered
into the fake refund form can be collected by the scammers and subsequently used
for fraud and identity theft. Department of Finance Canada has issued a

Fraud Alert to warn Canadian Internet users about the scam, which states in
part:

Some Canadians are receiving e-mails fraudulently identified as coming
from the Department of Finance Canada that promise a tax refund if an
appended form is filled in and returned.

The e-mail is not from the Department of Finance Canada. There is no
such refund. Do NOT fill in the form, as it will compromise your credit card
and social insurance information. If you receive this e-mail, simply delete
it. We have already notified appropriate law enforcement authorities.

Although this particular scam is aimed at Canadian citizens, the same tactic
has also been targeted at other nations. In 2005 and again in 2006, “tax refund”
phishing scam emails falsely claiming to be from America’s Internal Revenue
Service (IRS) were directed at US citizens.

No legitimate government tax office is ever likely to inform citizens about a
tax refund via an unsolicited email. Emails claiming to be from taxation
departments or other government bodies should always be viewed with suspicion.
Phishing scammers use a wide variety of tactics to fool victims into parting
with their personal details. Be very cautious of any unsolicited email that asks
you to click an included link and provide sensitive personal information such as
banking or credit card details.

Social Security Administration Phishing Scam

 

 

November 2006

The US Social Security Administration has

issued a warning to the public about a new phishing scam email that attempts
to trick recipients into providing personal information on a fraudulent website.

The scam email purports to be from the Social Security Administration itself.
However, the message is not sent from the SSA. Instead, it is being distributed
by scammers intent on stealing sensitive personal information.

 

 

The scam email has the subject line, “Cost-of-Living for 2007
update” and claims that the recipient is required to update personal information
or risk having his or her account suspended. The recipient is urged to click a
link in the email in order to supply this information.

However, clicking the link will open a fake website designed to resemble the
genuine Social Security website. The site instructs the victim to register for a
password and then provide information such as a Social Security Number, credit
card details and bank account data, ostensibly for identification purposes.
Information entered on the fake website can then be harvested by scammers and
used for credit card and bank fraud and to commit identity theft.

The Social Security Administration or other government departments do not
request personal information via unsolicited emails. In the past, a similar scam
message, claiming to be from the US Internal Revenue Service (IRS), informed
recipients that they were eligible for a tax refund and directed them to follow
a link to fill out a refund form. However, the “refund form” was in fact a bogus
website designed to steal identity and financial information.

Phishing fraud takes many forms and people all over the world continue to
fall victim to such scams. If you receive any unsolicited email from a
government department, bank or other institution that asks you to click a link
and submit personal information, then you should view the message with the
utmost suspicion.

 

 

IRS Refund Scam Email

 

 

December 2005
A scam email, purportedly from the US Internal Revenue Service (IRS), is
currently targeting Internet users. The message informs recipients that they are
eligible for a tax refund and directs them to follow a link to fill out a refund
form. The email claims to be from “tax_refunds@irs.gov”. However, the message is
a phishing scam and does not originate from the IRS.

If recipients access the link provided in the scam, they are asked to enter
sensitive personal information into a bogus web form. The scammers can collect
any information entered.

The IRS has

issued a warning to consumers about these phishing scam emails. Part of the
warning is reproduced below:

The Internal Revenue Service today issued a consumer alert about an
Internet scam in which consumers receive an e-mail informing them of a tax
refund. The e-mail, which claims to be from the IRS, directs the consumer to
a link that requests personal information, such as Social Security number
and credit card information.

This scheme is an attempt to trick the e-mail recipients into
disclosing their personal and financial data. The practice is called
“phishing” for information.

The IRS does not send unsolicited emails to consumers. If you
receive one of these emails, do not follow any links provided or supply any
information. Do not reply to the email.

In fact, be wary of any email that asks you to provide sensitive personal
information such as banking or credit card details. Legitimate government
agencies or private companies are highly unlikely to request sensitive
information from customers via unsolicited email. To find out more about
phishing scams, click the link below:

 

Lloyds TSB Phisher Scam

 

 

Summary:
Emails ask customers of Lloyds TSP Bank to click a link and provide information
on a website.

 

Status:
False

Example:(Submitted, February 2005 )

Subject: [Alert] Your Lloyds TSB account

Official notice

Dear Lloyds TSB customer,

Please note that Lloyds TSB Online Access for your account is about to
expire.

In order for it to remain active, please sign in to it as soon as possible.

Use the link below to proceed and access your account.

Press here to access Lloyds TSB Online

With Lloyds TSB Online access you can complete most of your banking
requirements online. All you need is to sign on to Internet Banking.

Apart from making it easier to manage your money wherever you are, 24 hours a
day, 7 days a week, Internet banking can also give you the chance to win a
holiday. Just imagine where you could go with £5,000 to spend on travel. Log on
to Internet banking between 1 October 2004 and 31 March 2005, and every time you
log on, we’ll enter you in our free prize draw for a holiday worth up to £5,000.
See our site for more details.

Lloyds TSB Bank plc
Products and Services Copyright © 2005 Lloyds TSB Bank plc and Lloyds TSB
Scotland plc

 

 

Commentary:
A series of scam emails have been directed at Lloyds TSP Bank. The messages ask
recipients to click a link in order to logon to their Lloyds TSP account and
supply information such as passwords and user ID’s. However, the links lead to a
fake website designed to resemble a real Lloyds TSP web page. The scammers will
harvest any information entered into forms on these fake websites. The emails
use a variety of excuses in order to trick Lloyds TSP customers into providing
personal information. Some claim that a customer needs to verify their
information for security purposes. Others maintain that an account needs to be
updated due to a technical upgrade. Still others claim that an account is about
to expire and clients need to supply information in order to keep the account
active. There are likely to be many other versions of the scam emails
distributed.

An example of one of these scam emails is included above.

Lloyds TSP will never send emails to customers asking them to click a link to
open a web page and provide sensitive personal information.

Lloyds TSP has

information about these scam emails on its website.

Write-up by

Brett M.Christensen

eBay Phisher Scam

 

 

Summary:
Email, supposedly from online auction site, eBay, asks recipients to log onto a
bogus website and supply information.

 

Status:
False

Examples:(Received via email, February 2005)

Dear eBay Community Member,

It has come to our attention that your eBay Billing Information records are
out of date. That requires you to update the Billing Information If you could
please take 5-10 minutes out of your online experience and update your billing
records, you will not run into any future problems with eBay’s online service.
However, failure to update your records will result in soon account termination.
Once you have updated your account records, your eBay session will not be
interrupted and will continue as normal. Failure to update will result in
cancellation of service, Terms of Service (TOS) violations or future billing
problems.

To update and login to your eBay account, click on the link below:

[LINK REMOVED]

Thank you for using eBay!

**This is no-reply message. Please do not reply to this email, as you will
receive no response**

Dear Valued Customer:

We regret to inform you that your eBay account could be suspended if you
don’t re-update your account information. To resolve this problems please click
here and re-enter your account information. If your problems could not be
resolved your account will be suspended for a period of 24 hours, after this
period your account will be terminated.

For the User Agreement, Section 9, we may immediately issue a warning,
temporarily suspend, indefinitely suspend or terminate your membership and
refuse to provide our services to you if we believe that your actions may cause
financial loss or legal liability for you, our users or us. We may also take
these actions if we are unable to verify or authenticate any information you
provide to us.

Due to the suspension of this account, please be advised you are prohibited
from using eBay in any way. This includes the registering of a new account.
Please note that this suspension does not relieve you of your agreed-upon
obligation to pay any fees you may owe to eBay.

Regards, Safeharbor Department eBay, Inc

The eBay team.
This is an automatic message. Please do not reply.

The above message arrives in HTML format as shown in the
screenshot below:

 

Commentary:
The messages above are typical examples of an almost continual barrage of
phisher scams that target online auction site, eBay.

The links in the scam emails leads to a fake website that closely resembles
the real eBay login screen. Those who do “login” to the fake site are presented
with a form that asks for sensitive personal information including address data
and ATM card details. The screenshots below display parts of one of these
fraudulent forms. Unlike a real eBay form, the page is not a secure site. The
Internet criminals running the scam will collect any information entered into
these fake forms.

More information about these fraudulent activities is available on the eBay
website.

ANZ Account Suspension Phishing Scam

 

ANZ Account Suspension Phishing Scam

Like other financial institutions, leading Australian bank, ANZ is often
targeted by phishing scammers

A phishing scam message distributed in late May 2006 informed recipients that
their ANZ account had been suspended and urged them to click a link in the email
in order to restore their account. However, the link lead to a fake website that
was designed to closely resemble a genuine ANZ login web page. Login details and
other personal information that victims entered into forms on this fake website
could then be harvested by scammers.

The scam email was in HTML format and included a genuine looking ANZ logo.
The hyperlink in the message was disguised to look like a legitimate ANZ web
address. The message’s poor spelling and grammar were another indication that it
was not genuine.

If you receive any unsolicited emails from ANZ or other institutions that ask
you to click an included hyperlink and provide sensitive personal information,
then you should view the message with the utmost suspicion. Legitimate
institutions are unlikely to request information from customers in this way. Be
very cautious of clicking on a link in an unsolicited email in order to access
the website of a bank or other institution that may be the target of scammers.
The safest method is to manually enter the URL of the institution’s website into
your browser’s address bar.

Example (Received from scammers, May 2006):

Text of scam message:

From: “ANZ Banking” Reply-To: “ANZ Banking”

ACCOUNT SUSPENSION

In an effort to protect your ANZ Banking account security, we have suspended
your account until such time that it can be safely restored by you.

We have taken this action because your ANZ online account may have been
compromised, Sometimes this happens when members respond to tropans,worms and
other effected virus files. Although we cannot disclose our investigative
procedures that led to this conclusion, Please know that we took this action in
order to maintain the safety of your account.

To complete our activation process for your account restoring access,please
click here: [Link removed]

Thank You.

Accounts Management As outlined in our User Agreement, Australia and New
Zealand Banking Group Limited (ANZ) ® will periodically send you information
about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
ANZ Web Site Security and Privacy Statement

Smith Barney Phisher Scam

Summary:
Email asks customers of the Smith Barney financial firm to confirm their
information, ostensibly due to a “planned software upgrade”.

 

Status:
False

Example:(Received from scammers, February, 2005)

 

Commentary:
This scam email aims to trick customers of the Smith Barney financial firm into
revealing sensitive personal information. The email is designed to emulate an
official Smith Barney message and includes the Smith Barney and Citigroup logos.
Although the messages may look legitimate they do not originate from
Smith Barney.

The scam message claims that customers are required to confirm their
information due to a software upgrade. The entire scam email is a graphic, and
clicking (accidentally or deliberately) anywhere in this graphic will open the
user’s default browser to a fake web page. A form on the fraudulent web page
requests people to enter personal information, including card numbers and pin
codes. Data entered into this bogus form may be collected by the Internet
criminals running the scam.

Several different email subject lines are being used on these scam messages,
including:

• SMITH BARNEY: PLEASE CONFIRM YOUR INFORMATION
• Smith Barney: we need to update your information
• SPECIAL ANNOUNCE
• Smith Barney: Official Information.

Smith Barney does not request sensitive information from customers via email.
According to

information about these fraudulent emails on the Smith Barney website:

Smith Barney will never send you an e-mail
asking for your passwords, credit or debit card numbers, or other sensitive
information.

If you receive one of these scam emails, do not click the message or
follow any links included. Do not provide any personal information on any
web page that opens as a result of clicking on links in the email. The best
course of action with such emails is to simply delete them from your computer as
soon as possible. You may also

report scam emails to Smith Barney by phone or email.

 

MSN Phisher Scam

Summary:
Email claiming to be from the Microsoft Network (MSN) warns recipients that
their MSN services will be deactivated unless they verify their identity.

 

Status:
False Example:(Submitted, February, 2005)

Subject: Microsoft Network Warning: Your services near to be closed.

Dear MSN Customer,

During one of our regular automatical verification procedures we’ve
encountered a technical problem caused by the fact that we could not verify
the information that you provided during registration.

We urgently ask you to submit your information so that we could fully verify
your identify, otherwise an access to MSN services for your account will be
deactivated until you pass verification process.

To submit your information please use our secure online application - apply
here (LINK REMOVED).

Thank you for using our services, MSN Payment Processing Department.

Reproduction any of the above information is strictly prohibited.
Copyright (c) 2005 Microsoft Network. (R) All rights reserved.

 

Commentary:
This scam email claims that a technical problem requires recipients to
verify their identity and includes a link that supposedly leads to an
official MSN website form. However, the link actually opens a fake website
designed to closely resemble a genuine MSN web page. In fact, the fraudulent
page may open as a pop-up on top of the real MSN site. The bogus form asks
people to enter a host of highly sensitive personal information, including
credit/debit card details, user names and passwords and addresses.
Information entered into the bogus form will not be sent to the Microsoft
Network. Instead, the data can be harvested by Internet criminals who can
use it to access the victim’s accounts and /or attempt to steal his or her
identity. For detailed information about this scam, see:

http://www.antiphishing.org/phishing_archive/01-27-05_MSN/01-27-05_MSN.html

 

 

Union Planters Bank Phisher Scam

Summary:
Email requests customers of the Union Planters Bank to visit a website and
supply information.

 

Status:
False Examples:(Submitted, February, 2005)

Dear Customer 40417, In accordance with Union Planters Bank, Member FDIC’s Consumer Agreement
and to insure that your online account hasn’t been compromised, internet
access to your account was blocked. Your online access will remain
blocked until this question has been resolved. Banking Support are
remind you that on February 07, 2007 our Banking Review Team identified
some uncommon activity in your Debit Card account. Banking Support
recommend you to log in and perform the steps necessary to return your
account access as soon as possible. If your online access to stay
limited for a long period of time may effect in further limitations on
the use of your bank account and possible account closure.

Sign on to Online Account

To protect the safety of your account access, employs some of the most
advanced security online systems in the world and our anti-fraud teams
regularly scan the Bank system for fraud activity.

Thank you for your prompt attention to this matter. Review Team
apologize for any inconvenience.Please understand that this is a
security measure meant to help protect you and your Debit Card account.

Sincerely,

union Planters, Online Banking Support

Online Customer ID-53810, To protect the security of your online access, employs some of the most
leading safety online systems in the world and our anti-fraud teams
hourly screen the Online Bank system for fraud activity.

Banking Support are remind you that on February 07, 2007 our Online
Review Team identified some uncommon activity in your Debit Card
account. In accordance with Union Planters Bank, Member FDIC’s User
Agreement and to ensure that your online account has not been
compromised, internet access to checking your account was limited. Your
online access will remain limited until this issue has been resolved.
Online Support encourage you to log in and perform the steps requisite
to return your online access immediatelly. If your online access to
remain blocked for an extended period of time may effect in further
restrictions on the use of your account and possible account closure.Log
In to Online Banking

Thank you for your attention to this matter. We apologize for any
inconvenience.Please understand that this is a safety measure meant to
help protect you and your Debit Card account.

Have a nice day,

union Planters, Customer Support

Subject: Online Customer Support Message Account Customer,

Union Planters, NAis committed to supporting a secure environment for our
account customers. To protect the safety of your access, employs some of the
most progressive safety systems in the world and our anti-fraud groups
regularly scan the Online Bank system for fraud activity.

In accordance with Union Planters Financial Corp.’s Consumer Agreement and
to insure that your account hasn’t been compromised, internet access to your
account was blocked. Your online access will remain limited until this issue
has been decided. Online Service are remind you that on 07, February 2007
our Banking Review Team identified some uncommon activity in your Debit Card
account. Allowing your online access to stay limited for an extended period
of time may effect in further limitations on the use of your bank account
and possible account closure.We advise you to log in and perform the steps
necessary to restore your account access as soon as possible. Sign on to
Banking Account

Thank you for your prompt attention to this matter. Review Team apologize
for any inconvenience.Please understand that this is a security procedure
meant to help protect you and your Debit Card account.

Have a nice day,

Union Planters Bank, Account Service

 

Commentary:
The emails shown above are typical examples of the phisher scam emails that
are currently targeted the Union Planters Bank. There may be a number of
variations of these fraudulent emails being distributed. The emails ask
recipients to log in to their accounts via a link provided and supply
sensitive personal information. The links lead to fake websites designed to
closely resemble the real Union Planters website. Information, such as
account details and passwords that are submitted on these fake websites will
be sent directly to the scammers. Union Planters, or other legitimate institutions, will never contact
customers via email to ask them to supply sensitive information via a web
page. Be wary of any unsolicited email that asks you to provide
sensitive personal information such as banking details.

Union Planters has

information about these phisher scams on its website:

 

More US Bank Phishing Scams

Summary:
Emails claiming to be from US Bank ask recipients to click a link and
provide personal information on a webpage.

 

Status:
False Example:(Submitted via email, 2004) Dear U.S.
Bank valued member,

Due to concerns, for the safety and integrity of the online banking
community we have issued this warning message.

It has come to our attention that your account information needs to be
updated due to inactive members, frauds and spoof reports. If you could
please take 5-10 minutes out of your online experience and renew your
records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension.
This notification expires on May 20, 2004.

Once you have updated your account records your internet banking service
will not be interrupted and will continue as normal.

Please follow the link below and renew your account information.

U.S. Bank Internet Banking

 

Commentary:
Like a number of other major financial institutions, the US bank is once
again the target of phishing scammers. Emails supposedly from the US bank
use a variety of excuses to trick customers into visiting a bogus website.
The example above claims that customers need to update their accounts “due
to inactive members, frauds and spoof reports”. A link in the email leads to
a fraudulent website that asks for sensitive personal and banking
information. Although such websites may look like an official bank site,
they are created solely to trick people into providing personal information
directly to the scammers responsible. The scam email reproduced above is
just one example in a long line of similar emails that have targeted US
Bank. US bank has

more information and reporting procedures regarding these fraudulent
emails on their website.

 

 

Phishing Scammers Target Citibank

Summary:
Emails, supposedly from Citibank, request recipients to click on a link and
provide sensitive information on a website.

Status:
False

Examples:(Submitted, 2004)

Citibank Scam Example 1

Citibank Scam Example 2

Citibank Scam Example 3

Part of another very crude example:

To_ verificatioon of your email_ address click on the link
http://go.msn.com/HML/6/2.asp?target=ht%54P%3a%2f/tqp009g7e.com*1
560%2E%44A%2Eru%2f?GnccGz4zgCJVGWt2VhmI60ha and enter on_the |itt|e window_ _your _citibank _D e b i t full Card nummber
and PIN_ that _you use in the Atm_machine.

 

Virus Infection Warning Scam - Bogus Emails Point to Trojan

Summary:
Email warns recipients that their computers are infected with the Netsky.b worm
and advises them to download an update via a link provided

Status:
False

Example:(Collected online, 2004)

Subject: Attention! Your computer has been infected! Attention!

Your computer has been infected with a virus Netsky.b. In order to avoid
losing valuable information we suggest you to urgently download an update
from this link:

http://www.mcafee.com

Technical assistance of Antivirus Company.

Commentary:
To add a veneer of legitimacy, these scam emails use the name of a real virus,
Netsky.b, and the links provided point to legitimate anti-virus companies,
including McAfee and Panda AntiVirus.

The emails are very similar in style to those used in the Bank Withdrawal
Notification Scam and, in fact, point to the same trojan. The scammers are
obviously intent on infecting as many computers as possible with this trojan and
are therefore using at least two types of bogus email message to achieve their
aims.

Those who click on the link in the bogus email may inadvertently download a
trojan that will automatically be executed on their computer. This trojan is
configured to log keystrokes that are entered into specific websites and email
the information to the scammers. When a window that contains certain specified
title phrases is opened, the key logger begins recording any information that is
entered. This information could be passwords, account numbers, and other
personal information. The specified title phrases are associated with a number
of major financial institutions both in Australia and elsewhere in the world.

Bank Withdrawal Notification Scam - Fraudulent Emails Point
to Trojan

Summary:
Email informs customers of the ANZ, National, Commonwealth or Westpac banks that
a large sum has been withdrawn from their accounts.

Status:
False

Example:(Received via email, 2004)

Subject: Notification on transfer from your ANZ bank account We are informing you that today, the amount of $719.00 AUD has been drawn
out of your account.

Technical assistance of ANZ Bank

[LINK TO BANK REMOVED]

Commentary:
Customers of major Australian banks have reported receiving emails that claim a
substantial amount of money has been withdrawn from their accounts. In order to
make the message seem legitimate, the emails arrive in HTML format and generally
include a logo stolen from the targeted bank’s website. A link included in the
email supposedly leads recipients to the bank website to seek “technical
assistance”. The intention here is to panic gullible recipients into clicking on
the link provided in order to gain details regarding the apparent withdrawal.
ANZ, National, Commonwealth and Westpac have all been targeted.

At face value, this sounds like a typical phisher scam. However, those who click
on the link in the bogus email may inadvertently download a trojan that will
automatically be executed on their computer. This trojan is configured to log
keystrokes that are entered into specific websites and email the information to
the scammers. When a window that contains certain specified title phrases is
opened, the key logger begins recording any information that is entered. This
information could be passwords, account numbers, and other personal information.
The specified title phrases are associated with a number of major financial
institutions both in Australia and elsewhere in the world. Thus, even recipients
of the scam emails who are not customers of the targeted bank can have sensitive
information stolen if the trojan infected their system.

The scammers have manipulated the link in the bogus email so that it resembles a
normal text link. However, those who click on the link are first taken to a
webpage where the Trojan is downloaded before being redirected to the real bank
website. This happens quite quickly and users may not even be aware that a
download and redirection has taken place.

The example above is directed at ANZ customers, but virtually identical emails
target National, Commonwealth and Westpac banks. The amount specified varies.

ABA Phisher Scam

Summary:
Fraudulent email, claiming to be from the American Bankers Association, attempts
to trick recipients into revealing sensitive personal information.

Status:
False

Example:(Collected online, 2004)

From: American Bankers Association [service@aba.com]
Sent: Friday, March 19, 2004
Subject: Please Read! Imporant Information About Your Credit Card And Its
Issuing Bank! Dear Sir/Madam,

You have been identified as a customer of one of ABA’s ( American Bankers
Association ) member banks. The American Bankers Association would like to
inform You about the adoption of a decision of a new Security Policy. The
new policy entered into force on 1st March 2004. Due to the extensive number
of credit card frauds, ABA has decided to take preventice countermeasures in
order to ensure the highest level of security and safety for the customers
of its member banks….

Sincerely,

ABA Customer Service Staff

Commentary:
The American Bankers Association has joined a long list of financial entities
around the world that have been targeted by phisher scammers. The ABA has placed
a

warning about this scam on their website. Internet users have reported
receiving an email purporting to be from the ABA that tries to trick recipients
into providing personal and financial information. The fraudulent email contains
an embedded “Credit Card Verification Form” that requests users to enter
information directly. It is highly unlikely that the ABA, or any other
legitimate financial institution, would send messages that requests sensitive
personal information via email.

If you have received a suspect email that claims to be from the ABA, you can
forward the message to alert@aba.com.

Read the alert from the ABA.

A sample of one of the scam emails, minus the “Credit Card Verification Form”,
is reproduced above.

E-Gold Phisher Scam

Summary:
Email claiming to be from electronic currency service, E-Gold, attempts to trick
recipients into providing personal information on a bogus website.

Status:
False

Example:Collected online, 2004

Dear e-gold user As you may have heard, to celebrate e-golds dominance of the e-currency
market,between now and the 31st of February, the worlds leading market
makers have joined forces togive you the chance to win $500 worth of e-gold
every day! That’s right, every single dayuntil the 31st of February, one
e-gold user is GUARANTEED to win $500 in e-gold!

Simply login to your account and the 500th user to login each day
automatically wins!

What’s more, every 100th user logging in from the link above will be entered
into our “Grand Gold Super Draw”, which will take place on 1 March 2004.

Prizes for the Grand Gold Super Draw are as follows:

1st Prize - $500
2nd Prize - $250
3rd Prize - $100
Terms and conditions of this promotion:
Only one competition entry per user may be made from the above link per 24
hours. Multiple logins within 24 hours from the above link will be declared
void. All winners will be notified via their registered email address within
48 hours of logging in. Deposits will be made into winners accounts within 5
days of email notification. For the purposes of this promotion, each day
will begin at 0.00 GMT.

A list of all winners will be made available upon request from 3 March 2004.

Commentary:
Electronic currency service, E-Gold, has been the target of several phisher
scams in the past. The Dumaru-Y worm also tries to collect e-gold passwords from
infected computers.

One such scam email, sent in HTML format to more easily disguise hyperlinks,
tries to trick unwary e-gold customers into providing account details on a bogus
website. The email falsely claims that e-gold is running a competition and that
the “500th user to login each day automatically wins”.

There is no competition, nor would E-Gold ask customers to log on to their
accounts via a link in an email.

The E-Gold website has an

information page about these fake emails. The page states in part:

PLEASE BE ADVISED E-GOLD WILL NEVER SEND YOU AN HTML EMAIL WITH A HYPERTEXT
LINK ASKING YOU TO CLICK ON THE LINK TO ACCESS YOUR ACCOUNT!

 

FDIC Phisher Scam

Summary:
Fraudulent email claiming to be from the FDIC attempts to trick recipients into
visiting a bogus website to “verify” their identity.

Status:
False

Example:(Submitted via email, 2004)

To whom it may concern;
In cooperation with the Department Of Homeland Security, Federal, State and
Local Governments your account has been denied insurance from the Federal
Deposit Insurance Corporation due to suspected violations of the Patriot
Act. While we have only a limited amount of evidence gathered on your
account at this time it is enough to suspect that currency violations may
have occurred in your account and due to this activity we have withdrawn
Federal Deposit Insurance on your account until we verify that your account
has not been used in a violation of the Patriot Act. As a result Department Of Homeland Security Director Tom Ridge has advised
the Federal Deposit Insurance Corporation to suspend all deposit insurance
on your account until such time as we can verify your identity and your
account information.

Please verify through our IDVerify below. This information will be checked
against a federal government database for identity verification. This only
takes up to a minute and when we have verified your identity you will be
notified of said verification and all suspensions of insurance on your
account will be lifted.

[LINK REMOVED]

Failure to use IDVerify below will cause all insurance for your account to
be terminated and all records of your account history will be sent to the
Federal Bureau of Investigation in Washington D.C. for analysis and
verification. Failure to provide proper identity may also result in a visit
from Local, State or Federal Government or Homeland Security Officials.

Thank you for your time and consideration in this matter.
Donald E. Powell
Chairman Emeritus FDIC
John D. Hawke, Jr.
Comptroller of the Currency
Michael E. Bartell
Chief Information Officer

Commentary:
Unlike phisher scams that target specific banks or financial institutions, this
one endeavours to target as wide an audience as possible by pretending to be
from the Federal Deposit Insurance Corporation (FDIC). The FDIC is a US
government agency that insures bank accounts, so most people who have a bank
account would be indirect clients of the agency via their bank.

This phisher scam attempts to trick recipients into visiting a bogus website to
“verify” their identity. If people follow the link in the fraudulent email, they
are taken to a site designed to look like the official FDIC site.

The email tries to scare people into supplying personal information on the bogus
site by telling them that they are under investigation by the FBI and the
Department of Homeland Security “due to suspected violations of the Patriot
Act.” This frightening claim may be enough to entice naïve individuals into
supplying information at the fraudulent website in order to clear their name and
stop any further investigation.

A

press release from the FBI and FDIC states in part:

This email was not sent by the FDIC and is a fraudulent attempt to obtain
personal information from consumers. Financial institutions and consumers should
NOT access the link provided within the body of the email and should NOT under
any circumstances provide any personal information through this media.

U.S. Bank Phisher Scam

Summary:
Bogus email that claims to be from the U.S. Bank asks
recipients to provide sensitive information via a fraudulent website.

Status:
False

Example:

Subject: Your account at U.S. Bank has been suspended. Dear U.S. Bank account holder,

We regret to inform you, that we had to block your U.S. Bank account because
we have been notified that your account may have been compromised by outside
parties.

Our terms and conditions you agreed to state that your account must always
be under your control or those you designate at all times. We have noticed
some activity related to your account that indicates that other parties may
have access and or control of your information in your account.

These parties have in the past been involved with money laundering, illegal
drugs, terrorism and various Federal Title 18 violations. In order that you
may access your account we must verify your identity by clicking on the link
below.

Please be aware that until we can verify your identity no further access to
your account will be allowed and we will have no other liability for your
account or any transactions that may have occurred as a result of your
failure to reactivate your account as instructed below.

Thank you for your time and consideration in this matter.

[LINK REMOVED]

Before you reactivate your account, all payments have been frozen, and you
will not be able to use your account in any way until we have verified your
identity.

Commentary:
This is a comparatively unsophisticated phisher scam that
tries to scare gullible U.S. Bank customers into providing personal information
via a bogus website. One of the fraudulent emails (reproduced above) “informs”
the potential victim that his or her account may have been compromised and that
the account will be frozen until account details are provided. Like other
phisher scams, the intent of the email is to trick people
into providing identity and banking information directly to the criminals
responsible for the scam. The emails are randomly sent to thousands of email
addresses. The scammers rely on the statistical probability that some of the
recipients will be U.S. Bank customers and that at least a few of them will be
naive enough to take the bait.

According to

information on the bank website, “U.S. Bank will never
initiate a request for sensitive information from you via email”. In fact, it
would be highly unlikely for any legitimate financial institution to request
sensitive information via email, and such a request should always be viewed as
suspect until proven otherwise.

Although the bogus website has now been shut down, it is probable that the
scammers responsible are already preparing for their next sting.

References:

www.startribune.com/stories

www.kare11.com/news/

More Citibank Phisher Scams

Summary:
Emails, supposedly from Citibank, request recipients to click on a link and
provide sensitive information on a website.

Status:
False

Example (Submitted, 2004):

Commentary:
This scam email is designed to emulate an official Citibank document. The
original arrives complete with an authentic looking Citibank logo. It tries to
lure customers to a bogus website by informing them that their accounts may have
been tampered with. Recipients who fall for the ruse and use the link in the
email may end up providing personal banking details direct to the scammers. The
link leads to a bogus website designed to resemble the real Citibank site.

Another amateurish and badly misspelled version (reproduced below) asks the
recipient to verify her or his email address.

Like other major financial institutions, Citibank has been the target of phisher
scammers a number of times before.

Example:

Dear Citbiank Cleints, This letter was ssent by the CitibankOnline server to veerify your e-mail
adress. You must clpoemte this pocrses by clicking on the link below and
enttering in the little window your Citibank ATM/Debit card nummber and card
pin that you use on local Atm machine. That is donne for your ptorcetion -B-
because some of our membres no lneogr have access to their email adesrseds
and we must verify it.

“To veerify your e-mail adress and access your CitibankOnline account, clik
on the link below. If ntohing hapnpes when you klick on the link -M copie
and passte the link into the adderss bar of your web browesr.

[Link Removed]

References:

http://www.citibank.com/us/index.htm

http://www.infoworld.com/article/04/01/12/HNscam_1.html

Paypal Phisher Scam

Summary:
Bogus email claiming to be from PayPal asks recipient to log on to a fake
website and provide personal information.

Status:
False

Example:(Received, May 2005)

Dear PayPal client, While performing it’s regular scheduled monthly billing address check our
system found incompatible information which seams to be no longer the same
with your current credit card information that we have on file. If you
changed your billing information or if you moved from you previous address
please follow up the link bellow and update your billing information: If you
didn’t change any of this information you still need to follow up the
previous link and update your existing billing information because it means
that our database regular scheduled update wasn’t made correctly. Choosing
to ignore this message will result in to a temporary suspension of your
account within 24 hours, until you will choose to solve this unpleasant
situation.
We apologies for any inconvinience this may caused you and we strongly
advise you to update your information you have on file with us. Clicking
[BOGUS LINK REMOVED] you will avoid any possible futuring billing problems
with your account.

Best regards,
- PayPal Team.

Scam email in original HTML format:

Bogus Form:

Commentary:
This email is NOT from online payment service, PayPal. The email looks very
convincing and includes seemingly official logos and text designed to fool
recipients into believing that it is a legitimate message from PayPal.

The message claims that PayPal customers are required to log into their account
and update billing information or risk having their account suspended.
Recipients are urged to click a link in the fraudulent email. This link leads to
a bogus website that is cleverly disguised to resemble a real PayPal Login page.
Victims who login to this fake web page are asked to provide sensitive personal
information including credit card details and addresses.

Information entered into the form can be collected by the criminals running this
scam and used in fraudulent transactions or to steal the victim’s identity.

PayPal would never send an email asking customers to provide sensitive
information such as credit card details. The company has

more information about these phisher scam emails on its website.

Citibank Phisher Scam

Summary:
Bogus email claiming to be from Citibank asks recipients to provide banking
details

Status:
False

Example:(Submitted, 2003)

Dear Citibank Member, This email was sent by the Citibank server to verify your e-mail address.
You must complete this process by clicking on the link below and entering in
the small window your Citibank ATM/Debit Card number and PIN that you use on
ATM. This is done for your protection - becaurse some of our members no
longer have access to their email addresses and we must verify it.

To verify your e-mail address and access your bank account, click on the
link below. If nothing happens when you click on the link (or if you use
AOL), copy and paste the link into the address bar of your web browser.

[LINK REMOVED]

———————————————
Thank you for using Citibank!
———————————————

Commentary:
This scam email pretends to be from the large financial institution, Citibank.
Like other phisher scams, the email tries to trick recipients into visiting a
website and entering personal details. The website is disguised to look like a
part of the real Citbank website.

Several versions of the Citibank email scam exist.

The one above claims that Citibank customers need to verify their email address
by supplying bank card numbers and pins. Of course, these emails DO NOT
originate from Citibank and any information supplied by hapless victims goes
directly to the scammers.

Citibank has

information on its website about this and earlier scams.

Another version of the scam is reproduced below:

Your Checking Account at Citibank We are letting you know, that you, as a Citibank checking account holder,
must become acquainted with our new Terms and Conditions and agree to it.
Please, carefully read all the parts of our new Terms and Conditions and
post your consent. Otherwise, we will have to suspend your Citibank checking
account.

This measure is to prevent misunderstanding between us and our valued
customers.

We are sorry for any inconvinience it may cause.

Click here [LINK REMOVED] to access our Terms and Conditions page and not
allow your Citibank checking account suspension.

 

 

"This Is The Opportunity To Discover How You - Or Anyone - Can Earn A Comfortable Living From Adsense... In A Paint-By-The-Numbers Fashion!"

Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.