Real Estate Blog - Consumer ALERT: New Variations of Phishing Email Being Sent -- Beware!

Home : Blogs : Lawrence Yerkes - Broker Associate, Southern New Jersey Real Estate Services : Southern New Jersey Region Overlook!

Consumer ALERT: New Variations of Phishing Email Being Sent -- Beware!

The "phishing" industry is morphing their tactics as people are becoming wise to their past methods. These criminals learn quickly and are becoming more sophisticated in ways to fool you.

I just received the following message from a bank. I immediately knew that it was bogus, since I did not have an account with it... but as I read the mail, I first started to think that is was legit, just sent to me by mistake.

I then looked it over more closely... valid return address, valid contact information about the bank, no suspicious links (just plain text), a warning about the dangers of "phishing", low-key suggestion to write a letter, email or call the included phone number. I thought, "Okay, it appears legitimate," and if I was the average account holder I would probably be seriously considering calling the phone number "immediately" as directed.

After checking the bank's web site (which I located independently, never use the supplied links/addresses as they may be pointing to a fake site), the only difference I noted was that the bank's phone numbers where in XX state and the phone number provided was in Illinois. (Which did not necessary mean it was fake, as many organizations have support numbers in different locations.)

However, by this time I was certain it was bogus for reasons I don't want to publish here, so out of curiosity I dialed the number included several times in the email, so they obviously were intending to drive responses to it.

On the phone, I encountered an automatic, official sounding message that said, "Welcome To XXXXX State Bank's Account Reactivation System... to start, please have your credit card information available and press 1 when ready..."

Here is an actual text of the email and actual phone number, the only change I made was to conceal the bank, as it was in no way their fault. (I did report the incident to them.)

--------------------------------------------------------------
Consumer Alert: Increase in Fraudulent e-mails
--------------------------------------------------------------

XXXXX State Bank has confirmed that a small number of people were recently phished. "Phishing" is when a criminal replicates a legitimate web site to deceive individuals into providing personal financial, or other confidential information.

An unknown number of people recently received an email that appeared to be sent from XXXXX State Bank. We currently working to shut down the phishing site, and determining the extent to which our clients may have been affected.

Due to this attempts we have had to temporary suspend any future authorizations being conducted with your Credit Card. Please call us immediately at 1-309-807-0946

We will review the activity on your account with you and upon verification, we will remove any restrictions placed on your account. Please disregard this notice if you already re-activate your card.

XXXXX State Bank cares about you and we want to ensure the highest level of protection for you.

Sincerely,
XXXXX State Bank Fraud Department

You can contact us by phone, U.S. mail, or email. We look forward to hearing from you.

By phone:
1-309-807-0946
Or contact Customer Care at 1-309-807-0946

By U.S. mail:
XXXXX State Bank
Box 1234
1234 Main St.
XXXXX, XX 12345

Bottomline: You can never be too careful when it comes to protection against criminals gaining access to your personal information.

Click here for additional Security related articles

Posted by Lawrence Yerkes - Broker Associate, Southern New Jersey Real Estate Services on 02/26/2008 10:43 AM

Comments (16)

security, phishing, consumer alert, safety

Originally posted at: Southern New Jersey Overlook: Consumer ALERT: New Variations of Phishing Email Being Sent -- Beware!

This post has been included in New Jersey Information
Post is included in group: South Jersey
Post is included in group: RE/MAX Active Rain Bloggers
Post is included in group: Technology
Post is included in group: Seniors Issues
Post is included in group: Business to Business

16 Comments on Consumer ALERT: New Variations of Phishing Email Being Sent -- Beware!

FEB

2008

Thanks for the heads up. That is amazing that they included a phone number along with it. someone was definitely thinking through their obviously sick criminal mind to make more people victim to their schemes.

It is a little crazy. I something like this from a EBAY or Paypal thing about every other week and about every three months from Chase.

After contacting the institution they tell me that any email they will every send will include my last name. In fact when I get them I forward the email to spoof@ebay.com and spoof@paypal.com.

With Chase I have to call them

Thanks

Tony

Morning Lawrence, Wow, that is really well done. Bet they get a bunch of unsuspecting replies !

So is one of the clues the fact that there is no "800" number provided? Agree - go to the main site whenever possible and avoid using links.

Thank you for your comments...

Toll free numbers have also had their share of abuse.

Also, if you dial a Toll Free phone# they automatically will have all your caller ID information (including last name, whether you have it blocked or not, as they are paying for the call), so you can't rely on just one thing to trust that it is legitimate.

There is a simple litmus test. The bank does not send you notices via e-mail. It is says it came from your bank, spam filter it out.

MAR

2008

Here another example of a variation that's out there... I've changed the name of the organization (which is not responsible for this) and the visible URL's, but the actual links are still live: Do NOT click on any of these links....

First mailing:

From: "Example Central Credit Union"update@system.excentralcu.org
Subject: Required Security Update

[Org. Logo]
Required Security Update
Click "Begin" to update your account for Multi-Factor Authentication
Upgrades were made to our internet banking site on March 5, 2008. You must complete this one-time security update to access your accounts.

Begin

Why has the login process changed?
Why has the login page changed?
More information about this security update
Security Update video
Login process video
Login here if you have completed the above security update. If you haven't please see above for instructions before proceeding to login.

Second Mailing:

From: "Example Central Credit Union"<update@excentralcu.org>
Subject: Notification letter #6286

Example Central Credit Union department temporary suspended your account.

After three unsuccessful login attempts your account was temporary suspended until further investigations.

All cards from this account are suspended.

You must reactivate your account immediately, or you won't be able to use your cards again.

Once you have completed these steps, we will send you an email notifying that your account is available again.

The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party.

Sorry for any inconvenience this may cause and thank you for your patience.

To continue please click the link below:
http://nwtd.pt/www.ExampleCentralCU.org/index.html <actual link does not match visible link>

Here's a common one for IRS "tax refunds" -- DO NOT CLICK ON THE LINK SHOWING BELOW(it's still active) and actual link is different:

From: "Internal Revenue Service"noreply@irs.com
Subject: IRS - Notification Letter #8123

After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $116.40. Please submit the tax refund request and allow us 6-9 days in order to process it.

A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Regards,
Internal Revenue Service

And here's another "secure" way [NOT] to receive you tax refunds... (AGAIN: DO NOT CLICK ON ANY ACTIVE LINK):

From: "Internal Revenue Service"efile@re-fund.co.us
Subject: Tax Refund (Message ID H12347d7)

<-- Originally pointing to someone's site for picture

A Secure Way to Receive Your Tax Refund

After the last annual calculations of your fiscal activity we have determined that
you are eligible to receive a tax refund of $873.20.
Please submit the tax refund request and allow us 3-9 days in order to
process it.

A refund can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Note: For security reasons, we will record your ip-address, the date and time.
Deliberate wrong inputs are criminally pursued and indicated.

Regards,
Internal Revenue Service

MAR

2008

Yes, I think it's quite amusing that all the phishing emails now talk about security in their emails and give all kinds of security advice. I guess this stuff fools people because these guys send a lot of it.

MAR

2008

Lawrence, these phishing schemes are becoming more and more sophisticated. Most banks now say that they won't ask for personal information via email.

MAR

2008

I agree that most banks and non-bank organizations will not ask for personal/financial information via email.

However, my point continues to be that phishing emails are getting more and more sophisticated and you need to continually be on guard and hone your abilities to spot them. It is not uncommon (from personal experience) for organizations to ask you to confirm information and/or to log back into their site or call their service number and then ask you to supply some information to improve "security" or let you access confidential information, etc.

The issue is not that they are banks, but it could be any organization, including non-profit and governmental, that could be used by phishers as we've already seen.

Here's another variation...

Dear XXXXXXXX customer,

We would like to inform you that we are currently carrying out scheduled maintenance.
In order to guarantee the high level of security to our business customers, we require you to complete "Business Internet Banking Form".

Please complete BIB Form using the link below:

http://business.xxxxxxxx.com/system_directory/isa/file.aspx?session=723456789012345789012345789012357890235986823590873908

Please do not respond to this e-mail.

I just received it a few minutes ago. While it's another banking example, I wanted to point out the subdomain ("business") is invalid, while the xxxxxxxx.com is VALID. (The session number string is not the original, but it was the same length.)

While we're at it, here's one "from" eBay...

eBay sent this message to Rxxxx Pxxxx (rxxxxxxxxxxx).
Your registered name is included to help confirm this message originated from eBay. Learn more.

eBay New Unpaid Item Message from rockstarsports : #280086969984-- response required

Dear member,
eBay member rockstarsports has left you a message regarding item #280086969984	Regards,

BTW, Here's a plain old scam....

Dear Friend, I have been waiting for you since to contact me for your Confirmable Atm Card value of $10.500.000.00 United States Dollars, but I did not hear from you since that time. Then I went and deposited the Atm Card with FEDEX COURIER SERVICE, before I traveled out of the country for a 3 Months Course.

What you have to do now is to contact the FEDEX COURIER SERVICE as soon as possible to know when they will deliver your package to you because of the expiring date. For your information, I have paid for the delivering Charge, Insurance premium and Clearance Certificate Fee of the Cheque showing that it is not a Drug Money or meant to sponsor Terrorist attack in your Country. The only money you will send to the FEDEX COURIER SERVICE to deliver your Atm Card direct to your postal Address in your country is ($370.00 US)Dollars only being Security Keeping Fee of the Courier Company so far.

Again, don't be deceived by anybody to pay any other money except $370.00US Dollars. I would have paid that but they said no because they don't know when you will contact them and in case of demurrage. You have to contact the FEDEX COURIER SERVICE now for the delivery of your Atm Card with this information bellow; Contact Person: Mr. David Wood Email Address: fedexng1@live.com Finally, make sure that you reconfirm your Postal address and Direct telephone number to them again to avoid any mistake on the Delivery and ask them to give you the tracking number to enable you track your package over there and know when it will get to your address.

Let me repeat again, try to contact them as soon as you receive this mail to avoid any further delay and remember to pay them their Security Keeping fee of $370.00 US Dollars for their immediate action. You should also let me know through email as soon as you receive your Atm Card.

Yours Faithfully,
Dr. David William
E-mail : drdavidw1@yahoo.es

This example is another bank, requesting "non-sensitive and anonymous" information with the comforting assurance that it will not be passed down to a third-party...

XXXXXXXX Central Credit Union department temporary suspended your account.

After three unsuccessful login attempts your account was temporary suspended until further investigations.

All cards from this account are suspended.

You must reactivate your account immediately, or you won't be able to use your cards again.

Once you have completed these steps, we will send you an email notifying that your account is available again.

The information you provide us is all non-sensitive and anonymous - No part of it is handed down to any third party.

Sorry for any inconvenience this may cause and thank you for your patience.

To continue please click the link below:
http://host123-12-123-123.in-addr.btopenworld.com/www.XXXXXXXX.org/

© 2008 XXXXXXX Central Credit Union. All rights reserved.

In the above example, despite the comforting assurances, what look's like the base path for the bank, www.XXXXXXXX.org, is really a directory (folder) at ...btopenworld.com (whatever that is). Just looking at this fast, some might miss that and think it's a valid link.

We were speaking about the use of phone numbers and not giving out your name, etc.... this was received on March 4th..

Subject: Message from XXXXXXXX, Customer Service

Dear Member,

All Co-op Services Credit Union and Internet Banking will
be closed on Saturday, March 8th and Monday, March 10th during
the Memorial Day Holiday weekend for a scheduled computer upgrade.
Your participation is required at this event !

We need you to confirm your personal data with our existing database.

To continue this application we kindly ask you to click here and update your XXXXXXXX profile.

Our Member Call Center Representatives will be available on:
Saturday, March 8th 8:00 a.m. -9:00 a.m.
Sunday, March 9th 11:00 a.m. - 5:00 p.m.
(800) 321-8570 to assist you with your financial needs.

We apologize for any inconvenience this may cause you.

Sincerly,
Russ XXXXXXX Vice President XXXXXXXX Credit Union.

Copyright © XXXXXXXX Credit Union, All Rights Reserved.

I'm not going to comment on the obvious errors.
The point I want to make here is that in these case, because it's an 800#, if you call they will instantly have your name and phone number at a minimum.

APR

2008

Here's one (that also included valid organization name and logo) which simply wants you to call their toll free number...

From: XXXXXXX Credit Union"<xxxxxx@accountsecurity.com
Subject: Card Deactivation

Card Deactivation
Message from: Customer Service
Date: 04/07/2008

We detected irregular activity on your ATM/Check Card on 04/07/2008.
For your protection we have had to suspend any future authorizations
being conducted with your card.

For your security we have deactivate your card.

How to activate/re-activate your card ?

You may stop by your branch or call our Activation Center.

Activation Center: (866) 578-0982 (24 Hour Line)

Our automated system allows you to quickly activate your card.
We apologize for any inconvenience this may cause.

Notice how they are attempting to disarm any suspicions you may have about the email, or at least get you to the point of thinking that you don't know for sure as to it's validity and call the number just to see for yourself.

As previously mentioned, calling that number will give them your name and phone# at a minimum; and the automated system will get everything else they need.

If you see something like this and are in doubt, call the organization using a number listed on your billing statement or you have used previously and verified.

APR

Hi all. Love is the triumph of imagination over intelligence. I am from Serbia and too poorly know English, give true I wrote the following sentence: "We realize that most of the web shoppers are looking for a bargain, a cheap airline tickets." Regards ;) Tyrus.

This blog does not allow anonymous comments