The “Phish of the Week” spoofs legitimate Wells Fargo Bank email:
Subject: Account Update
From: Wells Fargo Bank <alert@wellsfargobank.com>
The bogus alert says, in part:
As part of our security measures, we regularly screen activity in the Wells Fargo system. During a recent screening, we noticed an issue regarding your account.
A slight error has been detected while making recent changes in your account information.
more »
A new and very well crafted spoofed Bank of America Alert is making the rounds:
Subject: Bank of America Alert : Account Locked
From: Bank Of America <onlinebanking@ealerts.bankofamerica.com>
In reality, the email address is spoofed and could be coming from anywhere, but the ones we’ve reviewed so far came from hostgator.com accounts through their annonymous “WebsiteWelcome” domain:
gateway08.websitewelcome.com ([69.56.142.29])
Phishing frauds targeting JP Morgan Chase are arriving, identified as:
Subject: Chase Online :Unauthorized Account Access
From: Chase Online <customerservice@chase-online.com>
The sending address is spoofed as these actually originate from any number of otherwise legitimate hijacked web servers.
The fraudulent email attempts to convince recipients that their account is in jeopardy and that as a result they need to log into the Chase site. more »
The latest version in the never-ending stream of Paypal Phishing frauds is arriving in in-boxes, identifying itself as:
Subject: Your account Paypal has been limited !!
From: Paypal services <paypal@security.com>
The sending address is of course spoofed, actually sent from servers like:
‘from host.seconde-dns4.com ([94.23.203.198])
The email typically contains a warning such as this:
Paypal users must be easy prey, statistically speaking. Year in and year out, the identity theft Phishing fraud emails just keep targeting them. Once thing is sure, spammers only keep doing what works.
The latest version:
Subject: Notification of Limited Account Access RXI091
From: PayPal <security@onlineupdate.com>
The latest twist on American Express Phishing fraud emails is making the rounds with a subject/sender typically seen as:
Subject: Notification on recent suspicious activity
From: American Express <security@online.americanexpress.com>
The sending address is spoofed, and the spammer goes one step further, injecting a false “received header” entry to try and convince spam software and/or unsophisticated users into believing the email really did come from an AMEX server.
An updated Amazon Phishing Fraud campaign is well timed for the post holiday shopping season, arriving with a catch subject line:
Subject: Your order has been succesfully cancelled.
From: ”Amazon.com LLC”<orders@amazon.com>
While the subject line contains a spelling error, omitting the second “s” in “successfully” that is common enough that most recipients likely won’t notice.
Rather than being sent by Amazon.com these are of course spoofed emails sent, in this case, by otherwise legitimate mail severs like “mail.terahost.net” ([76.191.125.141]).
The fraud itself is pretty straightforward:
It’s kind of ironic that most of the email claiming to be about preventing fraud is actually sent in order to perpetrate fraud. In fact, treating every message that wants to “verify your account information” or otherwise “protect” you as dangerous is a good way to avoid identity theft.
Today’s phishing example is no stranger to irony but that’s the least interesting thing about it. This one has an unusual trick up its sleeve. more »
Emails spoofing Facebook notifications are back in force. Even though our filters stop them, many users assume they must be legitimate and will release them from quarantine, resending the original frauds to themselves.
Subject lines most commonly seen in this campaign are: more »
