Spammers are again looking to hijack Google AdWords accounts by mass mailing campaigns targeting legitimate AdWords account holders.
Messages arrive as:
Subject: Account has stopped running this morning.
From: “Google AdWords”<adwords-noreply@google.com>
While the emails typically spoof the adwords-noreply@google.com address, they are sent from stolen and fraudulently registered email accounts.
The message itself looks like:
Email Phishing frauds for Bank Of Montreal are in high gear, with most arriving as:
Subject: Important Notice From Online Banking
From: BMO Bank of Montreal <helpdesk@bmo.com>
Though the sending address is of course spoofed, with these actually coming from bogus and hijacked mail servers such as:
‘from beta.dnshree.com ([208.87.243.22])
<nobody@beta.dnshree.com>
Here’s a full copy of of the email fraud:
The newest JP Morgan Chase email Phishing fraud is now being sent as:
Subject: New Message from Online Banking
From: “Chase Card Services”<SMChaseNotification@emailonline.chase.com>
The spoofed email itself looks convincing enough:
We’re seeing a strong increase in Phishing Fraud emails targeting Craigslist.org accounts.
The emails generally arrive such as:
Subject: flagged & removed : 1977204121
From: “no-reply@craigslist.net” <no-reply@craigsliist.net>The ID/Case number in the subject line will vary in an attempt to evade spam filtering.
The sending address is spoofed as the emails are not actually sent from Craigslist.org servers.
An example email:
Stealing Craigslist usernames and passwords is becoming increasingly popular amount Internet spammers and hackers.
The latest campaign warns of account suspension in order to get the recipient’s attention:
Subject: craigslist.org: Account Temporarily suspended
From: ”craigslist.org” <noreply@craigslist.org>
Though the message actually comes from hijacked Yahoo email accounts (from nm11-vm0.bullet.mail.ac4.yahoo.com) the email itself is a pretty good approximation of a legitimate Craigslist notification:
Click for Larger Image
One of the tactics that works very well for spammers is tricking (Phishing) users into sharing their email account login and passwords and then using the hijacked account to send spam.
The advantages of using a hijacked account include:
The only downside is since many users will eventually take back their accounts (or admins will disable them) the spammer needs a constant source of new email accounts.
More Phishing frauds are being received for TD Canada Trust Bank customers:
TD ALERT : You have received a new payment.
TD Canada Trust Bank. <e-payment@easywebsoc.td.com>
This campaign appears to originate from accounts on SimpleHELIX web servers:
‘from defend3.simplehelix.com ([206.126.97.8]‘
Here’s a well designed Phishing fraud targeting USAA.com users:
Subject: Notification at usaa.com
From: USAA <USAA.Web.Services@customermail.usaa.com>
The somewhat standard warnings are used:
Dear Customer,
As part of our security measures, we regularly screen activity in the usaa.com system. We recently contacted you after noticing an issue on your account. We requested information from you for the following reason: more »
Lots of Phishing frauds targeting JP Morgan Chase customers.
Subject: Chase Bank Alert: Your Account Is Inactive
From: JP Morgan Chase Online <Membership@chase.com>
These spoofed notices go on to warn recipients: more »
The “Phish of the Week” spoofs legitimate Wells Fargo Bank email:
Subject: Account Update
From: Wells Fargo Bank <alert@wellsfargobank.com>
The bogus alert says, in part:
As part of our security measures, we regularly screen activity in the Wells Fargo system. During a recent screening, we noticed an issue regarding your account.
A slight error has been detected while making recent changes in your account information.
more »
