Phishing Lessons

HSBC ACCOUNT VALIDATION REQUIRED – Fraud Emails

Sunday, May 13th, 2012

The latest bank Phishing Fraud emails to make the rounds via email are targeting HSBC Bank customers and clients.

The emails typically arrive shouting out warnings in all capital letters:

Subject:     ACCOUNT VALIDATION REQUIRED!

And greet you as their “Dear Esteemed HSBC customer,”

Strong wording explains that you need to take immediate action to protect your account. An example of such a message:

Your Account Validation did not work properly. We are experiencing difficulties in updating your account from our maintainance servers as some information are either out of date or missing from our systems.

To this end, we are contacting you to please validate your account information with us.

To begin log on to internet banking on https://www.hsbc.ae/1/2/InternetBanking/?SecureLogin with your internet Banking credentials and validate your account with us as soon as possible.

This Email is subject to mandatory action. Failure to comply will lead to suspension of account activities with HSBC. HSBC will bear no responsibility of any mishaps caused if no action is taken.

more »

Verizon – Your Bill Is Now Available – Fraud

Friday, May 4th, 2012

In the never-ending quest to steal identities, there seems to be no limit to the sites that spammers and cyber-criminals will try to impersonate.

Many web users are now understandably suspicious of emails claiming to come from Ebay, Paypal or their bank. And, we’ve already seen email frauds claiming to come from Netflix, Vonage, Linked-in and of course Facebook.

Now your cellular service emails can no longer be trusted either…..

An email Phishing fraud campaign is actively making the rounds with emails falsely claiming to come from Verizon such as:

Subject:     Your Bill Is Now Available

more »

Introducing Your US Department of Justice and FBI Victim Notification System

Thursday, January 19th, 2012

Here’s something we really don’t see every day….

We recently received an email claiming to be from the U.S Department of Justice Victim Notification System (VNS)

Subject:     US Department of Justice Victim Notification System
From:     Courtney Walker <fedemail@vns.usdoj.gov>
To:     Business Representative <address>

Our typical “common sense” check for email Phishing Fraud starts with the obvious:

  1. Overly serious/threatening Subject line…. check!
  2. Human sender doesn’t match email address…. check!
  3. Impersonal and generic salutation… check!

The email itself open with:

DO NOT REPLY TO THIS EMAIL.

U.S. Department of Justice
Federal Bureau of Investigation
FBI – New York
26 Federal Plaza, 23rd Floor
New York, NY 10278
Phone:  (212) 384-2564
Fax:  (212) 384-4104

more »

Chase Online Alert: Debit Card/ATM Deduction from Account

Thursday, July 14th, 2011

As the biggest banks get bigger, they capture even more attention from spammers and online criminals intent on stealing legitimate user’s accounts.

Such is the case with JP Morgan Chase and yet another Phishing fraud email now circulating:

Subject:     Chase Online Alert: Debit Card/ATM Deduction from Account
From:     Chase Online Alert <Chase@emailnotify.chase.com>

more »

Account Update Notice – Craigslist Fraud

Monday, July 11th, 2011

While spam volumes may be down, the Phishing fraud’s continue in high volume with Craigslist.org users being highly favored targets.

Look for these spam emails to trap unsuspecting users:

Subject:     Account Update Notice
From:     “craigslist” <help@craigslist.org>

While they spoof  “help@craigslist.org” as the sending address, most that we’ve reviewed have come from various hijacked Earthlink accouts:

from elasmtp-banded.atl.sa.earthlink.net ([209.86.89.70])
from elasmtp-scoter.atl.sa.earthlink.net ([209.86.89.67])

Here’s a complete copy of one of these “Account Update Notice” frauds:

more »

Important Technical Service Message – FedEx Spam

Wednesday, June 22nd, 2011

Phishing fraud involving the various shipping companies continues its upswing, and a newer version of FedEx fraud is looking to steal legitimate user’s account credentials.

Emails typically arrive:

Subject:     Important Technical Service Message (CODE:90738-00)
From:     “FedEx Technical Support”<update@online-update.com>

The are not sent from any legitimate Federal Express server, but instead are sent through hijacked user accounts, the latest copy reviewed came to us through Verizon’s servers:

more »

Flagged & Removed: Craigslist Spam

Tuesday, June 14th, 2011

There’s a renewed effort from spammers trying to hijack legitimate Craigslist.org accounts.

One version currently in distribution arrives:

Subject:     flagged & removed: 36984099
From:     “Craigslist” <no-reply@craigsIst.org>

To further add the appearance of legitimacy and to help evade spam filtering systems the number at the end of the subject line is randomized.

more »

IMPORTANT – Account Deactivation Notice – Bank of America Fraud

Friday, June 3rd, 2011

A surprisingly well done spoof of a Bank of America notice is making the rounds and is convincing enough to trick a number of email recipients:

Subject:     IMPORTANT – Account Deactivation Notice
From:     Bank of America Alert <onlinebanking@ealerts.bankofamerica.com>

The email, actually sent from foreign servers, warns:

We have noticed that you need to resolve important security issues on your account to prevent temporal deactivation. It is therefore recommended that you complete this process. Your security is important to us.

Please click on the link below to resolve this issue:

www.bankofamerica.com/upd.screc/id.2140180220.sessid/home.sec.index.cfm?page=update

more »

Wells Fargo Online Fraud Prevention – Spam – Fraud

Monday, May 23rd, 2011

One of the “better” Wells Fargo Phishing frauds we’ve seen lately (and there are a lot to choose from) arrives as:

Subject:     Wells Fargo Online Fraud Prevention.
From:     “Wells Fargo Online”<wellsfargo@wellsconnect.wellsfargo.com>

The basic pitch:

Wells Fargo’s Internet Services Group Fraud Operations would like to verify some recent activity on your account.

Here’s a complete copy of the fraudulent spam email:

more »

Message from eBay Member Regarding Item # – Spam/Fraud

Monday, May 9th, 2011

We see so much spam, it actually gets rather boring after awhile. That’s why we sincerely appreciate spam that’s unusual or especially clever.

This spoofed Ebay Phishing Fraud email certainly fits the bill of interesting and very effective spam:

Subject:     Message from eBay Member Regarding Item #
From:     eBay <aw-notice@eby.com>

In the actual spam email, the item number is usually from an actual Ebay auction and the question certainly sounds plausible. We’ve seen many variations, but here’s a common example:

Hi , i`m from London and i want to ask you the buy it now price with delivery included ? Do you accept paypal ? Thanks!

more »