As the biggest banks get bigger, they capture even more attention from spammers and online criminals intent on stealing legitimate user’s accounts.
Such is the case with JP Morgan Chase and yet another Phishing fraud email now circulating:
Subject: Chase Online Alert: Debit Card/ATM Deduction from Account
From: Chase Online Alert <Chase@emailnotify.chase.com>
While spam volumes may be down, the Phishing fraud’s continue in high volume with Craigslist.org users being highly favored targets.
Look for these spam emails to trap unsuspecting users:
Subject: Account Update Notice
From: ”craigslist” <help@craigslist.org>
While they spoof “help@craigslist.org” as the sending address, most that we’ve reviewed have come from various hijacked Earthlink accouts:
from elasmtp-banded.atl.sa.earthlink.net ([209.86.89.70])
from elasmtp-scoter.atl.sa.earthlink.net ([209.86.89.67])
Here’s a complete copy of one of these “Account Update Notice” frauds:
Phishing fraud involving the various shipping companies continues its upswing, and a newer version of FedEx fraud is looking to steal legitimate user’s account credentials.
Emails typically arrive:
Subject: Important Technical Service Message (CODE:90738-00)
From: “FedEx Technical Support”<update@online-update.com>
The are not sent from any legitimate Federal Express server, but instead are sent through hijacked user accounts, the latest copy reviewed came to us through Verizon’s servers:
There’s a renewed effort from spammers trying to hijack legitimate Craigslist.org accounts.
One version currently in distribution arrives:
Subject: flagged & removed: 36984099
From: “Craigslist” <no-reply@craigsIst.org>
To further add the appearance of legitimacy and to help evade spam filtering systems the number at the end of the subject line is randomized.
A surprisingly well done spoof of a Bank of America notice is making the rounds and is convincing enough to trick a number of email recipients:
Subject: IMPORTANT – Account Deactivation Notice
From: Bank of America Alert <onlinebanking@ealerts.bankofamerica.com>
The email, actually sent from foreign servers, warns:
We have noticed that you need to resolve important security issues on your account to prevent temporal deactivation. It is therefore recommended that you complete this process. Your security is important to us.
Please click on the link below to resolve this issue:
www.bankofamerica.com/upd.screc/id.2140180220.sessid/home.sec.index.cfm?page=update
One of the “better” Wells Fargo Phishing frauds we’ve seen lately (and there are a lot to choose from) arrives as:
Subject: Wells Fargo Online Fraud Prevention.
From: “Wells Fargo Online”<wellsfargo@wellsconnect.wellsfargo.com>
The basic pitch:
Wells Fargo’s Internet Services Group Fraud Operations would like to verify some recent activity on your account.
Here’s a complete copy of the fraudulent spam email:
We see so much spam, it actually gets rather boring after awhile. That’s why we sincerely appreciate spam that’s unusual or especially clever.
This spoofed Ebay Phishing Fraud email certainly fits the bill of interesting and very effective spam:
Subject: Message from eBay Member Regarding Item #
From: eBay <aw-notice@eby.com>
In the actual spam email, the item number is usually from an actual Ebay auction and the question certainly sounds plausible. We’ve seen many variations, but here’s a common example:
Hi , i`m from London and i want to ask you the buy it now price with delivery included ? Do you accept paypal ? Thanks!
A highly targeted spam Phishing fraud campaign is actively going after TCF (a regional bank) customers.
The email arrives:
Subject: Your account has been locked.
From: TFC Bank <service@tcfbank.com>
But does not come form any legitimate TCF server, instead, traveling through sites such as:
from ds2017.centos-server.net ([207.45.176.146])
The message itself warns:
The typical bank Phishing fraud spam email warns you about your account security, claiming there have been unauthorized transactions or invalid login attempts from overseas.
In a creative twist, the latest spam Phishing campaign targeted toward J.P. Morgan Chase customers uses more of a carrot than a stick; announcing that you’ve received a billing refund.
Subject: You have received a refund of $70.95
From: J.P. Morgan Chase <online.service@chase.int.com>
Spammers are again looking to hijack Google AdWords accounts by mass mailing campaigns targeting legitimate AdWords account holders.
Messages arrive as:
Subject: Account has stopped running this morning.
From: “Google AdWords”<adwords-noreply@google.com>
While the emails typically spoof the adwords-noreply@google.com address, they are sent from stolen and fraudulently registered email accounts.
The message itself looks like:
