Phishing - don't be scammed

[wdwmagic]

I've received lots of emails recently aiming to extract online security information relating to banking and other online transactions. The link below is a good resource explaining what Phishing is all about, and how to keepy your online banking and transactions safe.
http://www.banksafeonline.org.uk/what_phishing.html
http://www.codephish.info/

 

[ogryn]

A lot of this can be put down to common sense as well.

You bank will never ask for any personal details over E-Mail. Will never ask for passwords over E-Mail, and will certainly never ask for credit card details. Why would they need to...?

 

[tigsmom]

Thanks for the head up Steve, we went thru this about 6 months ago and I just received two a few minutes ago.

 

[WDWScottieBoy]

I keep getting emails from "ebay" claiming they think someone has messed with my account and need me to resubmit all of my information to verify that I am the one who is buying things. They ask for my username and password and then all of my personal information (home address, email, credit card number, etc) which ebay doesn't have to start with. They know my email and home address but they don't have any of my credit card information. Paypal has all of my information. I received several of those emails and almost did it once, but decided not to because I knew it wasn't real. For all you other "ebayers" out there, don't let this one get to you either. I don't see any reasoning behind it.

 

[tigsmom]

I keep getting emails from "ebay" claiming they think someone has messed with my account and need me to resubmit all of my information to verify that I am the one who is buying things. They ask for my username and password and then all of my personal information (home address, email, credit card number, etc) which ebay doesn't have to start with. They know my email and home address but they don't have any of my credit card information. Paypal has all of my information. I received several of those emails and almost did it once, but decided not to because I knew it wasn't real. For all you other "ebayers" out there, don't let this one get to you either. I don't see any reasoning behind it.

I got those a few months ago. You really have to be careful these days, so many of us are so busy we don't even stop to think twice about it.

 

[Tramp]

I've gotten them from Ebay and Paypal and they really do look authentic. I forward them immediately to their fraud departments for action. I got one yesterday from a bank....I think it was Sun Bank...and thought I should know that someone had been tampering with my account and that I should immediately verify my account information. A link was provided so I can conveniently fill out all the correct information. I have no accounts at Sun Bank. (I may be wrong about the bank..it was Sun something)


By the way, I recently had my account tampered with at Paypal but they were right on top of it and it was an internal job.

 

[Number_6]

I've gotten them from Ebay and Paypal and they really do look authentic. I forward them immediately to their fraud departments for action. I got one yesterday from a bank....I think it was Sun Bank...and thought I should know that someone had been tampering with my account and that I should immediately verify my account information. A link was provided so I can conveniently fill out all the correct information. I have no accounts at Sun Bank. (I may be wrong about the bank..it was Sun something)

That's funny, because I got one for a CitiBank account. To an e-mail address I had set up awhile back to receive stuff that I didn't want going to my personal business address. Mostly just stupid stuff, newsletters and the like. Nothing that would be an important bank correspondence. I thought that was pretty funny.

 

[wannab@dis]

Yep, I got one that looked like it was from SunTrust a couple days ago. It was very well done and the site that you click to could easily be mistaken for the real thing. I was really surprised to see the site still there since the email was a couple of days old when I looked at it.

You should forward any emails like that to the abuse account for both your ISP and the bank / company they were trying to scam. (abuse@suntrust.com or abuse@ebay.com)

That way they can get the sites taken offline as soon as possible so some other trusting person doesn't get taken.

 

[Debbie]

This should also serve as a reminder to run your credit once a year. And run all three: Equifax, Experion, and TransUnion. I hadn't run my credit since the '90's, and to my dismay there was a $4500.00 charge that was opened in 2000. It wasn't reported until this year. I figured out what happened; it was someone who has the same last name as mine and same last four digits of my SS#.
What made me mad was the Exxon has no intention of finding the correct Debbie. They even hung up on me when I requested signatures and the signed original application.
Also another thing I learned: Don't assume that because you've paid something off; that the creditor reported it. My 1993 Saturn, was still showing unpaid. Doesn't anyone think it would have been repossessed by now?

 

[tigsmom]

Its not easy to get those reports fixed either. According to Equifax I own 2 homes here in town, a condo in Florida, a boat and 4 cars & a pickup. I also have 15 credit cards. *sigh*

We have been trying to get them fixed for years. They have my husband & his dad (same first name- different middle initial) linked. My FIL is listed on ours as my hubby's AKA...even though there is almost a 30 year age difference (birth dates listed) as well as 2 different SS numbers.

As long as we both pay our bills we'll be OK.

 

[wannab@dis]

omg, I would be going ballistic!

sure, you pay your bills, but what if you decided you DID want a condo in FL? You may not be able to get a loan!?!!

My brother just went through a huge pain to remove a $5 or $6 charge from his report since it was dropping his score. Some video rental store showed them with a late charge! The store has since closed, but it's still on his report as a defaulted bill or similar.

 

[tigsmom]

Actually its not that bad, got approved for a new car in 10 minutes and had it 3 hours later.

 

[Tramp]

"This Just In"

Here's the same scam I got yesterday! Just came into my email.

We recently reviewed your account, and suspect that your Suntrust Internet Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the Suntrust network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.

To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Login to your Suntrust Internet Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password and fill in all the required information, including your name and your account number.

2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to Suntrust Bank staff immediately.

To get started, please click the link below:

http://internetbanking.suntrust.com/default.asp

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire Suntrust system. Thank you for your prompt attention to this matter.



Sincerely,

The Suntrust Bank Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Suntrust account and choose the "Help" link in the header of any page.

 

[tigsmom]

Very official looking...some people wouldn't think twice about it.

 

[Tramp]

If you get this scam...forward it to spoof@millersmiles.co.uk

Here's a website about this:

http://www.millersmiles.co.uk/identitytheft/071004-Suntrust-Fraud-Verification-Process.php

Actually, it you 'google' Suntrust Fraud, there are a bunch of sites reporting on this.

 

[ogryn]

On a related note, I just got this E-Mail

Web Bug from pp.files/pixel.gif

Dear valued PayPal® member:

It has come to our attention that your PayPal® account information needs to be
updated as part of our continuing commitment to protect your account and to
reduce the instance of fraud on our website. If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.
& nbsp; &n bsp;

However, failure to update your records will result in account suspension.
Please update your records on or before October 30, 2004.

Once you have updated your account records, your PayPal® session will not be
interrupted and will continue as normal.

To update your PayPal® records click on the following link:
http://www.paypal.com/cgi-bin/webscr?cmd=_login-run



Thank You.
PayPal® UPDATE TEAM ;

Accounts Management As outlined in our User Agreement, PayPal® will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside

The thing is the top link, was linked to an IP address, not PayPal.com, so I did a WHOIS on that Address. First at http://www.networksolutions.com/en_US/whois/index.jhtml , which then led me to http://www.apnic.net/apnic-bin/whois.pl , which returned the result:

inetnum: 61.31.0.0 - 61.31.255.255
netname: TFN-NET
descr: Taiwan Fixed Network CO.,LTD.
descr: 7FI., No. 498, Ruei-Guang Rd., Nei-Hu
descr: Taipei Taiwan 114.
country: TW
admin-c: TT164-AP
tech-c: ____376-AP
mnt-by: MAINT-TW-TWNIC
changed: hostmaster@twnic.net.tw 20020425
status: ALLOCATED PORTABLE
source: APNIC

person: Ting Tseng
nic-hdl: TT164-AP
e-mail: ting_tseng@howin.com.tw
address: TFN
address: 3Fl., No. 498, Ruei-Guang Rd., Nei-Hu
address: Taipei Taiwan 114
phone: +886 2 6606 3738
fax-no: +886 2 6600 3709
country: TW
changed: hostmaster@twnic.net.tw 20030731
mnt-by: MAINT-TW-TWNIC
source: APNIC

person: Steve Huang
address: Taiwan Fixed Network CO.,LTD.
address: 7FI., No. 498, Ruei-Guang Rd., Nei-Hu
address: Taipei Taiwan 114
country: TW
phone: +886-2-6606-3870
fax-no: +886-2-6600-1077
e-mail: steve_huang@howin.com.tw
nic-hdl: ____376-AP
mnt-by: MAINT-TW-TWNIC
changed: hostmaster@twnic.net 20020425
source: APNIC

inetnum: 61.31.59.128 - 61.31.59.191
netname: SMILE-TW
descr: Taiwan Fixed Network CO.,LTD.
descr: 7FI., No. 498, Ruei-Guang Rd., Nei-Hu
descr: Taipei Taiwan
country: TW
admin-c: CWT20-TW
tech-c: CWT20-TW
mnt-by: MAINT-TW-TWNIC
remarks: This information has been partially mirrored by APNIC from
remarks: TWNIC. To obtain more specific information, please use the
remarks: TWNIC whois server at whois.twnic.net.
changed: steve_huang@howin.com.tw 20031202
status: ASSIGNED NON-PORTABLE
source: TWNIC

person: chih wen tsao
address: fl 7.,no.498,ruikuan rd.,neihu chiu,
address: taipei Taiwan
country: TW
phone: +886-2-6606-9898
e-mail: hawk_tsao@howin.com.tw
nic-hdl: CWT20-TW
remarks: This information has been partially mirrored by APNIC from
remarks: TWNIC. To obtain more specific information, please use the
remarks: TWNIC whois server at whois.twnic.net.
changed: hostmaster@twnic.net 20020429
source: TWNIC

Doesn't look like PayPal to me The website they had looked extememly authentic though, the biggest giveaway being it wasn't secure and didn't have a security certificate. The official PayPal site does:

 

[WDWScottieBoy]

Ogryn, that's the same email I've received twice (maybe more) from "PayPal." How can I find the IP address of who sent it to me and then how can I trace it like you did to find out more information? I'm glad I didn't follow through with the email and get scammed.

 

[ogryn]

Hi Scott, look at the attached picture. When I hover over the link, the status bar shows the true address of the link, not the one written. From there I took the address, and typed it into the first WHOIS look-up (networksolutions.com) and that gave me the following result:

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 61.0.0.0 - 61.255.255.255
CIDR: 61.0.0.0/8
NetName: APNIC3
NetHandle: NET-61-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: TINNIE.ARIN.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1997-04-25
Updated: 2004-03-30

So it couldn't tell me everything, but it gave me a hint as to where to look next (I've bolded it). So I went to http://whois.apnic.net, and typed in the IP address again, and that returned the results I posted.

 

[Tramp]

Here's another I received yesterday

Dear First Federal Bank customer,

We recently reviewed your account, and suspect that your First Federal Banking account may have been accessed by an unauthorized third party. Protecting the security of your account and of the FirstFed network is our primary concern. Therefore, as a preventative measure, we have temporarily limited access to sensitive account features.

To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Login to your First Federal Banking account. In case you are not enrolled for Internet Banking, you will have to use your Social Security Number as both your Personal ID and Password and fill in all the required information, including your name and your account number.

2. Review your recent account history for any unauthorized withdrawals or deposits, and check your account profile to make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to FirstFed staff immediately.

To get started, please click the link below:

http://secure2.firstfed.com

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of the entire FirstFed system. Thank you for your prompt attention to this matter.



Sincerely,

The FirstFed Team

Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your FirstFeld account and choose the "Help" link in the header of any page.

 

[Tramp]

The last few days, my email in-box has been inundated with notices that my email had not been delivered, even though no email had ever been sent. The notices have files attached to them which I will never open but I'm sure it's some sort of o advertisement or, perhaps, even a virus.

Has this happened to anyone else?

Here's a sample of the notice I receive:

Hi. This is Rockmail at mail7.____163.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<tfrisby@public4.sta.net.cn>:
Sorry, no mailbox here by that name. (#5.1.1)

--- Enclosed is a copy of the message.