Phishing Lessons

Vonage Account Security Phish – A Perfect 10

Tuesday, July 27th, 2010

This is one for the record books.

The other day we intercepted several copies of a phishing email that, in conjunction with a fake web page, attempts to acquire your Vonage phone number and password.

Subject: Important – Vonage Account Security Information

From: “donotreply@vonage.com” <donotreply@vonage.com>

The body contains this image file:

: Fake Vonage Survey Request

In and of itself this phish is not particularly outstanding. The image file above looks like it could be from Vonage but actually links to a forged version of a Vonage sign-in page. The web site is not even a very good forgery.

What is outstanding is the URL of the fake web site . . .

(more…)

Tags: forging, phishing, url, vonage
Posted in Message Control, Phishing Lessons | 1 Comment »

Amarillo National Bank Phish

Thursday, July 15th, 2010

Customers of Amarillo National Bank beware. There’s a new phishing campaign targeted at you. So far all of the examples we’ve seen have the same subject:

Subject: notification

And one of two slightly different from addresses:

From: “Amarillo National bank.”<anb@anb.com>

From: “Amarillo National .Bank.”<file3881001@anb.com>

Neither of which look very much like something a real bank would send.

(more…)

Tags: fraud, phishing
Posted in Email Fraud, Phishing Lessons | No Comments »

What Happens If I Click That Link?

Monday, June 21st, 2010

An important email safety practice is to avoid clicking on links that aren’t safe. This begs the question “How do I know if a link is safe to click?” The truth is you can never be sure, but there are ways of mitigating the risk.

A link’s presentation has two major components:

The visible text (or image)
The URL that the link references

These two pieces of information are not required to be related so you can have a link that says “Log in to my bank” but actually takes you to “badwebsite.com”. The trick is to know what the link actually refers to, not what it wants you to think it refers to.

(more…)

Tags: browsers
Posted in Message Control, Phishing Lessons | No Comments »

AT&T Universal Card – Phishing Invitation

Thursday, June 17th, 2010

“The security of your account is important to us” says the subject of an email message sent to one of our customers by AT&T|Universal Card.

It came to our attention because it’s so fiendishly difficult to determine whether or not it’s a phishing attempt.

Subject: The security of your account is important to us

From: AT&T Universal Card <universalcard@info4.citibank.com>

Rather than bore you with the details of how we decided this message was legitimate we thought we’d apply some of the suggestions found on the Anti-Phishing Council’s Phishing Page and see if we should trust this email.

(more…)

Tags: fraud, humor, phishing, scam
Posted in Phishing Lessons | No Comments »

What Bank of America Doesn’t Want You To Know

Tuesday, June 15th, 2010

Apparently Bank of America doesn’t want the public to know specific details about all of the various Phishing campaigns that are active on the Internet and that target Bank of America customers.

In a real “BP-ish” management response…. within 24 hours of our last posting Bank Of America Alert: Your Account Has Been Locked – Phish we received a suggestively threatening email from them, which was ALSO sent to one of our collocation providers, and additionally to our Domains by Proxy administrator address, that says, in part:

We have now detected a website, or a redirect to a website, hosted on your network that purports to be a Bank of America or a Bank of America affiliate* website. The referenced site(s) uses the Marks, leading visitors to believe it is a website sponsored or endorsed by Bank of America or a Bank of America affiliate* while no such sponsorship or endorsement actually exists.

Technically, of course, by way of our displaying and explaining how Phishing attempts are executed it can be argued that we are displaying some of their “Marks” (we assume they mean Trademark content) on our blog site.

(more…)

Tags: phishing
Posted in Above The Law, Phishing Lessons, The Lighter Side | No Comments »

Bank Of America Alert : Your Account Has Been Locked – Phish

Monday, June 14th, 2010

A newer Phishing Fraud campaign is out targeting Bank of America customers.

The email arrives:

Subject: Bank Of America Alert : Your Account Has Been Locked
From: Bank Of America Alert <e-banking@bofa.com>

Naturally the sending address is spoofed, as these emails arrive from hijacked mail servers in Europe and Asia.

What’s notable is the general quality of the Phishing email:

Click for Larger Image

(more…)

Tags: fraud, phishing, spoofing
Posted in Email Fraud, Phishing Lessons | No Comments »

Your mailbox has exceeded the storage limit

Tuesday, June 8th, 2010

Another twist on the very active campaigns designed to trick users into providing their email account logins and passwords arrives with the warning:

Subject: Your mailbox has exceeded the storage limit

The sending addresses are randomly generated, typically coming from hijacked web site mail servers, but the content of these Phishing fraud emails are pretty simple:

Your mailbox has exceeded the storage limit which is 20GB as set by your administrator, you are currently running on 20.9GB,To re-validate your mailbox Clickhere: or copy this(http://bit.ly/a8zCsk ) and past in your browser to increase your mailbox size or you loose your account within 24 hours. System Administrator Center.

(more…)

Tags: fraud, phishing, spoofing
Posted in Email Fraud, Phishing Lessons | No Comments »

TD Canada Trust EasyWeb Phishing

Friday, June 4th, 2010

Dear Customer:

Your Secure login details seem to have been compromised.

Any email that starts out in this vein should cause you to be extremely suspicious. As a case in point, the opening above comes from a TD Canada Trust Phishing fraud attempt that we recently intercepted.

The message itself looks like this:

Subject: TD Internet Banking Security

From: TD Canada Trust <security@easyweb.com>

To: [redacted]

Dear Customer:

Your Secure login details seem to have been compromised.

Please log in to the secure link below, and verify your security

details to avoid an unecessary suspension of your account.

We may call you to verify any information, and such calls may include
computer-generated speech

To log in and verify your account click on the Security link:

EasyWeb-SECURITY

Thank you.
Customer Service
TD Group Financial Services.

A few notes about the message before we get to the good part:

The spoofed “From:” address is “TD Canada Trust <security@easyweb.com>”. However, none of the message headers indicate that it was ever anywhere near a server associated with “easyweb.com”.
The “TD Canada Trust – EasyWeb” logo is the real logo from tdcanadatrust.com displayed through the magic of HTML.
The “EasyWeb-SECURITY” link above actually goes to the bogus web site so don’t click it unless you have good, up to date anti-virus software. (6/15/2010 – Update: link removed)

All of this is pretty normal for a fraudulent email Phishing campaign.

What’s outstanding about this one is the quality of the login page it links to.

(more…)

Tags: fraud, phishing, spoofing
Posted in Email Fraud, Phishing Lessons | 4 Comments »

Click Here To Log In – Craigslist Phishing

Thursday, June 3rd, 2010

This is priceless!

We just intercepted what might be the coolest Craigslist Phish ever. Maybe even the trickiest Phishing fraud ever — it’s definitely among the best we’ve seen.

For the sake of context, the normal Phishing and identity theft attempt goes something like this: You get an email that says something dire like “your account has been hacked/suspended/overdrawn or whatever” and then presents you with a link to a fake login page so the phisher can trick you into providing your username and password.

That is, of course, assuming you click the link and fill in the login form.

Most of the time the hyper-linked text will say something like “Log in” or “Click Here” or “Access Your Account” and if you hover your mouse over the link and look at the status bar of your email client you’ll see that the link actually goes to an abandoned URL like “abctreesurgery.com”; a random one like “sksjhrkeykser.com” or something on a hacked google groups page.

But this Phisher is in a class of their own.

(more…)

Tags: fraud, phishing, spoofing, virus
Posted in Email Fraud, Message Control, Phishing Lessons | 1 Comment »

Account Frozen – Chase Paymentech Fraud

Tuesday, June 1st, 2010

A new Phishing/identity theft campaign is targeting Chase Paymentech merchants using a simple “Account Frozen” warning email that links to a similar sounding domains.

The fraudulent email:

Subject: Account Frozen
From: Chase Paymentech <services@servchase-paymentech.com>

(more…)

Tags: fraud, phishing
Posted in Email Fraud, Phishing Lessons | 1 Comment »