Email Fraud

Critical security patch released! – Spammed Virus

Monday, May 16th, 2011

A new version of an old virus fraud is circulating with a spoofed Microsoft address:

Subject:     Critical security patch released!
From:     Microsoft Corp. <windowsupdate@microsoft.com>

What’s clever and also amusing about this is it pretends to address a recent Microsoft update that addresses a different kind of spoofing:

more »

Message from eBay Member Regarding Item # – Spam/Fraud

Monday, May 9th, 2011

We see so much spam, it actually gets rather boring after awhile. That’s why we sincerely appreciate spam that’s unusual or especially clever.

This spoofed Ebay Phishing Fraud email certainly fits the bill of interesting and very effective spam:

Subject:     Message from eBay Member Regarding Item #
From:     eBay <aw-notice@eby.com>

In the actual spam email, the item number is usually from an actual Ebay auction and the question certainly sounds plausible. We’ve seen many variations, but here’s a common example:

Hi , i`m from London and i want to ask you the buy it now price with delivery included ? Do you accept paypal ? Thanks!

more »

Your account has been locked – TCF Spam

Friday, April 29th, 2011

A highly targeted spam Phishing fraud campaign is actively going after TCF (a regional bank) customers.

The email arrives:

Subject:     Your account has been locked.
From:     TFC Bank <service@tcfbank.com>

But does not come form any legitimate TCF server, instead, traveling through sites such as:

from ds2017.centos-server.net ([207.45.176.146])

The message itself warns:

more »

You have received a refund – Chase Phishing Fraud

Wednesday, April 27th, 2011

The typical bank Phishing fraud spam email warns you about your account security, claiming there have been unauthorized transactions or invalid login attempts from overseas.

In a creative twist, the latest spam Phishing campaign targeted toward J.P. Morgan Chase customers uses more of a carrot than a stick; announcing that you’ve received a billing refund.

Subject:     You have received a refund of $70.95
From:     J.P. Morgan Chase <online.service@chase.int.com>

more »

Account has stopped running this morning – Google AdWords Fraud

Wednesday, April 20th, 2011

Spammers are again looking to hijack Google AdWords accounts by mass mailing campaigns targeting legitimate AdWords account holders.

Messages arrive as:

Subject:    Account has stopped running this morning.
From:    “Google AdWords”<adwords-noreply@google.com>

While the emails typically spoof the adwords-noreply@google.com address, they are sent from stolen and fraudulently registered email accounts.

The message itself looks like:

more »

Your package has arrived – Canada Post Virus

Wednesday, April 13th, 2011

After seeing countless bogus email campaigns claiming to be from UPS, DHL, Fed Ex and the United States Postal Service all used for spreading viruses, it was inevitable that we would also start seeing similar messages claiming to come from Canada Post arriving as:

Subject:     Your package has arrived!
From:     “Canada Post”<tracking@canadapost.ca>

While the From address says it’s from Canadapost.ca the latest batch actually came from Germany, via:

web08.konfigserver.de ([83.141.3.208])

Here’s the complete email:

more »

Important Notice From Online Banking – Bank Of Montreal Fraud

Monday, April 11th, 2011

Email Phishing frauds for Bank Of Montreal are in high gear, with most arriving as:

Subject:     Important Notice From Online Banking
From:     BMO Bank of Montreal <helpdesk@bmo.com>

Though the sending address is of course spoofed, with these actually coming from bogus  and hijacked mail servers such as:

‘from beta.dnshree.com ([208.87.243.22])
<nobody@beta.dnshree.com>

Here’s a full copy of of the email fraud:

more »

account limited ! update your account information

Thursday, April 7th, 2011

More Paypal fraud on the way. This time spoofing a domain that only sounds like Paypal:

Subject:     account limited ! update your account information
From:     Paypal Service Inc <Service@nopaypal.com>

Of course many recipients are not going to notice the minor variation and will simply ignore that this mail claims to come from “nopaypal.com” rather than “paypal.com” while it actually comes via spam friendly servers like:

caracalla.lunariffic.com ([216.227.214.143])

The actual emails look like this:

more »

New Message from Online Banking – Chase Card Services Fraud

Wednesday, March 30th, 2011

The newest JP Morgan Chase email Phishing fraud is now being sent as:

Subject:     New Message from Online Banking
From:     “Chase Card Services”<SMChaseNotification@emailonline.chase.com>

The spoofed email itself looks convincing enough:

more »

Flagged & Removed – Craigslist Frauds

Monday, March 21st, 2011

We’re seeing a strong increase in Phishing Fraud emails targeting Craigslist.org accounts.

The emails generally arrive such as:

Subject:     flagged & removed : 1977204121
From:     “no-reply@craigslist.net” <no-reply@craigsliist.net>

The ID/Case number in the subject line will vary in an attempt to evade spam filtering.

The sending address is spoofed as the emails are not actually sent from Craigslist.org servers.

An example email:

more »