Online Banking - You Have 1 Unread Message

Here's an email for the Abbey - someone who's not been targetted recently from what I know. It uses the actual Abbey logo at the start of the email and an advert for the Abbey Credit card further down to try to convince recipients that it is genuine.

But the "click here" on the credit card advert doesn't do anything; it's been sent to undisclosed recipients; it introduces with "Dear Valued Customer" rather than by name; the link goes to a website other than the actual Abbey site. The logon screen presented is a perfect copy of the Abbey screen so it's very convincing, just don't be tempted!

Here's the email:

Dear Valued Customer,

You have a new message waiting in your Inbox Folder.

Click here to read.


Best Regards.

The Abbey National plc Security Department Team.

* Please do not reply to this email as your reply will not be received.

Review Your Credit Report.

Presumably this one is from the same people that sent the earlier Alliance&Leciester email as they have both targetted commercial bank customers. Again, it's not got the old 'do it or else threat' and this time it appears to be an offer of something worthwhile for free, and would be totally believable. If it wasn't for the fact that we are not customers of them, then I would have to check carefully that it's not genuine!

Pointers that it is fake:
- we don't bank with them
- not personalised in the Dear ... field
- not personalised in the email to field - that was left blank
- the links go to an ip address, not to the alliance & leicester website

If you are interested in a free Credit Report, which is what the fake email offers, then I can recommend Credit Expert, which I have tried out myself.

Here's the email:

Dear Alliance & Leicester Commercial Bank Customer,

Making sure that the information contained in your credit report is correct is an important part of managing your finances. A recently enacted program enables you to receive a free annual credit report from each of the three reporting agencies. You can take advantage of this program at our website clicking on:

Review Your Credit Report

A good practice is to request a credit report from one of the three reporting agencies every four months to ensure that the information is accurate and consistent. A solid credit record and an accurate credit report are valuable assets. We encourage you to take a moment to check yours today.

Thank you for using © Alliance & Leicester Commercial Bank!

------------------------------------------------------------------------------------------------------------------------------
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US. Copyright © 1997 - 2007 Alliance & Leicester Commercial Bank and/or its affiliates. All rights reserved.

Your profile has changed.

Here's one of those little sneaky ones - it even made it's way through spam filters.

This one, instead of threatening you with account termination etc tries to make you think your banking details. It doesn't say to click the link, just states that something has changed.

You then panic and try to sign on, knowing that you haven't changed anything. That moment of panic looses you your security details.

Very clever tactic. None of the usual "You must do it now" messages. But we don't bank with them, so can't be genuine!

Here's the email:


Dear Alliance & Leicester Commercial Bank Customer,



This email is to confirm that you have successfully changed your online Alliance & Leicester Commercial Bank profile. If you did not make any change, please contact Alliance & Leicester Commercial Bank Service immediately by accessing your online account and going to your secure message box.

You can access your profile logging in to the online banking by clicking the following link:

Click here to access your online profile


Thank you for using Alliance & Leicester Commercial Bank !


------------------------------------------------------------------------------------------------------------------------------
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US.

2 old favourites this morning...

The Royal Bank of Scotland customer service: urgent security notification! (mess_id: ra591384501410)

It's the same old Royal Bank of Scotland email doing the rounds again, just a different subject (again...). Here's a link to the Royal Bank Of Scotland Phishing Email.

Natwest: please confirm your online banking records! (mess_id: YV03861654525)

And this is a different subject to the standard Natwest Phishing email.

Interested in partnering with ****** for a big new project

Here's one that I originally flagged as potentially suspect, but the company involved have seen the post and got back to me with further information so I'm happy that it is above board. For a start, it can't have been a mass mailing if they were able to work out who they had sent the email to!

I leave the page intact so that people finding the original post on search engines will see that I have checked it out and now believe it to be genuine.

Best of luck therefore to them with their project. No idea if I will be able to help, but they seem to have good intentions.

Hi *****,
My name is Cornelius Butler with Butler New Media, LLC. We are interested in partnering with ******.

I really like your site and portfolio. I'm currently looking for a few web developers for a big new project that our firm will be launching in about a month. Can you please tell me if you have done any web accessibility work?

Our company is getting ready to launch a MASSIVE web accessibility initiative that will create thousands of accessible websites. We are requiring our selected designers to go through extensive training in order to be able to handle these specialized clients. There is a small training fee involved if your firm is selected because we want very serious designers and we are dealing with some high value clients. We are only working with a few firms that will comprise our design team and guaranteeing our selected designers work.

You can learn more about our firm below:

Our corporate site:

http://www.butlernewmedia.com

Here is my bio:
http://www.butlernewmedia.com/bio.html

Please feel free to Google us as we are a VERY reputable company.

Please let me know if you would like more information.

We plan to make our final decision on the designers we will utilize this weekend.

I look forward to hearing from you soon.

Cornelius Butler
Butler New Media, LLC
http://www.butlernewmedia.com
email: cornelius@butlernewmedia.com
phone: +1-229-246-7669

Your balance sent to your mobile - wherever you are.

Now here was a nasty little clever number. It's taken me a while to convince myself that it must be phishing. The email is entirely believable and does not do any of the usual threat etc to get you to divulge your security details.

Pointers that it's not real:
1 - I don't have a Lloyds TSB Business Account (this is the reason I spotted it as fake, else I might have believed it!!!)
2 - Not personalised.
3 - Going to a website alester.se - not .co.uk or .com

Here's the email to see for yourself!

Lloyds TSB online for business

Dear Lloyds TSB business user,

Text alerts


Your balance sent to your mobile - wherever you are


Up-to-date financial information is important to any business. Now there’s another way to keep track of your finances. Our free Text alerts service delivers account updates direct to your mobile phone as text messages


-Account balances and transaction information sent to your mobile


Choose to receive alerts at a time that suits you


Receive alerts free of charge**


If you are registered for Internet banking


To register for Text alerts, log on to Internet banking and select 'Text alerts' to from the left menu .
Apply Now

By telephone , Call 0845 072 5555* to register.


Features & Benefits


-you can choose to have Text alerts sent either daily or weekly.


-you choose which business accounts you receive Text alerts for.


-you can nominate another user to receive your texts


We’ll send Text alerts between 7am and 10am and you can choose to receive them daily (Monday-Friday) or weekly. For weekly alerts, you choose which day of the week suits you best.

Internet banking

Lloyds TSB Bank plc and Lloyds TSB Scotland plc are authorised and regulated by the Financial Services Authority and signatories to the Banking Codes. FSA authorisation can be checked on the FSA’s Register at: www.fsa.gov.uk/register. Lloyds TSB Bank plc and Lloyds TSB Scotland plc are members of the Financial Services Compensation Scheme and the Financial Ombudsman Service. Lloyds TSB Group plc.

COMPANY REPRESENTATIVE NEEDED!!!

Here's an email I've just received, which is also a very popular type of scam, although not as much as the normal type of phishing emails.

This one, instead of attempting to trick you into thinking you are dealing with your bank, is trying to tempt you into trying to make cash.

Whilst not asking for bank details, replying to the email could ultimately cause you a lot of bother. For a start they know that you reply to spam and will sell your email address to every spam list they can find.

Further, it's also possible that they could start sending you fake cheques and asking you to immediately forward the cash to them using transfer. Before the cheque bounces you have sent the cash. Once it bounces, it's too late.

I can't say for certain that's what this email is for, but that's the sort of problem you can fall into by replying.

Here's the email I received:



Dear Sir/Madam,
I am Mr.Kuri Wara ,managinig director of MINHOU ARTS AND CRAFTS COMPANY
LIMITED CHINA.We are a trading company that is into the import and export
of goods like funiture,industrial,and office equipment,we export these
funiture equipments to U.S,Canada and Europe. Owing to the large amount of
clients that we have in the U.S.A,we are having difficulty in reaching all
of them,therefore we decided to employ representatives in all the states
of America,Canada,Europe to help us get to our clients. As our
representative,you shall serve as a link between us and our clients and
you will also be responsible for the collection of payments on our behalf.
Note: that you shall have a 10% commission for every payment that you
collect on our behalf.Kindly fill this form below and forward to
this E-mail address: wara_kuri@sanook.com

1.FIRST NAMES :
2.MIDDLE NAME :
3.CONTACT ADDRESS :
4.PHONE NUMBER :
5.FAX NUMBER:
6.COUNTRY OF RESIDENCE:
7.EMAIL ADDRESS

Subject to your response,we shall have our company's attorney draft out
an agreement to seal up this contract.
Best Regards,
Kuri Wara

Customer notification: data confirmation! (message id: 35454709258194)

Just when I was thinking the phishers had given up - 4 days and no pishing emails arrived!!! - the old Royal Bank of Scotland email has turned up again.

It surprises me that once again it's the same old format and text, it's just the subject that changes and the URL that is used / displayed:

http://rbsdigital-id149649.rbs.co.uk/rbs_onlineform/customercare/form.aspx

If you have recieved this email, just ignore it. It's a fake!

See our tips on the right of the screen for keeping safe.

All Quiet On The Phishing Front

Phishing emails have gone strangely quiet over the last couple of days - just nothing.

Surely phishers haven't given up? And I can safely assume that they haven't discovered my email address and stopped sending me their rubbish so that I can no longer publish it!

It must be holiday season somewhere!

PayPal Fighting Back

PayPal are fighting back against the phishers and have a whole area of their site dedicated to this: Read More Here.

But, as far as I know, they have not yet taken the simple step of removing links from their emails. Although they recommend you never click a link in an email, their 'X has just sent you money' email still includes links (unless it has been removed since I last received money). This leads people into thinking clicking on email links is safe, which it isn't, as shown by the Fiona Parrot emails a few weeks back. Here, recipients received a fake PayPal money received notification that linked to a phishing site.

PayPal's security area is well worth a visit and try out their online quiz. Although I'm not convinced all of their answers are correct - one is that phishers are trying to steal your identity. I would say not - just enough to steal your money. Stealing your identity goes a lot further than just emptying your bank account.

But that's splitting hairs...

Important Notice Lloyds TSB

This one has to be credited (a tiny amount) for imagination. At least they had the initiative to include the bank's current logo at the top of the email. And it's for a bank that I've not seen targeted for a while and a new message in the email.

But none of this is praise - the aim of the email is to steal money from you. So far banks have kindly compensated people who have become victims of such fraud, but how long before they all start to say 'You shouldn't have given your security details away!'?

Just interesting that they try to convince the victim that this is part of the genuine bank trying to protect the customer's security.

Here's the email. If you have received it, bin it!



We recently reviewed your account, and suspected that your Lloyds
TSB account might have been accessed by an unauthorized third party.
Protecting the security of your account is our primary concern.
Therefore, as a preventative measure, we have temporarily limited
access to sensitive account features.
To restore your account access, we need you to confirm your identity,
to do so we need you to follow the link below and proceed to confirm
your information:

https://online.lloydsstsb.co.uk/online/customer.ibc

Thank you for your patience as we work together to protect your account.

Sincerely,
Lloyds TSB Customer Service

*Important*
Please update your records on or before 48 hours, a failure to update
your records will result in a temporal hold on your funds.

The Royal Bank of Scotland: details confirmation! (message id: QQ66629875315)

This one doesn't seem to do the rounds too quickly, but it is the same old Royal Bank of Scotland email that keeps doing the rounds.

This time the displayed URL is http://rbsdigital-id52176.rbs.co.uk/rbs_onlineform/customercare/form.aspx, but it still makes me wonder why phishers think it will work constantly sending the same email with different subjects and URLs. And why do they always include the copyright statement?

National Westminster Bank customer service: alert - online form released! (message id: Q3870916TX)

Still the same Natwest email is doing the rounds, just yet another new subject, but apart from the destination URL, the rest of the emaili is just the standard Natwest Email.

This time the displayed URL is: http://onlinesession-154830231.natwest.com/updatemode/userdatadirectory/start.aspx

Important information from NationWide Building Society

Seems the phishers have discovered colour in their emails! This one has the first line in bold & red, the rest in blue. How pretty.

It's rather different to the NationWide email doing the rounds a few weeks ago, so I'll publish the email in full.

A rather strange bit of information is included within the text - presumably a bit of nonsense to try to make you believe that the email is genuine. I'm referring to the logging each time you access the service. Or maybe it's just the phisher holding their hands up in shame and admitting they really just want to rob all of your security details.

Here it is:


Internet Banking News

Internet Banking Security Update - advance notice

Nationwide Bank Plc introducing New Security Measures as part of our ongoing commitment to helping you stay safe online.

These New Security Measures, you’ll be asked to answer 5 questions and you could then be asked to answer one of these questions at any point when using our Internet Banking service. The answers to the questions should be easy to remember as they will be personal to you.

To find out more about new security measures, you are hereby requested to update your online banking account as quickly as possible by clicking the link below:

https://olb2.nationet.com/MyAccounts/frame_MyAccounts_WP2.asp?

*important*
Please remember that every time you sign on to Internet Banking the date and time is automatically
logged*.

Richard Searle
Head Of Electronic Channels

Citizens Bank: Please Confirm Your Data! (mess_id: nt4636143954500)

I seem to have managed to get a couple more of my emails onto phishers' cirulation lists and overnight I've received a couple of variations.

First was for Citizens Bank. Never heard of this place before - I assume it is an American Bank (they also targetted a .com email address). But the email is virtually identical to those doing the rounds for the NatWest. This one has the bank's name changed and a bit of use of colour to try to convince you that it's real. But it's a very cheap attempt.

As always, it's a very generic greeting "Dear business or corporate customer of Citizens Bank". Would any bank send such a general and unprofessional greeting to every customer?

Here's the email, in full technicolour!

Dear business or corporate customer of Citizens Bank,

Citizens Bank Customer Service requests you to complete Money Manager GPS Online Form.

This procedure is obligatory for all Money Manager Global Processing Solutions™ (GPS) users.

Please click hyperlink below to access Money Manager GPS Online Form.

http://moneymanagergps-id194012.citizensbank.com/gps/userdir/onlineform.aspx

Please do not respond to this email.

**********************************************************

© Copyright 2007 Citizens Financial Group. All rights reserved.

NatWest

It seems that the NatWest are still the victim of phishers targetting their customers. Still the same old email (see NatWest Email), just the link has changed. So I'll just post the link this time around:

http://onlinesession-231161787.natwest.com/updatemode/userdatadirectory/start.aspx

I've no idea whether these are all coming from the same people / organisation and why they are constantly using the same email list. Surely by now all recipients must know they are fakes and not do anything???