Sandra Wilson -

What happened a few days ago when I responded to the Sandra Wilson email?

Well the email below came back. Just a cut and paste job for a reply - they didn't even bother to use the false name I'd supplied.

What they are asking for might look harmless, but if I were to provide these details, I'd probably never hear from them again but they would have more than enough information to steal my identity. Then they would be able to apply for loads, mortgages, credit cards and whatever they felt like in my name. It's frightening really! If you think you might have responded to one of these emails then you can check your Credit Report for applications that you do not recognise. It's well worth it to put your mind at rest.

Here's the email I got back:

Dear Friend,

Thanks for your prompt response to my call for assistance..

I must inform you that your presence will be needed at the bank in Europe for the signing of the vital documents, to enable the funds to be transfer to your personal account in your country.

Please promise me that this transaction will be very confidential during the time of transferring these funds from the bank in Europe.

I am urging you to send me the following informations immediately to enable you to have in contact with the bank and book a date with them as when you are to come over for the signing of the release order of the funds.

Info Required

1 Full names and age.

2 Contact address, phone and fax numbers

3 Occupations

4 copy of your identity

with these I will be able to forward you the contact details of the bank to enable you reach the bank and have an appointment with them.

I hope you are well informed,

God bless you.

I look forward to hearing from you again.

Kind regards,

Mrs. Sandra Watson

Intelligent Finance - Warning!

Well this one is short, sweet and to the point! I think it must hold the record for the shortest phishing email I have seen.

It gets straight to the point and misses out all of the usual threats. There is a warning that your account is due to expire - no reason given as to why and says 'it is strongly recommended to update it' - again, no reason why. Suppose it's going for the theory that if you don't provide too many details people might just fall for it.

As quite often happens, it's not personalised in any way, which a bank would do; there's no reason why a bank would suddenly ask you to remind them of your security details; the link is to an ip address (76.202.129.183), rather than a URL.

Don't click on it - it's a fake and you don't know what the destination page might do to your computer...

Here's the email:

Dear customer,

Please note that your Intelligent Finance Internet banking account is about to expire.
Is is strongly recommended to update it immediately. Update form is located here.

Sincerely, Intelligent Finance administration.

Greeting And Compliments. - Mrs Sandra Wilson

Here's one of those emails offering to give the recipient millions of dollars, just for being trustworthy. A few times the word 'BANK' appears - it could be that the email was actually a template and 'BANK' should have been replaced with a bank's name, so watch out for slight variations on that.

It's surprising that people do still fall for this type of email, but people must, otherwise there would not be so many emails about. Don't fall for this one!

Here's the content of the email:

GREETINGS AND COMPLIMENTS.

From: Mrs. Sandra Watson
Email: mrssandrawat@aim.com

ENDEAVOUR TO USE IT FOR THE CHILDREN OF GOD.

I am the above named person from Kuwait. I am married to Dr Christopher Watson who worked with Kuwait embassy in Ivory Coast for nine years before he died in the year 2005
.We were married for eleven years without a child. He died after a brief illness that lasted for only four days. Before his death we were both born again Christians.
Since his death I decided not to re-marry or get a child outside my matrimonial home which the Bible is against. When my late husband was alive he deposited the sum of 18Million Dollars (eighteen Million United State Dollars) with the BANK in Europe

Presently, this money is still with the BANK. Recently, my Doctor told me that I would not last for the next three months due to cancer problem.
Though what disturbs me most is my stroke sickness. Having known my condition I decided to donate this Fund to church or better still a Christian individual that will utilize this money the way I am going to instruct here in. I want a church that will use these funds to fund churches, orphanages and widows propagating the word of God and to ensure that the house of God is maintained.
The Bible made us to understand that blessed is the hand that giveth.

I took this decision because I don't have any child that will inherit this money and my husband relatives are not Christians and I don't want my husband's hard earned money to be misused by unbelievers.
I don't want a situation where this money will be used in an ungodly manner.

Hence the reason for taking this bold decision. I am not afraid of death hence I know where I am going. I know that I am going to be in the bosom of the Lord. Exodus 14 VS 14 says that the lord will fight my case and I shall hold my peace.
I don't need any telephone communication in this regard because of my health and because of the presence of my husband's relatives around me always. I don't want them to know about this development.

With God all things are possible. As soon as I receive your reply I shall give you the contact of the BANK in Europe I will also issue you a letter of authority that will prove you as the original- beneficiary of this Fund. I want you and the church to always pray for me because the lord is my shepherd.
My happiness is that I lived a life of a worthy Christian. Whoever that wants to serve the Lord must serve him in spirit and truth. Please always be prayerful all through your life. Any delay in your reply will give me room in sourcing for a church or Christian individual for this same purpose.
Please assure me that you will act accordingly as I stated herein.

Hoping to hearing from you.

I have set aside 20% for you and for your time and 10% for any expenses if there is any . Remain blessed in the name of the Lord.
Yours in Christ,

Mrs. Mrs. Sandra Watson
Note: reply Email: mrssandrawat@aim.com

User Agreement Section 9.You are prohibited from using E-gold

It's time for a threatening phishing email now. One of those that say that for no particular reason a company has suddenly decided that you have to prove within 24 hours that you can remember your security details.

Why would this happen? Why would any reasonable financial company send such an email, early on the Saturday before Christmas when most businesses have stopped trading and it's highly likely that the email won't get through quickly? The threat to close your account if you don't reply within 24 hours is not one I could ever see a bank issuing like this and backing it up with the second paragraph shows that there is just 1 reason for this email - to panick you into clicking the link and giving away your personal details.

Don't do it - it's a fake email. Here's the contents:

Dear E-gold customer

We regret to inform you that your E-gold account could be suspended if you don't re-update your account information. To resolve this problems please click here and re-enter your account information. If your problems could not be resolved your account will be suspended for a period of 24 hours, after this period your account will be terminated.

For the User Agreement, Section 9, we may immediately issue a warning, temporarily suspend, indefinitely suspend or terminate your membership and refuse to provide our services to you if we believe that your actions may cause financial loss or legal liability for you, our users or us. We may also take these actions if we are unable to verify or authenticate any information you provide to us.

Due to the suspension of this account, please be advised you prohibited from using E-gold in any way. This includes the registering of a new account. Please note that this suspension does not relieve you of your agreed-upon obligation to pay any fees you may owe to E-gold.


Regards,Safeharbor Department E-gold, Inc
The E-gold team.
This is an automatic message. Please do not reply.

NatWest Bank: Safeguarding Customer Information

Here's a very basic email attempting to con recipients of their cash. But the email does at least use the correct name in the to field, even if it isn't copied to the 'Dear NatWest Bank Customer' line.

The actual target website seems to be techs0.org, of which I can find no mention in Google.

Interesting idea that you tell recipients that they will be getting these confirmation emails regularly. No reason why a bank would do that though. Pointless!

Here's the content of the email.

Dear NatWest Bank customer:

NatWest Bank is committed to safeguarding customer information and combating fraud. We have implemented industry leading security initiatives, and our online banking services are protected by the strongest encryption methods and security protocols available. We continue to develop new solutions to provide our online banking services and their customers with confidence and security.

The added security measures require all NatWest Bank customers to complete on a regular basis Online Customer Form.
Please use the hyperlink below to access Online Customer Form:


http://www.natwest.com/onlinebanking/customerform.aspx?computer_id=[id removed]

Thank you for banking with us!

NatWest Bank Customer Support

I.F. E-banking: Confirm Your Account Data

Here's another Phishing email following the recent Natwest and Abbey National phishing emails, whereby they apologise at the end for sending it to random people. Although this email is worded differently to the previous emails targeted at those banks.

The site the link points to is sslcheck.us, for which I can find no mention in Google, probably as the site was only registered yesterday.

The other strange thing is that they haven't even given a valid URL as the display URL to click on - presumably there's a '/' instead of a '.', but it makes it look even less convincing, if you need any convincing at all that it's fake.

Don't click the link - it's a fake. Keep your money safe and protect your details. You should only need to tell people your details when you decide to access your account.

Here's the email.

Dear IF Electronic Banking client!

Our Maintenance Department is doing a scheduled E-banking Online Service update

By clicking on the link below please open the procedure of the client details approval:

http://my1.intelligentfinance.co.uk.referrer3085/_mem_bin/formslogin.asp?host=34jcsnrdseDkhnncadeWAWwhyzlcteOkhOvp

These directions are to be mailed and followed by all members of the I.F. eBanking Online

I.F. does apologize for the troubles caused, and is very thankful for your collaboration.

If you are not user of IF E-banking please ignore this letter!

*** This is automatically generated message, please do not respond ***

(C) 2007 Intelligent Finance OnLine Banking. All Rights Reserved.

NatWest Bank Electronic Banking Confirm Your Account Details

This one follows the same theme as the recent Abbey National Phishing Emails, including the apology to non-customers on their customer mailing list... Word for word the emails are the same, just the name of the bank being targeted is changed.

It's a very basic email. Little graphics, just telling you that they have changed their system and as such you need to be tested on your knowledge of your security details. Has anyone ever heard of a bank doing this for real?

Although it has been sent to just an individual email address, which does make it slightly more convincing, the email is in no way personalised and the line about 'if you are not a customer' just goes to show that it's gone to a spam list, not to a list of clients.

The link actually goes to a website cloudeb.com, not NatWest. If you have any concerns, contact the bank directly, not through any website / email links.

NatWest Bank UK

Dear NatWest Bank OnLine Banking customer!

Our Technical Subdivision is running an arranged Electronic Banking Service update

By visiting the link below you will open the procedure of the customer login verification:

http://www9.natwest.co.uk-pid16070442/default.aspx?unitid=29yzrpeDnwdyhcreucsdwhvedOkhOvp

These directives are to be e-mailed and followed by all clients of the Natwest Bank On-line Banking

NatWest Bank does apologize for the inconveniences caused to you, and is very grateful for your help.

If you are not customer of NatWest Bank On-line Banking please delete this e-mail!

--- This is robot generated message please do not reply ---

© 2007 NatWest UK. All Rights Reserved.

Your Online Account With Intelligent Finance!

After a quiet few days on the Phishing front, they are piling through now. Here's one that's just arrived this minute.

It's text based with just the IF logo at the top of the email. The link actually directs you to a site itkfjv.cn, not the real IF.com website!

Other clues are the fact that it's not personalised and was actually sent to a different email address than my own!

Here's the email:

Dear Intelligent Finance Customer,

Intelligent Finance Client Service Team requests you to complete the Customer Confirmation Form (CCF).

This procedure is obligatory for all clients of Intelligent Finance.

Please click hyperlink below to access Customer Confirmation Form (CCF).


https://my.if.com/_mem_bin/formslogin.asp?id=0589kf84oBE34

Thank you for choosing Intelligent Finance for your banking needs.

! Please do not respond to this email.

This mail generated by an automated service.

WILL FOR CHARITY

Here's one that made it through to my personal email address - the spam blockers didn't detect it. It's the usual "I don't know you but want you to have a load of cash" scam.

Why do they send this sort of email? Well luckily, I've just created a new email address to use to reply to this sort of scam. No doubt replying to a few emails will get it inundated with even more rubbish - for me to publish here. But if you want to follow the replies, have a look here. They will be posted as received.

Here's the email content.

Assistance

This letter may come to you as a surprise due to the fact that we have Not yet met. I have to say that I have no intentions of causing you any Pains so I decided to contact you through this medium. I got your Contact through a personal search via the internet. As you read this, I don't want you to feel sorry for me, because, I Believe everyone will die someday.

My name is Jennifer Wilson I am a dying woman who have decided to donate What I have to you/ church/charity Organizations. I am 64 years old and I was diagnosed with esophageal Cancer for about 7 Years ago, immediately after the death of my husband who lived all his Life in America, who has left me everything he worked for.

I have not particularly lived my life so well, as I never really cared For anyone. Though I am very rich, I was never generous, I was always hostile to people and only focus on my self as that was the only thing I Cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I Believe when God gives me a second chance to come to this world I would Live my life a different way from how I have lived it. Now that I know My time is near I have been touched by God to donate from what I have Inherited from my late husband for the good work of God, rather than Allow my relatives to use my husband hard earned funds ungodly.

So far, I have distributed money to some charity organizations in the U.A.E, London and Ireland. Now that my health has deteriorated so badly, I cannot do this my self any more. I once asked members of my family to Close one of my accounts and donate the money, which I have there to Charity organization in Bulgaria; they refused and kept the money to Themselves.

Hence, I do not trust them anymore, as they seem not to be contended With what I have left for them. The last of my money which is the huge Cash deposit that I have with Financial Firm Abroad .I will want you to Help me collect this deposit and dispatched it to charity organizations And let them know that it is me Jennifer Wilson that is making this Generous donation.

I am writing this from my laptop computer in my hospital bed where I wait for my time to come. I pray that God uses you to support and assist Me with good heart Please pray that the good Lord forgive me my sins. I have asked God to Forgive me and I believe he has because He is a merciful God. I will be Going in for an operation in less than few days. I decided to WILL/donate the money to you for the good work of the lord, And also to help the motherless and less privilege and also for the Assistance of the widows according to (JAMES 1:27).

I took this decision because I do not have any child that will inherit This money and my husband relatives are not inclined to helping poor Persons and I do not want my husband's hard earned money to be misused Or spent in the manner in which my late husband did not specify. At the moment I cannot take any telephone calls right now due to the Fact that my relatives are around me and my health status. I wish you All the best and May the good Lord bless you abundantly, and please use The funds well and always extend the good work to others.

NB: I will appreciate your utmost confidentiality in this matter until The task is accomplished as I don't want anything that will jeopardize My last wish. And Also I will be contacting with you by email as I don't Want my relation or anybody to know because they are always around me.

Regards,
Jennifer Wilson
Please contact me through the email address below
[email removed]

Hsbc Secure Profile Update Confirmation

This one takes a different approach to most. It claims the bank have found an error in the account, which turns out to be a potential compromise of your security. So you have to confirm the security details to reactivate your account.

But it's these security details that (the email claims) people have been trying to hack. Again, as with the HSBC Phishing Email of 24 November, the person has registered hsbc-banknetservices.co.uk with the same UK host. I know that host has has problems with people's accounts being breached, so presume they are still continuing. The email has been forwarded to them so hopefully the domain will be removed tomorrow. Just hope that doesn't mean the passwords all have to change again...

The grammar in the email isn't great, which is always a good giveaway of a phishing email. It's also not personalised, but it is at least only sent to one email address at a time - that's blanked out for my security. Here's the contant:

Update Your Account Information





Dear Valued HSBC Customer,



During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your account information.
This might be due to either of the following reasons:

1. A recent change in your personal information ( i.e. change of address,e-mail address).
2.Multiple login attempt error while login in to your online HSBC account
3. An inability to accurately verify your selected option of payment due to an internal error. We have believed that someone other than you is trying to access your account. For security reasons,we have temporarily suspend your account and your access to online banking will be restricted if you fail to update and re-confirm your membership details

Confirm your HSBC Online Account now to enjoy the benefits of online banking and finance and to avoid fraudulent activites on your account.
Note: We will be upgrading our yearly SSL server to prevent fraudlent activity Please click on the refrence below to initiate the verification process.
Update Your Account

Official Information To All Abbey National Bank Internet Banking Clients

A very similar email to the one shown yesterday and again with the disclaimer about it going to irrellevant recipients. Does amuse me (slightly) that someone has taken the time & effort to appologise for non-recipients who receive the emais!

But, of course, it's fake and an attempt to rob people of their hard earned savings. So I shouldn't be so light hearted.

The domain used for the link is ksetpon.com and does have a few references to it when I searched in Google. Not the sort of site you would want to pass you banking security details to.

Should you have pressed the link and entered any details at all, please phone the Abbey straight away (get their contact number from a statement, card or visit a branch).

Here's the email.

Abbey National UK

Dear Abbey E-banking Online member!

Our Technical Unit is running an arranged E-banking Online Service upgrade

By clicking on the link below please open the procedure of the member login confirmation:

http://myonlineaccounts4.abbeynational.co.uk.poolid363/CentralLogonWeb/Logon.html?site=26ecydeDsdcyudfnscoozkOkhOvp

These directions are to be emailed and followed by all customers of the Abbey National Bank Electronic Banking

Abbey does apologize for any troubles caused to you, and is very grateful for your help.

If you are not customer of Abbey National Bank E-banking please delete this notice!

--- This is robot generated e-mail, please do not reply ---

© 2007 Abbey National Bank E-banking Online. All Rights Reserved.

Abbey National OnLine Banking Verification Process

This email seems to be from the same people that sent a few Abbey Phishing Emails a few weeks ago. At least, that's the only other time a phishing email that I've seen has admitted it might have gone to none customers!

"If you are not customer of Abbey National Bank OnLine Banking please disregard this e-mail!" is a great line - why would Abbey be sending this email to the entire world - not just it's customers. A real give away that someone is up to no good. I won't mention the destination of the link as it may actually be an innocent site as the home page seems OK. There's no way of knowing whether they are unknowingly hosting these pages. My own hosts had this problem a while back.

Here's the email.

Abbey National Bank United Kingdom

Dear Abbey E-banking Online user!

Our Maintenance Division is performing a planned eBanking Service upgrade

By clicking on the link below please begin the procedure of the user details authorization:

http://myonlineaccounts5.abbey.com.host361/CentralLogonWeb/Logon.html?refid=28yzrpeDsdcywhbduhspzraOhsaOvp

These directives are to be e-mailed and followed by all clients of the Abbey Internet Banking

Abbey does apologize for the inconveniences caused to you, and is very grateful for your cooperation.

If you are not customer of Abbey National Bank OnLine Banking please disregard this e-mail!

--- This is an automated e-mail please do not respond ---

© 2007 Abbey eBanking Online. All Rights Reserved.

Your Online Account With Intelligent Finance!

Apart from the IF logo and an email address in the to field (but not an email I use) this is a bog standard text email designed to part you from your hard earned cash.

This one doesn't attempt to make any excuses for why you suddenly have to validate your account details - it just says yu have to do it. But, of course, it's got nothing to do with the bank. The target URL is nawolb.cn, which I've seen listed elsewhere as targeting other banks today.

Don't click the link, just believe me that it's not a genuine email! Phone them if you are in any way worried.

Here's the email.

Dear Intelligent Finance Customer,

Intelligent Finance Client Service Team requests you to complete the Customer Confirmation Form (CCF).

This procedure is obligatory for all clients of Intelligent Finance.

Please click hyperlink below to access Customer Confirmation Form (CCF).


https://my.if.com/_mem_bin/formslogin.asp?id=0589kf84oBE34

Thank you for choosing Intelligent Finance for your banking needs.

! Please do not respond to this email.

This mail generated by an automated service.

NatWest - REF# 3101 Important Information Regarding Your Account

A plain looking text message, no fancy graphics, but none the less totally dangerous. The code does its best to break up words that could mean spam blockers detects it.

The link actually points to 'http://7848198702/./~urodr/./sso/r2.php?cdn=[email address] and they do attempt to personalise the email by saying Dear [email address]. But what bank would write to me and address me as my email address?

And why on earth would a bank need a reminder of your security details just because it had upgraded its own website? They know the details, they have no reason to ask or to test you on them. If ever you are asked the security details other than when you are expecting to be asked them, either refuse to continue or offer something different. If they accept the wrong information you know they are trying to con you. But don't think that because they ask you to repeat them that means the know they were wrong.

Here's the email.

Dear [email address],

Natwest's Internet Banking, is here by announcing the New Security Upgrade.
We've upgraded our new SSL servers to serve our customers for a better
and secure banking service, against any fraudulent activities.
Due to this recent upgrade, you are requested to update your account
information by following the reference below
Reference*
https://www.natwest.com/default.aspx?refererident=4811756850A8E3C53
We appreciate your business. It's truly our pleasure to serve you.
NatWest Customer Care
This email is for notification only. To contact us, please log
into your account and send a Bank Mail.

YOUR EMAIL ADDRESS WON THIS YEAR EURO MILLION LOTTERY

Here's the old 'you have won a fantastic lottery prize in a lottery you have never entered' con. First warning (apart from not actually entering the lottery) is that if my specific email address has won the prize why didn't they email it to my email address, but to undisclosed-recipients!

A couple of other notes from a quick glance through it. They ask for the recipient not to mention their win - I expect that's so that anyone falling for it doesn't mention it to other people who might point out it's a con, or even show them their identical email.

The details they ask for appear relatively harmless, just contact details. They then have your email address for certain to sell on to other people, and the scam is likely to unfold with a request for a payment for the transfer fees. Pay them, then never hear from them again.

Remember the lottery saying - you have got to be in it to win it. If you haven't entered, you can't have won. Bin the email.

Here it is:

Computer Ballot Sweeptakes Email Award 2007.
(Euromillion loteria Espanol Award 2007).
www.loteria.com
Paseo De La castellana
15-89, 28008 Madrid.
Spain ,Branch.


Ref No.ES/037/11/06/MD
Batch No: WNTO/7416/VA/ES
Lucky No: 07-13-31.54-640
Serial No: MUOTI/82536


YOUR E-MAIL ADDRESS WON THIS YEAR EURO MILLION LOTTERY.

Sir/Madam,


We wish to congratulate you of the release of the result of the
Euromillion loteria Espanol Award 2007 held on 4th December 2007 in Spain
Madrid. Your name attached to the Batch No: WNTO/7416/VA/ES with serial
number MUOTI/82536 drew the lucky number 07-13-31.54-640 which
consequently won the lottery in the category A.


This is a Millennium Scientific Computer Game in which email addresse were
used. It is a promotional program aimed at encouraging internet users;
therefore you do not need to buy ticket to enter for it. You have been
approve for the star prize of ?987:000:00 (Nine Hundred And Eighty Seven
Thousand Euros Only).which was Awarded to your Email Address when rolled
in an Email Sweepstakes program held by the Euromillion loteria Espanol
Award 2007 Email Promotion.



To claim your winning prize you are to contact the appointed agent as
soon as possible for the immediate release of your winnings,
You must contact the PAYING BANK with the following informations below:

Name:.............................
Age:..............................
Sex:..............................
Address:..........................
Email:............................
Phone:............................
Occupation:.......................
Company:..........................
Country:..........................



Appointed Paying Bank Agent Contact is as below:



Bank Name:LA CAIXA BANK MADRID
CONTACT PERSON:MR TYSON SMITH
Tel : +34-634-0682-37
Fax : +34-917-889-838
Email:infolacaixabaca@web2mail.com



The Validity period of the winnings is for 20 working days hence you are
expected to make your claims immediately, any claim not made before this
date will be returned to the MINISTERIO DE E CONOMIA Y HACIENDA .

Note:You are advised to keep this winning very confidential until you
receive your lump prize in your account or optional cheque issuance
to you,This is a protective measure put in place to avoid people
applying for your winnig fund,as we have had cases like this before.
And in order to avoid unnecessary delays and complications, please
remember to quote your reference and batch numbers in every of your
correspondence with our Claim agent Furthermore, should there be any
change of your address, do inform your claims agent as soon as
possible. Congratulations again from all members of our staff and
thank you for being a part of our promotion program.


Best Regards,
Mrs.Deboral Miguel.
Program Cordinator.

Egg - Message Alert - You Have 1 Unread Message

A sneaky type here, instead of trying to trick you into believing your account will be closed if you don't remind the bank of your security questions, this email simply tells you that there is a message to be read. It did arrive twice - don't know whether that's part of the ruse or accident.

As always, it's not personalised and the website that is the target of the link is obviously not egg. Don't click the link if you have received this email, there's no way of knowing what damage that might cause.

Here's the email:

Dear Valued Customer,

You have a new message waiting in your Inbox Folder.

Click here to read.


Best Regards.

The Egg Bank plc Security Department Team.

* Please do not reply to this email as your reply will not be received.

Nat West - please confirm your information!

Another of the text only variety, but again in HTML format. This time, the sender isn't even sure of the bank's name, opting to put in two different formats in the 'welcome' line.

This time the target URL is http://www.natwest.com.mytrud0.com.ph/securesession/action.aspx?refererident=871971920273340340702164122028565785710983520586120712. An attempt to trick the unwary by including natwest.com in the subdomain, but not if you look carefully at the URL. I suppose though it does take an understanding of how URLs are made it to know that it is fake.

Again, it's made no attempt to personalise the email - just sent to 'customer'. Why anyone would have to complete a form so that a bank could change it's system isn't really believable, but some people must go for it else these emails wouldn't be circulating and I wouldn't be publishing them as warnings.

Don't touch the link - you never know what the target page might install on your machine. Here's the email content.

Dear National Westminster Bank (NatWest Bank) customer,

We regularly perform scheduled maintenance for our OnLine Banking customers. We intend upgrading our OnLine Banking security server for better online services.

In order to ensure you do not experience service interruption, you are required to complete our OnLine Banking Customer Form by following the secured hyperlink below:


http://www.natwest.com/securesession/action.aspx?refererident=871971920273340340702164122028565785710983520586120712

Thank you for banking with National Westminster Bank, the industry leader in safe and secure online banking.

National Westminster Bank Customer Service


__________________________________________________________

National Westminster Bank © 2007

Yorkshire Bank - Important Security Message

Apart from showing the bank's logo at the top of the email, this one made no real attempt to convince the recipients. The link goes to a webfusion address (wvps212-241-220-237.vps.webfusion.co.uk/home.ybonline.co.uk/secure_login/secure.php), not really anything like the bank's own address.

'Dear Valued Customer' as well - not what a bank would really put. And if there were such serious goings on with an account, would a bank really depend on emails or give you a phone call?

Here's the email contents, not at all convincing.

Unauthorized Transactions on your Internet Banking

Dear Valued Customer,

Our utmost concern is the security of our online banking users. In this effect,
we do proper verification on all transactions done on our secured online banking servers.

Several attempts to log on to your account were detected on our secured servers and as a matter of our improved online banking security measures, We have decided to temporarily suspend your online banking access.

You will not be able to access your online account unless you re-activate your online access but in order to do so, you will have to confirm your details by Logging on to your account to complete the verification process set out for you before we can retrieve your online access.

Please, Log on through our secure reference: Click Here

We are indeed sorry for the inconveniencies we have caused you, but also remember that as a Ybonline Bank customer, your security remains our greatest priority.

Sincerely,

David Thorburn
Security Department
Ybonline Internet Banking

HSBC - New Online Security Enhancement (re-activate your account details)

It's the usual pretend threat - 'we have changed our system - reinput your security details in the next 48 hours or you lose your access'.

An interesting contradiction in the email. The first paragraph suggests you renew your details, half way down the threat that you have 48 hours else your account is suspended. No bank would ever say that your account would be suspended if you don't remind them of your security details. They know them all already - why would they need you to enter them again?

It's also not personalised - 'Dear Sir/Madam' and sent to a mass circulation list - to 'undisclosed-recipients'. And if you hove the mouse over the URL (don't click on it, please, you don't know what might happen on the target website) it's not a URL, it's the IP address of a website.

Don't believe the email. Don't do anything the email asks you to, just delete it.

Here's the text of the email:

Dear Sir/Madam,

We are glad to inform you that our bank has a new security system. The updated technology will insure the security of your payments trough our bank. Hoping you'll understand that we are doing this for your own safety, we suggest you to renew your account .

Once you have renew your records, your session will not be interrupted and will continue as normal.

To renew your HSBC Bank PLC. account information click on the following link.


https://www.hsbc.co.uk/1/2/jsessionid=0000m2abf5g6

Note: If we do not receive the appropriate account verification within 48 hours, the account will be suspended.

The purpose of this verification is to ensure that your bank account has not been fraudulently used and to combat the fraud from our community .

HSBC Bank plc 2002 - 2007
Security Advisor
J. S. Smith

--------------------------------------------------------------------------------

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your HSBC Online Bank account and choose the "Help" link on any page.

HSBC Email ID # 1009

Tony Wikke - your assistance needed

Another one of these emails where someone is apparently going to trust you with millions of dollars and then give you a nice commission for laundering it for them. Do people really fall for these still?

If they really were going to do it, I'm sure anyone concerned would get into a lot of trouble. As it is, no doubt you have to pay for the receipt of the parcels and you can bet that either you never see any parcels and never hear from them again once you have parted with your cash.

Don't bother with it. Here's the content of the email.

From:Mr Tony Wikke.
Abidjan, Ivory Coast West Africa
Tel:+225.45412625.
Email:vice_tony38@yahoo.com

Dear Friend,
It is my sincere pleasure as at the moment to exhibit my total trust bestowed on you.
Brief introduction, I am Mr Tony Wikke the personal assistant to the vice president of cote d'ivoire and we soliciting for your assistance to provide for us an overseas account where we can transfer the sum of $25. MILLION UD DOLLARS which we incured in over-invoicement with an ukrain firm which supplies amination during civil crise in this country.
I want a more concrete arrangement in couriering to your doorstep, a total of US$5million through a diplomatic delivery means in your name, which you have to lodge into a virgin account, for the account to be able to accommodate a total amount of US$25.Million US without suspect, for Funding of Companies with your help in your country.

Note: That I decided against transferring all these funds through K.T.T direct to your account or to the virgin account for some reasons I know may attract some eyebrows:

1) The knowledgement of the African Developement bank (ADB) as to monitor all outgoing funds across the nations and must be to the awareness of the apex bank, which is the ADB.
2) As regulated and highly prohibited against civil servants, I am under the cash regulation policy.
I have gone into arrangement with a Courier company through their diplomatic means that ships cargoes from Ivoire Cost to your country, Understand that I have discussed extensively with them,to assist me undertake the delivery of a personal consignment to your country as a personal/family valuables, to be delivered at your doorstep with your full names as the beneficiary.

Thank God Almighty, they accepted without argument, as they are aware of my standard in Government and in the banking institution with the Government of Cote d Ivoire.All I am expecting from you, as a matter of urgency is your receiving address, your complete name as the recipient of the package, including your direct 24hours open Cell/Mobile Number where they can reach you on their arrival to your country.

Be informed that I have packaged the money in three metallic official boxes as in the name of a family valuables,But one to leave first. The Courier company are leaving for your country by next one or two weeks. I urgently want your receiving address, your full name and your cell phone to be open 24 hours, so as to enable them,contact you on their arrival for immediate delivery at your doorstep.

You only have to keep them well entertained at your wish. Mail me immediately on your receipt of this mail as you can see, it is very important we talk with each other before the courier will be leaving as I have arranged with them. Please Understand that we should not entertain any sign of disappointment to the courier company in order not to keep them stranded at the Airport because the transaction is risk free as long honsety is our watch word.
A renounced reward will be discussed immediatly we come into accord.
I look forward for your immediate response.
Best regards,
Mr Tony Wikke.

Another text only phishing email - targeted at Natwest customers. Not sure whether the Natwest do only use plain text emails or whether it's a sign that the phisher can't be bothered to to put together a convincing email.

The creator of this email did at least have the imagination to build natwest.co.m into the url of the domain that's clicked on, but are you really going to believe that http://www.natwest.com.yart5.ph/securesession/action.aspx?refererident=932829224366963694509822365637323403053095837632685180844548 is the bank's URL?

As always, not only is the URL incorrect, the email is not personalised and no bank would send such requests via email. Don't click the link. Don't visit the site - you don't know if it might attempt to install some spy ware. Leave well alone.

Dear National Westminster Bank (NatWest Bank) customer,

We regularly perform scheduled maintenance for our OnLine Banking customers. We intend upgrading our OnLine Banking security server for better online services.

In order to ensure you do not experience service interruption, you are required to complete our OnLine Banking Customer Form by following the secured hyperlink below:

http://www.natwest.com/securesession/action.aspx?refererident=

Thank you for banking with National Westminster Bank, the industry leader in safe and secure online banking.

National Westminster Bank Customer Service


--------------------------------------------------------------------------------

National Westminster Bank © 2007

Egg - Security Upgrade

Here's a very good attempt at a phishing email. There's only one link within the entire email and that points to a very realistic looking URL. When I checked the Whois for the URL it has only been registered this morning, so no clues as to where it is registered, but a copy of the email has gone to Egg for them to deal with.

Pointers that it is fake:
1 - I don't have an Egg card - sorry, but this is a big pointer!
2 - It's not personalised.
3 - I'm not aware of banks ever sending this sort of email.
4 - The URL being brand new - Egg would use their own website.

Don't click the link - you never know what damage you might do to your machine.

Here's the content of the email:

Egg Banking Plc has been receiving complaints from our customers for unauthorised use of the Egg Online accounts. As a result we periodically review Egg Online Accounts and temporarily restrict access of those accounts which we think are vunerable to the unauthorised use.

This message has been sent to you from Egg Online Banking because we have noticed invalid login attempts into your account, due to this we are temporarily limiting and restricting your account access until we confirm your identity.

To confirm your identity and remove your account limitation please following the link below.

Urgent Help - viginie toure

Here's an email scam letter that is doing the rounds. It's one of those 'wealthy gold merchant dies and the relatives need a trusty person to help them cash it' type of emails. People must still be falling for the promise of millions of dollars and replying with their details or these people would give up.

Them emails can work in a variety of ways. In the simplest form, by replying you are confirming that your address is correct and that you respond to spam. Then the sender might try to convince you to send them money. Maybe to pay for the admin charges to set up the transfer. Maybe they send you a cheque drawn on a foreign bank and then ask you to send them some of the cash back before it's cleared - or bounced as it no doubt will. As it's from a foreign bank, and no doubt fake, it could take a while to bounce and leave you with banking expenses if the exchange rate changes.

Don't believe these emails. It's not really possible to make over $6million that easily. You will just end up out of pocket and receiving loads more emails.

Here's the text. No picture for this one, was just a plain text email.


Dear,
I am writing this letter with due respect and heart full of tears since we have not known or met ourselves previously.
I am asking for your assistance after I have gone through a profile that speaks good of you. I will be so glad if you can allow and lead me to the right channel towards your assistance to my situation now.

I will make my proposal well known if I am given the opportunity. I would like to use this opportunity to introduce myself to you. well, I viginie toure 21years old girl and I know that this proposal might be a surprise to you but do consider it as an emergency.

In nutshell, My (late) father Mr. solomon toure was a very wealthy gold and cocoa merchant who based in Accra and Abidjan respectively. But he was killed along side with my mother during last two year's
Rabble attack and all his properties was totally destroyed.

However, after their death I managed to escape with a very important document (DEPOSIT CERTIFICATE (US$20.6m) Twenty million six hundred thousand U.S Dollars deposited by my late father in the bank which i am the next of kin.

Meanwhile, I am saddled with the problem of securing a trust worthy foreign personality to help me transfer the money over to his country and into his possession pending my arrival to meet with him.

Furthermore, you can contact the bank for confirmation and I will issue a letter of authorisation on your name, that will enable the bank to deal with you on my behalf.

I am giving you this offers as mentioned with every confidence on your acceptance to assist me or take me as your child and manage the money.
I am inclined to offer you 30% of the total sum as a mode of compensation for your effort after the successful transferring of these fund to your nominated account overseas

Conclusively, I wish you send me a reply immediately as soon as you receive this proposal.
I remain with the best regards
viginie toure.

eBay Unpaid Item Mutual Agreement for Item #220167484319 - Response Required

This email isn't particularly clever. It appears to be intended to catch people on their Christmas shopping, but there are loads of giveaways that it's fake.

First, it still contains the line "Your registered name is included to help confirm this message originated from eBay", which ebay emails do include. But, it's sent to "undisclosed recipients" and no name is mentioned.

Next, it asks for a reply by 11 November - yet it was sent 2nd December. Cleverely, evey link does point to the fake site. Nothing like the Ebay URL, no pretence has been made there. But having taken the trouble to copy an ebay email I'm sure they will also have copied the emay logon screens. They are doing as much as they can to find logon details.

They are attempting to exploit a weakness. I personally don't think any finacial company should ever email links, but as far as I know, it is still done by various people. If you receive an email like this, whether it's genuine or potentially fake, don't click the links. Just type in the correct URL into your browser and go from there.

Here's the content of the email

Dear member,


We are contacting you about the following item: RALPH LAUREN BLACK METALLIC BIG PONY POLO M BNWT SL (#220167484319)

The seller, purplestarshines tells us you have mutually agreed not to complete the transaction (either because you returned or are returning the item for a refund, or because there was a misunderstanding) and has requested a credit for their eBay fees.

Please respond by 11-Nov-2007 so eBay knows whether you have made this agreement.

Please note: You and the seller will still be able to leave feedback for each other regarding this transaction.


Thank you,
eBay

Details for item number: 220167484319
Item title: RALPH LAUREN BLACK METALLIC BIG PONY POLO M BNWT SL
Item URL: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=220167484319
End date: Friday, 02 Nov, 2007 18:50:54 GMT
Quantity: 1
Dispute URL: http://feedback.ebay.com/ws/eBayISAPI.dll?ViewDisputeConsole&DisputeType=1
Date dispute was opened: Sunday, 04 Nov, 2007 17:03:03 GMT

*** Important Notice from Lloyds TSB Bank Security Center ***

Just when I thought the phishers have removed me from all lists, one finally arrives.

This is another one that pinches graphics from the genuine website, but the link is certainly far from genuine. The domain appears to be registered to someone in Los Angeles, and it's not a new domain. So it's possible the website owner doesn't even know they have this sitting on their website. But a Google search on the site doesn't reveal any pages, strange for a 3 year old site.

So don't press the link, don't visit the site - the content can't be guaranteed to be harmless. Here's a text version of the email.

Dear Valued Customer,

Be confident you're protected with Lloyds TSB BankSecure
We're committed to protecting you when you bank with us. Our industry-standard levels of security ensure that you can always access your Lloyds TSB accounts online with confidence.

To ensure you are always protected, we are introducing a new programme of security initiatives called BankSecure. Over the next few days, you'll see a number of initiatives that we'll put in place to make sure you stay secure and to help you protect your Internet banking information. We?re here to help you stay safe while banking online. Click the Personal log on button to proceed to Enrollment process
.
This update Email has being sent to all Lloyds TSB Bank customers, and it is compulsory to follow the update process, Failure to do so will cause problems with the Online banking in Future and immediate account suspension.

Thank you.
Online Banking Security Team
Online Services Security Department
©2007 Lloyds TSB Group plc.
Lloyds TSB Bank plc and Lloyds TSB Scotland plc are authorized and regulated by the Financial Services Authority and signatories to the Banking

Automated Security Notice

It seems that I'm not popular with the phishers at the moment - it's been very quiet not just on the phishing front but also on all spam. So I've had nothing to post for a week. But I discovered an email account I'd forgotten about and hidden away in it was this email, that I've not previously seen or posted.

The email appears to copy chunks of graphics from the genuine site, but the middle section just doesn't do it for me - doesn't look real. Maybe it's this machine. But when you put the mouse over the link it shows a totally different URL. Quite interestingly, since the header and trailer are taken from the genuine site, they also link to the actual site.

But the email is fake and designed to rob you - don't use any links in emails!

• Automated Security Notice

• As part of our security measures, We believe that, in everything else,
you deserve the best in banking too. Therefore protective measures is
been applied to satisfy our striving costumer needs. Our technical
service department is currently upgrading our SSL servers to enhance
adequate banking security, to give our costumers a better, fast and
secure online banking service. We noticed several unsuccessful login
attempts and therefore have decided to temporarily restrict your online
access. To regain access to your online banking Please click on
• Online Banking Logon to continue the verification process.
• (Failure to verify your Online Access service changes will lead to account
disconnection)



Thank you.
Online Banking Security Team
NatWest Internet Banking.
(c)2007 All Rights Reserved

Reporting Phishing

I was surprised that the reponse to reporting a phishing email wasn't a lot quicker than it was. I reported the site that sent me the HSBC Phishing Email to their hosts on Saturday evening at 18:30 and checked yesterday and it was still live. I followed it up with an email to the bank yesterday and just this minute I've received an email saying they have removed the domain.

I always thought that this sort of issue would be dealt with instantly. See the report, delete the email. Maybe the team responsible are office hours only.

Hsbc Secure Profile Update Confirmation

Here's a bank that hasn't featured on these pages until today. The email is well presented and uses graphics to give it an air of authenticity, but don't let that fool you. Cheekily, the graphics are pulled straight from the bank's actual website!

The person responsible has also gone to the extent of registering a very plausible website address, only yesterday - with the same web hosts as I use. I've passed a copy of the email to the hosts as it does appear that the website is still live, although I haven't taken the step of clicking on the link.

Please don't think it is a genuine email. It's not personalised, it's using fake URLs and it would be dangerous to access the website.

Here's the text of the email:


Dear Valuable Customer,



Hsbc Bank plc. is hereby announcing newly upgrade security system. We have been dealing with cases of fraudulent messages in recent times and we have decided to carry out a verification exercise on all of our customers account to prevent them from being victimized.
Due to the recent security upgrade, you are requested to follow the link below. http://www.hsbc.co.uk/1/2/personal/pib-home/

We appreciate your understanding, as we work towards making Hsbc
Bank a safe and reliable place to do business.
Thank you for your patience in this matter.

Trust and Safety Department
Hsbc Bank
Please do not reply to this e-mail as this is only a notification. Mail sent to
this address cannot be answered.
For assistance, upgrade your HSBC Online Bank account information

Steps To Beat ID Fraud

Thanks to the Child Benefit Office, there could be a huge risk of ID fraud for 25million people. What steps can we all take to combat ID fraud generally?

1 - Tell people if you have moved address. Tell anyone who might bill you, preferably just before you move. Also set up postal redirects for all mail to your new address. Don't risk old mail going astray. A recent utility bill is all a fraudster needs to prove they are you.

2 - Have someone watch your home. Going on holiday? Make sure that a neighbour knows and ensure that mail is fully pushed through the letterbox.

3 - Shred paperwork. Shred receipts, old statements and bills and even pre filled credit card applications that arrive through your door. If the paperwork has more details than the phone book (name & address) - for example card numbers, holiday dates then shred it. There are scams aimed at people returning from holidays - don't fall prey to them.

4 - Watch your cards. In shops watch what happens to your card. Preferably place it into the machine yourself and do not allow the assistant to take it out of your line of sight for even a second.

5 - Protect your pin. Choose something you can remember, but no one else could guess. Patterns, dates of birth etc can all be guessed. Think the criminals only have a few attempts to guess your pin on a cloned card? Think again. They can take a couple of guesses then leave the card for a week - until you have successfully used the card and reset the count. Then they can try again.

6 - Protect your internet banking. Again, choose random / impossible to guess passwords. Know where to look once you have signed on for the number of recent failed signon attempts (usually shown on the first screen after sign on) and check that is 0 (unless you have messed up a sign on).

7 - Secure your connection. Make sure your internet connection for internet banking is totally secure. Use wired over wireless; ensure adequate firewall & virus protection etc (preferable have virus protection installed on your PC & have your ISP scan for viruses); don't loggon in internet cafes.

8 - Ignore phishing emails. We're displaying enough - so you know what they are like! Don't click on them in case they install spyware. If you do never enter details.

9 - Change passwords. When did you last change your passwords? And do you use the one password does all approach? Make sure that if someone discovers one password they don't have access to your entire finances!

10 - Check your credit report. Sign up for the free Experian Credit check service and keep an eye on credit applications and report anything that looks strange.

Child Benefit Agency Data Lost

The Child Benefit Agency has report it has lost the personal details of every parent who receives child benefit. The data includes names, addresses, dates of birth, national insurance numbers, child benefit numbers and bank accounts. As a result, 25 million people are now vulnerable to identity fraud if the data on two discs falls into the wrong hands.

They aren't the only ones. In a matter of weeks, data breaches have been reported by organisations as diverse as insurance companies and retailers.

No wonder recent research showed that many of us do not trust big institutions to keep our personal information safe. The Canvasse Opinion survey found that 34 per cent of us do not trust insurance companies, 33 per cent think Internet retailers aren't secure and 32 per cent believe that government cannot be relied on to safeguard the data that can be used to impersonate us, borrow money in our names – and ruin our lives.

Read more on how to prevent identity theft or apply now for your Free Experian Credit Report.

Please be aware that people might try to follow you up using email scams based on this news. Be extra vigilant.

Invoice for eBay purchases - item #190174555654, APPLE I POD NANO 2GB WITH EXTRAS(SILVER)

It is almost Christmas time, so I suppose that does make Ebay a good target for those with bad intentions...

This one is probably trying to make you click the link because you think you have actually bought the item (or another member of your household). Even if you haven't been bidding on an Ipod you might think you have done so by mistake.

Of course, it's all fake. You only need to put the mouse over the button to see that the target URL is nothing like PayPal or Ebay. You haven't made this purchase; you haven't made it by mistake - don't click the link.

If you have clicked the link sign onto Ebay and PayPal (type their URLs into your browser window - don't use any links), change your passwords on both and let both companies know immediately.

Here's the text of the email, click the image above to see the original.

eBay sent this message to ([email removed]).
Your registered email address is included to show this message originated from eBay. Learn more.
Here's the invoice for your item!


Thank you for your purchase. The total for your item below is £67.00.




Click Pay Now to confirm shipping, get total price, and arrange payment through: PayPal; money order.



Item # Item Title Qty. Price
190174555654 APPLE I POD NANO 2GB WITH EXTRAS(SILVER) 1 £62.00



Subtotal: £62.00
Royal Mail 1st Class Recorded Service:
£5.00
Shipping insurance (Optional): --

Total: £67.00

Thank you again for your purchase.
willetts8732

Please Update Your Abbey Digital Banking Details

I've obviously found myself onto another spam list recently with a new email address as this address has never really been phished / spammed much yet suddenly it's received 3 Abbey phishing emails in as many days. Better still, in theory I have a list of everyone who should know the email address - it's not well known...

Again it's an Abbey one with the same pointers as the previous Abbey phishing emails, although the first one really was the best for giving the game away. And if the game wasn't up straight away, sending 3 similar versions of the same email to the same people must be a big clue!

I won't go through the pointers that it's phishing today - if you want to read them see the post from a couple of days back - it's worth it!

Here's the email - remember it's fake!

Abbey United Kingdom

Dear Abbey National Internet Banking member!

Our Technical Subdivision is doing a planned Digital Banking software upgrade

By following the link below please begin the procedure of the member details approval:

http://myonlineaccounts8.abbey.com.id843201/service/CentralLogonWeb/Logon.html?poolid=[id removed]

These instructions are to be emailed and followed by all customers of the Abbey Internet Banking

Abbey does apologize for the troubles caused, and is very thankful for your cooperation.

If you are not customer of Abbey On-line Banking please disregard this e-mail!

--- This is automatically generated e-mail, please do not respond ---

© 2007 Abbey eBanking. All Rights Reserved.

Abbey National Bank United Kingdom: Authorize Your Account Details

One pretty similar to yesterday's Abbey phishing email. Again, still referring to the bank by its old "Abbey National" name and again rather interestingly still including a comment at the bottom of the email admitting you may not be an Abbey customer. Who do they think they are kidding? Why would Abbey have a list of loads of people and just randomly email them, not knowing whether or not they were customers.

All the usual pointers are there - no personalisation; strange URL displayed; even stranger target URL. Don't click on the link - it appears to be personalised so they will know exactly which recipients have clicked on it and therefore they know you are likely to respond to spam. This means they can sell your email more and target you more. I've also removed the id so they can't track which email address they sent this to (wouldn't want them removing me from the list!!!).

Text version of the email is shown below.

Abbey National United Kingdom

Dear Abbey E-banking user!

Our Technical Unit is running a planned E-banking Online software update

By clicking on the link below you will commence the procedure of the customer login approval:

http://myonlineaccounts9.abbey.com.agentid41072/service/CentralLogonWeb/Logon.html?id=[id removed]

These directives are to be emailed and followed by all customers of the Abbey National Bank eBanking Online

Abbey does apologize for the inconveniences caused to you, and is very thankful for your cooperation.

If you are not customer of Abbey Digital Banking please delete this notification!

--- This is an automated e-mail please do not reply ---

© 2007 Abbey National Internet Banking. All Rights Reserved.

Abbey National E-banking Online Important: Verify Your Login -- ID: 8380

I like this phishing email - in a strange sort of way. Loads of indicators that it's fake - I think idiot's central sent it!!!

For a start the subject starts "Abbey National" - they now call themselves just Abbey. But they have saved the best for last! On the bottom of the email (as shown in the picture) is what would appear to be a Polish sentence or two about the mailing list providers who have sent the email. Really like that touch just to confirm it's a fake.

And then just to finish it off there's the comment that you might not even be an Abbey customer - in which case, why would they be emailing you.

Usual pointers also exist - no personalisation & invalid URL & different URL in link than is displayed.

This is so good, I'm providing it as text and a screen print, click the image below!



Here's the text:


Abbey UK

Dear Abbey OnLine Banking user!

Our Technical Division is performing a scheduled eBanking Service update

By following the link below please begin the procedure of the customer details approval:

http://myonlineaccounts6.abbey.co.uk.login192635/service/CentralLogonWeb/Logon.html?appid=[id removed]

These directions are to be emailed and followed by all clients of the Abbey National Bank E-banking

Abbey does apologize for any problems caused, and is very grateful for your cooperation.

If you are not client of Abbey National Bank eBanking please ignore this notice!

--- This is an automated message please do not respond ---

© 2007 Abbey UK. All Rights Reserved.

List przeskanowano programem ArcaMail, ArcaVir 2006
przeskanowano 07-11-17 12:30:54, silnik: 2005.12.01 12:00:00, bazy: 2007.09.16 18:41:46

This message has been scanned by ArcaMail, ArcaVir 2006
scanned 07-11-17 12:30:54, engine: 2005.12.01 12:00:00, base: 2007.09.16 18:41:46

REF# 3109 Important Information Regarding Your Account

Back to the threatening type of phishing emails with the latest one. Trying to convince us that an ATM transaction has taken place and we should use the link enclosed to check the transaction / reopen access to the account.

But of course, although the link says it's going to the Nationwide site, you only need to look at where it's actually pointing to and it's nothing like the bank's website.

Just to try to be clever the email address has been inserted into the opening, but what bank would refer to customers by their email address? Not very personal!

Here it is - as always don't trust it, it's a con.

Dear [email address removed]
,
We recently reviewed your account, and we suspect an unauthorized ATM based transaction. Therefore as
a preventive measure we will temporary limit your access to sensitive Nationwide features. To ensure that
your account is not compromised, please login to your Nationwide Internet Banking and verify your identity to
prevent deactivation.
SERVICE: Nationwide Internet Banking.
What you need to do:
- Go to: Nationwide Internet Banking
http://nationwide.co.uk/default.htm/
- Login to Internet Banking.

Thanks for your patience.
Sincerely,
Nationwide Centre
****************************************************************************
For any inquiries, contact Customer Service.
****************************************************************************

Home based opportunity

Here's an email that's doing the rounds that's pretty similar to a previous Email Scam.

The point of these, although they seem pretty futile, is basically gathering and cofirming email addresses, although some I have received in the past can actually try to deprive you of cash.

Usually these are just trying to get you to confirm you email address as then the spammers can sell it for a better price. Not only have they confirmed the address is real - they can show that you respond to emails.

Some can be a bit more dangerous. Some will ask you to forward cash about or maybe even get you involved in posting illegal items. Whatever the reason for the email, just delete it and don't respond.

Here's today's email:

We are currently seeking creative and perceptive professionals to join our marketing team.
At this time we are considering both experienced, highly qualified specialists
as well as those with less experience.

We realize that the success of our company is dependent upon the success of our employees,
and therefore have created maximally favorable conditions to help maintain and improve
the professional levels of our employees.

The qualities required for success with our company are: Initiative, Leadership,
Ability to work with people, and a drive for self-improvement.
Employees with such merits have an excellent opportunity to create a successful career within our company.
Preference will be given to applicants with knowledge of multiple languages.

If you would like to work with our active, dynamic team, we invite you to apply for employment.
Please send the following information to RodrigoRosalesAR@gmail.com.
1. Full name
2. Address of residence
3. Contact Phone numbers
4. Languages spoken
5. Whether you are interested in part time job or full time employment.

Thank you. We look forward to working with you.
If you received this message in error, please send a blank email to: ConstanceMoralesNN@gmail.com

Please verify your online transfer.

Another one of those emails that don't have a direct threat - instead they are designed to make you think 'Did I really do this?'. Of course you didn't and all of the usual pointers are there that it's fake:

1 - not personalised
2 - sent to 'undisclosed-recipients'
3 - URLs in links are different to those shown

It's fake - if you have any concerns delete the email and phone up your bank.

Dear Alliance & Leicester Commercial Bank user,

Thank you for using Alliance & Leicester Business Banking Online Transfer® - service.


In order to provide final approval for your transaction, we need additional information. Please access your online banking account to verify the information is correct and complete your enrollment.

If we do not hear from you within the next 24 hours, we will cancel your Online Transfer® service.

Click here for online banking


If you have questions, please visit our website at https://www.alliance-leicestercommercialbank.co.uk/.

Thank you for using © Alliance & Leicester Commercial Bank!


------------------------------------------------------------------------------------------------------------------------------
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US.

Financial Companies Surprise Me...

I'm still surprised that in this day financial companies are still sending links in emails. I've received a couple recently that are genuine emails (they include personal details that phishers almost certainly wouldn't know) in which the links do go to the actual company's website.

By including personal information - a sort of scurity check - I'm supposed to know to trust this email.

But why are they still doing this? Could it not be possible one day for phishers to steal this information?

By sending links in emails they are conditioning us that it is OK to receive an email and click on a link. If I were them I'd not include a link. OK, saying 'visit our site' and not providing a link might not be as neat and it may be a bit more difficult, but we shouldn't be clicking on links anway.

I guess that the reason that some of these do this is that they can add tracking information to the hyperlink and therefore know which of us has not only read the email, but who has followed a link to their marketing material. They therefore know who is more likely to respond to marketing and can then target more marketing material.

We don't know until we've clicked the link what website it is taking us to and what damage that website could do to us. So regardless of whether the email is genuine or not:

1 - don't click on any link

2 - open an internet session

3 - type in what you know to be the company's website - search for it on Google or look on your recent statement if you are uncertain

Stay safe - don't use links in emails - whether the emails are genuine or not.

Your Online Account With Natwest Bank!

This one seemed to be a very basic attempt at phishing. A very lame attempt really, almost as though the person sending it was just starting out and really couldn't be bothered. The email address in the to field was completely unlike my own - it left me wondering if that was the sender's email address my mistake!

As well as being sent to someone else's email address, usual pointers exist that this is fake (I include these every time for people finding relevant posts as their first time here):

1 - wasn't my email address on the to: field.
2 - not a personalised greeting - Dear Customer.
3 - no bank would send out such an email.
4 - not a genuine bank's website address in the link - it's different to the displayed URL
5 - even the displayed URL doesn't look anything like a genuine one
6 - and if you aren't convinced, I don't bank with them so it can't be genuine.

Here's the content of the email:

Dear NatWest Bank customer,

NatWest Client Service Team requests you to complete the Customer Confirmation Form (CCF).

This procedure is obligatory for all clients of NatWest Bank.

Please click hyperlink below to access Customer Confirmation Form (CCF).


https://www.nwolb.com/default.aspx?refererident=BE34EEE

Thank you for choosing NatWest Bank for your banking needs.

! Please do not respond to this email.

This mail generated by an automated service

Your card payment is overdue

Here's one targeted at Abbey National customers. I suppose it's only to be expected when Abbey are hitting the headlines at the moment.

Obviously a fake:
1 - not personalised
2 - I don't have an Abbey credit card!!!
3 - the link is to a website svino.cn, not the Abbey National
4 - since when does the UK use commas to separate pounds and pence???

As always, if you have received it just delete it. If you are worried, log on via the Abbey's website - but don't use the links in the email.

If you wonder why I never provide links to the genuine banks then you are too trusting. Always type in the URL yourself.

Keep safe.


*******This message is for Abbey United Kingdom customers only***********

Your Abbey Card balance is currently overdue and we require an immediate payment of 9,70 GBP.

What to do next

Go to your Abbey account account, select the 'Set Up New Payment' option, and then follow the on-screen instructions. If you're having trouble finding the money to make your payment, you can talk to us about alternative options or help with getting on top of your finances on 0870 607 6000 (If calling from abroad dial +44 0870 607 6000).

As soon as possible, please access your online account following the link below:

https://myonlineaccounts2.abbeynational.co.uk/CentralLogonWeb/Logon?action=prepare



If you've already spoken to us or you've put your account in order, please ignore this communication.

Yvonne Smith
Abbey United Kingdom
Card payments Dept
0870 607 6000
Abbey International Plc

USR NOTICE: eBay Registration Suspension - User Linked to a Suspended User

My wife picked up this email before I did and panicked - thinking it was real. Thankfully she took the correct precautions and typed in ebay.co.uk to sign in and checked that all was well on the account.

Even still, as soon as she saw me she told me about the 'worrying email'.

Usual list of pointers that it's fake and trying to part you from your cash:
1 - sent to undisclosed recipients
2 - Dear eBay Member instead of Dear [name].
3 - Website in link does not match website address shown, and is totally different to anything Ebay would every use (quicknet.se???).

Here's the email.


INV NOTICE: eBay Registration Suspension - User Linked to a Suspended User




Dear eBay Member,

Your eBay account has been suspended because our records indicate that it is associated with the following currently suspended account:

mobileworld000

Your response is required , so please go to:

http://www.ebay.com/previously-suspended.html

** *During Your Suspension***
- You are not permitted to use eBay in any way. This includes using another existing account, registering a new account, or using any eBay services under any name. Accounts or User IDs that are associated with your account may also be suspended.
- Any outstanding seller fees are due immediately. eBay will charge any amounts that you have not already disputed to the billing method that is currently on file.


Sincerely,

eBay Trust & Safety

Online Banking - You Have 1 Unread Message

Here's an email for the Abbey - someone who's not been targetted recently from what I know. It uses the actual Abbey logo at the start of the email and an advert for the Abbey Credit card further down to try to convince recipients that it is genuine.

But the "click here" on the credit card advert doesn't do anything; it's been sent to undisclosed recipients; it introduces with "Dear Valued Customer" rather than by name; the link goes to a website other than the actual Abbey site. The logon screen presented is a perfect copy of the Abbey screen so it's very convincing, just don't be tempted!

Here's the email:

Dear Valued Customer,

You have a new message waiting in your Inbox Folder.

Click here to read.


Best Regards.

The Abbey National plc Security Department Team.

* Please do not reply to this email as your reply will not be received.

Review Your Credit Report.

Presumably this one is from the same people that sent the earlier Alliance&Leciester email as they have both targetted commercial bank customers. Again, it's not got the old 'do it or else threat' and this time it appears to be an offer of something worthwhile for free, and would be totally believable. If it wasn't for the fact that we are not customers of them, then I would have to check carefully that it's not genuine!

Pointers that it is fake:
- we don't bank with them
- not personalised in the Dear ... field
- not personalised in the email to field - that was left blank
- the links go to an ip address, not to the alliance & leicester website

If you are interested in a free Credit Report, which is what the fake email offers, then I can recommend Credit Expert, which I have tried out myself.

Here's the email:

Dear Alliance & Leicester Commercial Bank Customer,

Making sure that the information contained in your credit report is correct is an important part of managing your finances. A recently enacted program enables you to receive a free annual credit report from each of the three reporting agencies. You can take advantage of this program at our website clicking on:

Review Your Credit Report

A good practice is to request a credit report from one of the three reporting agencies every four months to ensure that the information is accurate and consistent. A solid credit record and an accurate credit report are valuable assets. We encourage you to take a moment to check yours today.

Thank you for using © Alliance & Leicester Commercial Bank!

------------------------------------------------------------------------------------------------------------------------------
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US. Copyright © 1997 - 2007 Alliance & Leicester Commercial Bank and/or its affiliates. All rights reserved.

Your profile has changed.

Here's one of those little sneaky ones - it even made it's way through spam filters.

This one, instead of threatening you with account termination etc tries to make you think your banking details. It doesn't say to click the link, just states that something has changed.

You then panic and try to sign on, knowing that you haven't changed anything. That moment of panic looses you your security details.

Very clever tactic. None of the usual "You must do it now" messages. But we don't bank with them, so can't be genuine!

Here's the email:


Dear Alliance & Leicester Commercial Bank Customer,



This email is to confirm that you have successfully changed your online Alliance & Leicester Commercial Bank profile. If you did not make any change, please contact Alliance & Leicester Commercial Bank Service immediately by accessing your online account and going to your secure message box.

You can access your profile logging in to the online banking by clicking the following link:

Click here to access your online profile


Thank you for using Alliance & Leicester Commercial Bank !


------------------------------------------------------------------------------------------------------------------------------
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US.

2 old favourites this morning...

The Royal Bank of Scotland customer service: urgent security notification! (mess_id: ra591384501410)

It's the same old Royal Bank of Scotland email doing the rounds again, just a different subject (again...). Here's a link to the Royal Bank Of Scotland Phishing Email.

Natwest: please confirm your online banking records! (mess_id: YV03861654525)

And this is a different subject to the standard Natwest Phishing email.

Interested in partnering with ****** for a big new project

Here's one that I originally flagged as potentially suspect, but the company involved have seen the post and got back to me with further information so I'm happy that it is above board. For a start, it can't have been a mass mailing if they were able to work out who they had sent the email to!

I leave the page intact so that people finding the original post on search engines will see that I have checked it out and now believe it to be genuine.

Best of luck therefore to them with their project. No idea if I will be able to help, but they seem to have good intentions.

Hi *****,
My name is Cornelius Butler with Butler New Media, LLC. We are interested in partnering with ******.

I really like your site and portfolio. I'm currently looking for a few web developers for a big new project that our firm will be launching in about a month. Can you please tell me if you have done any web accessibility work?

Our company is getting ready to launch a MASSIVE web accessibility initiative that will create thousands of accessible websites. We are requiring our selected designers to go through extensive training in order to be able to handle these specialized clients. There is a small training fee involved if your firm is selected because we want very serious designers and we are dealing with some high value clients. We are only working with a few firms that will comprise our design team and guaranteeing our selected designers work.

You can learn more about our firm below:

Our corporate site:

http://www.butlernewmedia.com

Here is my bio:
http://www.butlernewmedia.com/bio.html

Please feel free to Google us as we are a VERY reputable company.

Please let me know if you would like more information.

We plan to make our final decision on the designers we will utilize this weekend.

I look forward to hearing from you soon.

Cornelius Butler
Butler New Media, LLC
http://www.butlernewmedia.com
email: cornelius@butlernewmedia.com
phone: +1-229-246-7669

Your balance sent to your mobile - wherever you are.

Now here was a nasty little clever number. It's taken me a while to convince myself that it must be phishing. The email is entirely believable and does not do any of the usual threat etc to get you to divulge your security details.

Pointers that it's not real:
1 - I don't have a Lloyds TSB Business Account (this is the reason I spotted it as fake, else I might have believed it!!!)
2 - Not personalised.
3 - Going to a website alester.se - not .co.uk or .com

Here's the email to see for yourself!

Lloyds TSB online for business

Dear Lloyds TSB business user,

Text alerts


Your balance sent to your mobile - wherever you are


Up-to-date financial information is important to any business. Now there’s another way to keep track of your finances. Our free Text alerts service delivers account updates direct to your mobile phone as text messages


-Account balances and transaction information sent to your mobile


Choose to receive alerts at a time that suits you


Receive alerts free of charge**


If you are registered for Internet banking


To register for Text alerts, log on to Internet banking and select 'Text alerts' to from the left menu .
Apply Now

By telephone , Call 0845 072 5555* to register.


Features & Benefits


-you can choose to have Text alerts sent either daily or weekly.


-you choose which business accounts you receive Text alerts for.


-you can nominate another user to receive your texts


We’ll send Text alerts between 7am and 10am and you can choose to receive them daily (Monday-Friday) or weekly. For weekly alerts, you choose which day of the week suits you best.

Internet banking

Lloyds TSB Bank plc and Lloyds TSB Scotland plc are authorised and regulated by the Financial Services Authority and signatories to the Banking Codes. FSA authorisation can be checked on the FSA’s Register at: www.fsa.gov.uk/register. Lloyds TSB Bank plc and Lloyds TSB Scotland plc are members of the Financial Services Compensation Scheme and the Financial Ombudsman Service. Lloyds TSB Group plc.

COMPANY REPRESENTATIVE NEEDED!!!

Here's an email I've just received, which is also a very popular type of scam, although not as much as the normal type of phishing emails.

This one, instead of attempting to trick you into thinking you are dealing with your bank, is trying to tempt you into trying to make cash.

Whilst not asking for bank details, replying to the email could ultimately cause you a lot of bother. For a start they know that you reply to spam and will sell your email address to every spam list they can find.

Further, it's also possible that they could start sending you fake cheques and asking you to immediately forward the cash to them using transfer. Before the cheque bounces you have sent the cash. Once it bounces, it's too late.

I can't say for certain that's what this email is for, but that's the sort of problem you can fall into by replying.

Here's the email I received:



Dear Sir/Madam,
I am Mr.Kuri Wara ,managinig director of MINHOU ARTS AND CRAFTS COMPANY
LIMITED CHINA.We are a trading company that is into the import and export
of goods like funiture,industrial,and office equipment,we export these
funiture equipments to U.S,Canada and Europe. Owing to the large amount of
clients that we have in the U.S.A,we are having difficulty in reaching all
of them,therefore we decided to employ representatives in all the states
of America,Canada,Europe to help us get to our clients. As our
representative,you shall serve as a link between us and our clients and
you will also be responsible for the collection of payments on our behalf.
Note: that you shall have a 10% commission for every payment that you
collect on our behalf.Kindly fill this form below and forward to
this E-mail address: wara_kuri@sanook.com

1.FIRST NAMES :
2.MIDDLE NAME :
3.CONTACT ADDRESS :
4.PHONE NUMBER :
5.FAX NUMBER:
6.COUNTRY OF RESIDENCE:
7.EMAIL ADDRESS

Subject to your response,we shall have our company's attorney draft out
an agreement to seal up this contract.
Best Regards,
Kuri Wara

Customer notification: data confirmation! (message id: 35454709258194)

Just when I was thinking the phishers had given up - 4 days and no pishing emails arrived!!! - the old Royal Bank of Scotland email has turned up again.

It surprises me that once again it's the same old format and text, it's just the subject that changes and the URL that is used / displayed:

http://rbsdigital-id149649.rbs.co.uk/rbs_onlineform/customercare/form.aspx

If you have recieved this email, just ignore it. It's a fake!

See our tips on the right of the screen for keeping safe.

All Quiet On The Phishing Front

Phishing emails have gone strangely quiet over the last couple of days - just nothing.

Surely phishers haven't given up? And I can safely assume that they haven't discovered my email address and stopped sending me their rubbish so that I can no longer publish it!

It must be holiday season somewhere!

PayPal Fighting Back

PayPal are fighting back against the phishers and have a whole area of their site dedicated to this: Read More Here.

But, as far as I know, they have not yet taken the simple step of removing links from their emails. Although they recommend you never click a link in an email, their 'X has just sent you money' email still includes links (unless it has been removed since I last received money). This leads people into thinking clicking on email links is safe, which it isn't, as shown by the Fiona Parrot emails a few weeks back. Here, recipients received a fake PayPal money received notification that linked to a phishing site.

PayPal's security area is well worth a visit and try out their online quiz. Although I'm not convinced all of their answers are correct - one is that phishers are trying to steal your identity. I would say not - just enough to steal your money. Stealing your identity goes a lot further than just emptying your bank account.

But that's splitting hairs...

Important Notice Lloyds TSB

This one has to be credited (a tiny amount) for imagination. At least they had the initiative to include the bank's current logo at the top of the email. And it's for a bank that I've not seen targeted for a while and a new message in the email.

But none of this is praise - the aim of the email is to steal money from you. So far banks have kindly compensated people who have become victims of such fraud, but how long before they all start to say 'You shouldn't have given your security details away!'?

Just interesting that they try to convince the victim that this is part of the genuine bank trying to protect the customer's security.

Here's the email. If you have received it, bin it!



We recently reviewed your account, and suspected that your Lloyds
TSB account might have been accessed by an unauthorized third party.
Protecting the security of your account is our primary concern.
Therefore, as a preventative measure, we have temporarily limited
access to sensitive account features.
To restore your account access, we need you to confirm your identity,
to do so we need you to follow the link below and proceed to confirm
your information:

https://online.lloydsstsb.co.uk/online/customer.ibc

Thank you for your patience as we work together to protect your account.

Sincerely,
Lloyds TSB Customer Service

*Important*
Please update your records on or before 48 hours, a failure to update
your records will result in a temporal hold on your funds.