Email Phishing frauds for Bank Of Montreal are in high gear, with most arriving as:
Subject: Important Notice From Online Banking
From: BMO Bank of Montreal <helpdesk@bmo.com>
Though the sending address is of course spoofed, with these actually coming from bogus and hijacked mail servers such as:
‘from beta.dnshree.com ([208.87.243.22])
<nobody@beta.dnshree.com>
Here’s a full copy of of the email fraud:
More Paypal fraud on the way. This time spoofing a domain that only sounds like Paypal:
Subject: account limited ! update your account information
From: Paypal Service Inc <Service@nopaypal.com>
Of course many recipients are not going to notice the minor variation and will simply ignore that this mail claims to come from “nopaypal.com” rather than “paypal.com” while it actually comes via spam friendly servers like:
caracalla.lunariffic.com ([216.227.214.143])
The actual emails look like this:
The newest JP Morgan Chase email Phishing fraud is now being sent as:
Subject: New Message from Online Banking
From: “Chase Card Services”<SMChaseNotification@emailonline.chase.com>
The spoofed email itself looks convincing enough:
We’re seeing a strong increase in Phishing Fraud emails targeting Craigslist.org accounts.
The emails generally arrive such as:
Subject: flagged & removed : 1977204121
From: “no-reply@craigslist.net” <no-reply@craigsliist.net>The ID/Case number in the subject line will vary in an attempt to evade spam filtering.
The sending address is spoofed as the emails are not actually sent from Craigslist.org servers.
An example email:
Stealing Craigslist usernames and passwords is becoming increasingly popular amount Internet spammers and hackers.
The latest campaign warns of account suspension in order to get the recipient’s attention:
Subject: craigslist.org: Account Temporarily suspended
From: ”craigslist.org” <noreply@craigslist.org>
Though the message actually comes from hijacked Yahoo email accounts (from nm11-vm0.bullet.mail.ac4.yahoo.com) the email itself is a pretty good approximation of a legitimate Craigslist notification:
Click for Larger Image
One of the tactics that works very well for spammers is tricking (Phishing) users into sharing their email account login and passwords and then using the hijacked account to send spam.
The advantages of using a hijacked account include:
The only downside is since many users will eventually take back their accounts (or admins will disable them) the spammer needs a constant source of new email accounts.
The latest version in the never-ending stream of Paypal Phishing frauds is arriving in in-boxes, identifying itself as:
Subject: Your account Paypal has been limited !!
From: Paypal services <paypal@security.com>
The sending address is of course spoofed, actually sent from servers like:
‘from host.seconde-dns4.com ([94.23.203.198])
The email typically contains a warning such as this:
Another variation of bogus lawsuit spam is making the rounds in high volume, claiming to be from:
Subject: Commercial Litigation Subpoena
From: Brian Willmer – Wilmer Hale Law <admin@wilmerhale.com>
These emails actually originate from a server in Australia:
from scare.modeldns.com.au ([207.58.162.241]
Paypal users must be easy prey, statistically speaking. Year in and year out, the identity theft Phishing fraud emails just keep targeting them. Once thing is sure, spammers only keep doing what works.
The latest version:
Subject: Notification of Limited Account Access RXI091
From: PayPal <security@onlineupdate.com>
The latest twist on American Express Phishing fraud emails is making the rounds with a subject/sender typically seen as:
Subject: Notification on recent suspicious activity
From: American Express <security@online.americanexpress.com>
The sending address is spoofed, and the spammer goes one step further, injecting a false “received header” entry to try and convince spam software and/or unsophisticated users into believing the email really did come from an AMEX server.
