Friday 30 November 2007

Automated Security Notice

NatWest Phishing EmailIt seems that I'm not popular with the phishers at the moment - it's been very quiet not just on the phishing front but also on all spam. So I've had nothing to post for a week. But I discovered an email account I'd forgotten about and hidden away in it was this email, that I've not previously seen or posted.

The email appears to copy chunks of graphics from the genuine site, but the middle section just doesn't do it for me - doesn't look real. Maybe it's this machine. But when you put the mouse over the link it shows a totally different URL. Quite interestingly, since the header and trailer are taken from the genuine site, they also link to the actual site.

But the email is fake and designed to rob you - don't use any links in emails!

• Automated Security Notice

• As part of our security measures, We believe that, in everything else,
you deserve the best in banking too. Therefore protective measures is
been applied to satisfy our striving costumer needs. Our technical
service department is currently upgrading our SSL servers to enhance
adequate banking security, to give our costumers a better, fast and
secure online banking service. We noticed several unsuccessful login
attempts and therefore have decided to temporarily restrict your online
access. To regain access to your online banking Please click on
• Online Banking Logon to continue the verification process.
• (Failure to verify your Online Access service changes will lead to account
disconnection)



Thank you.
Online Banking Security Team
NatWest Internet Banking.
(c)2007 All Rights Reserved

Monday 26 November 2007

Reporting Phishing

I was surprised that the reponse to reporting a phishing email wasn't a lot quicker than it was. I reported the site that sent me the HSBC Phishing Email to their hosts on Saturday evening at 18:30 and checked yesterday and it was still live. I followed it up with an email to the bank yesterday and just this minute I've received an email saying they have removed the domain.

I always thought that this sort of issue would be dealt with instantly. See the report, delete the email. Maybe the team responsible are office hours only.

Saturday 24 November 2007

Hsbc Secure Profile Update Confirmation

HSBC Phishing EmailHere's a bank that hasn't featured on these pages until today. The email is well presented and uses graphics to give it an air of authenticity, but don't let that fool you. Cheekily, the graphics are pulled straight from the bank's actual website!

The person responsible has also gone to the extent of registering a very plausible website address, only yesterday - with the same web hosts as I use. I've passed a copy of the email to the hosts as it does appear that the website is still live, although I haven't taken the step of clicking on the link.

Please don't think it is a genuine email. It's not personalised, it's using fake URLs and it would be dangerous to access the website.

Here's the text of the email:


Dear Valuable Customer,



Hsbc Bank plc. is hereby announcing newly upgrade security system. We have been dealing with cases of fraudulent messages in recent times and we have decided to carry out a verification exercise on all of our customers account to prevent them from being victimized.
Due to the recent security upgrade, you are requested to follow the link below. http://www.hsbc.co.uk/1/2/personal/pib-home/

We appreciate your understanding, as we work towards making Hsbc
Bank a safe and reliable place to do business.
Thank you for your patience in this matter.

Trust and Safety Department
Hsbc Bank
Please do not reply to this e-mail as this is only a notification. Mail sent to
this address cannot be answered.
For assistance, upgrade your HSBC Online Bank account information

Thursday 22 November 2007

Steps To Beat ID Fraud

Thanks to the Child Benefit Office, there could be a huge risk of ID fraud for 25million people. What steps can we all take to combat ID fraud generally?

1 - Tell people if you have moved address. Tell anyone who might bill you, preferably just before you move. Also set up postal redirects for all mail to your new address. Don't risk old mail going astray. A recent utility bill is all a fraudster needs to prove they are you.

2 - Have someone watch your home. Going on holiday? Make sure that a neighbour knows and ensure that mail is fully pushed through the letterbox.

3 - Shred paperwork. Shred receipts, old statements and bills and even pre filled credit card applications that arrive through your door. If the paperwork has more details than the phone book (name & address) - for example card numbers, holiday dates then shred it. There are scams aimed at people returning from holidays - don't fall prey to them.

4 - Watch your cards. In shops watch what happens to your card. Preferably place it into the machine yourself and do not allow the assistant to take it out of your line of sight for even a second.

5 - Protect your pin. Choose something you can remember, but no one else could guess. Patterns, dates of birth etc can all be guessed. Think the criminals only have a few attempts to guess your pin on a cloned card? Think again. They can take a couple of guesses then leave the card for a week - until you have successfully used the card and reset the count. Then they can try again.

6 - Protect your internet banking. Again, choose random / impossible to guess passwords. Know where to look once you have signed on for the number of recent failed signon attempts (usually shown on the first screen after sign on) and check that is 0 (unless you have messed up a sign on).

7 - Secure your connection. Make sure your internet connection for internet banking is totally secure. Use wired over wireless; ensure adequate firewall & virus protection etc (preferable have virus protection installed on your PC & have your ISP scan for viruses); don't loggon in internet cafes.

8 - Ignore phishing emails. We're displaying enough - so you know what they are like! Don't click on them in case they install spyware. If you do never enter details.

9 - Change passwords. When did you last change your passwords? And do you use the one password does all approach? Make sure that if someone discovers one password they don't have access to your entire finances!

10 - Check your credit report. Sign up for the free Experian Credit check service and keep an eye on credit applications and report anything that looks strange.

Credit Expert by Experian

Wednesday 21 November 2007

Child Benefit Agency Data Lost

The Child Benefit Agency has report it has lost the personal details of every parent who receives child benefit. The data includes names, addresses, dates of birth, national insurance numbers, child benefit numbers and bank accounts. As a result, 25 million people are now vulnerable to identity fraud if the data on two discs falls into the wrong hands.

They aren't the only ones. In a matter of weeks, data breaches have been reported by organisations as diverse as insurance companies and retailers.

No wonder recent research showed that many of us do not trust big institutions to keep our personal information safe. The Canvasse Opinion survey found that 34 per cent of us do not trust insurance companies, 33 per cent think Internet retailers aren't secure and 32 per cent believe that government cannot be relied on to safeguard the data that can be used to impersonate us, borrow money in our names – and ruin our lives.

Read more on how to prevent identity theft or apply now for your Free Experian Credit Report.

Please be aware that people might try to follow you up using email scams based on this news. Be extra vigilant.

Tuesday 20 November 2007

Invoice for eBay purchases - item #190174555654, APPLE I POD NANO 2GB WITH EXTRAS(SILVER)

Invoice for eBay purchases - item #190174555654, APPLE I POD NANO 2GB WITH EXTRAS(SILVER)It is almost Christmas time, so I suppose that does make Ebay a good target for those with bad intentions...

This one is probably trying to make you click the link because you think you have actually bought the item (or another member of your household). Even if you haven't been bidding on an Ipod you might think you have done so by mistake.

Of course, it's all fake. You only need to put the mouse over the button to see that the target URL is nothing like PayPal or Ebay. You haven't made this purchase; you haven't made it by mistake - don't click the link.

If you have clicked the link sign onto Ebay and PayPal (type their URLs into your browser window - don't use any links), change your passwords on both and let both companies know immediately.

Here's the text of the email, click the image above to see the original.

eBay sent this message to ([email removed]).
Your registered email address is included to show this message originated from eBay. Learn more.
Here's the invoice for your item!


Thank you for your purchase. The total for your item below is £67.00.




Click Pay Now to confirm shipping, get total price, and arrange payment through: PayPal; money order.



Item # Item Title Qty. Price
190174555654 APPLE I POD NANO 2GB WITH EXTRAS(SILVER) 1 £62.00



Subtotal: £62.00
Royal Mail 1st Class Recorded Service:
£5.00
Shipping insurance (Optional): --

Total: £67.00

Thank you again for your purchase.
willetts8732

Monday 19 November 2007

Please Update Your Abbey Digital Banking Details

Abbey Phishing EmailI've obviously found myself onto another spam list recently with a new email address as this address has never really been phished / spammed much yet suddenly it's received 3 Abbey phishing emails in as many days. Better still, in theory I have a list of everyone who should know the email address - it's not well known...

Again it's an Abbey one with the same pointers as the previous Abbey phishing emails, although the first one really was the best for giving the game away. And if the game wasn't up straight away, sending 3 similar versions of the same email to the same people must be a big clue!

I won't go through the pointers that it's phishing today - if you want to read them see the post from a couple of days back - it's worth it!

Here's the email - remember it's fake!

Abbey United Kingdom

Dear Abbey National Internet Banking member!

Our Technical Subdivision is doing a planned Digital Banking software upgrade

By following the link below please begin the procedure of the member details approval:

http://myonlineaccounts8.abbey.com.id843201/service/CentralLogonWeb/Logon.html?poolid=[id removed]

These instructions are to be emailed and followed by all customers of the Abbey Internet Banking

Abbey does apologize for the troubles caused, and is very thankful for your cooperation.

If you are not customer of Abbey On-line Banking please disregard this e-mail!

--- This is automatically generated e-mail, please do not respond ---

© 2007 Abbey eBanking. All Rights Reserved.

Sunday 18 November 2007

Abbey National Bank United Kingdom: Authorize Your Account Details

Abbey Phishing EmailOne pretty similar to yesterday's Abbey phishing email. Again, still referring to the bank by its old "Abbey National" name and again rather interestingly still including a comment at the bottom of the email admitting you may not be an Abbey customer. Who do they think they are kidding? Why would Abbey have a list of loads of people and just randomly email them, not knowing whether or not they were customers.

All the usual pointers are there - no personalisation; strange URL displayed; even stranger target URL. Don't click on the link - it appears to be personalised so they will know exactly which recipients have clicked on it and therefore they know you are likely to respond to spam. This means they can sell your email more and target you more. I've also removed the id so they can't track which email address they sent this to (wouldn't want them removing me from the list!!!).

Text version of the email is shown below.

Abbey National United Kingdom

Dear Abbey E-banking user!

Our Technical Unit is running a planned E-banking Online software update

By clicking on the link below you will commence the procedure of the customer login approval:

http://myonlineaccounts9.abbey.com.agentid41072/service/CentralLogonWeb/Logon.html?id=[id removed]

These directives are to be emailed and followed by all customers of the Abbey National Bank eBanking Online

Abbey does apologize for the inconveniences caused to you, and is very thankful for your cooperation.

If you are not customer of Abbey Digital Banking please delete this notification!

--- This is an automated e-mail please do not reply ---

© 2007 Abbey National Internet Banking. All Rights Reserved.

Saturday 17 November 2007

Abbey National E-banking Online Important: Verify Your Login -- ID: 8380

I like this phishing email - in a strange sort of way. Loads of indicators that it's fake - I think idiot's central sent it!!!

For a start the subject starts "Abbey National" - they now call themselves just Abbey. But they have saved the best for last! On the bottom of the email (as shown in the picture) is what would appear to be a Polish sentence or two about the mailing list providers who have sent the email. Really like that touch just to confirm it's a fake.

And then just to finish it off there's the comment that you might not even be an Abbey customer - in which case, why would they be emailing you.

Usual pointers also exist - no personalisation & invalid URL & different URL in link than is displayed.

This is so good, I'm providing it as text and a screen print, click the image below!

Abbey Phishing Email

Here's the text:


Abbey UK

Dear Abbey OnLine Banking user!

Our Technical Division is performing a scheduled eBanking Service update

By following the link below please begin the procedure of the customer details approval:

http://myonlineaccounts6.abbey.co.uk.login192635/service/CentralLogonWeb/Logon.html?appid=[id removed]

These directions are to be emailed and followed by all clients of the Abbey National Bank E-banking

Abbey does apologize for any problems caused, and is very grateful for your cooperation.

If you are not client of Abbey National Bank eBanking please ignore this notice!

--- This is an automated message please do not respond ---

© 2007 Abbey UK. All Rights Reserved.

List przeskanowano programem ArcaMail, ArcaVir 2006
przeskanowano 07-11-17 12:30:54, silnik: 2005.12.01 12:00:00, bazy: 2007.09.16 18:41:46

This message has been scanned by ArcaMail, ArcaVir 2006
scanned 07-11-17 12:30:54, engine: 2005.12.01 12:00:00, base: 2007.09.16 18:41:46

Thursday 15 November 2007

REF# 3109 Important Information Regarding Your Account

Back to the threatening type of phishing emails with the latest one. Trying to convince us that an ATM transaction has taken place and we should use the link enclosed to check the transaction / reopen access to the account.

But of course, although the link says it's going to the Nationwide site, you only need to look at where it's actually pointing to and it's nothing like the bank's website.

Just to try to be clever the email address has been inserted into the opening, but what bank would refer to customers by their email address? Not very personal!

Here it is - as always don't trust it, it's a con.

Dear [email address removed]
,
We recently reviewed your account, and we suspect an unauthorized ATM based transaction. Therefore as
a preventive measure we will temporary limit your access to sensitive Nationwide features. To ensure that
your account is not compromised, please login to your Nationwide Internet Banking and verify your identity to
prevent deactivation.
SERVICE: Nationwide Internet Banking.
What you need to do:
- Go to: Nationwide Internet Banking
http://nationwide.co.uk/default.htm/
- Login to Internet Banking.

Thanks for your patience.
Sincerely,
Nationwide Centre
****************************************************************************
For any inquiries, contact Customer Service.
****************************************************************************

Tuesday 13 November 2007

Home based opportunity

Here's an email that's doing the rounds that's pretty similar to a previous Email Scam.

The point of these, although they seem pretty futile, is basically gathering and cofirming email addresses, although some I have received in the past can actually try to deprive you of cash.

Usually these are just trying to get you to confirm you email address as then the spammers can sell it for a better price. Not only have they confirmed the address is real - they can show that you respond to emails.

Some can be a bit more dangerous. Some will ask you to forward cash about or maybe even get you involved in posting illegal items. Whatever the reason for the email, just delete it and don't respond.

Here's today's email:

We are currently seeking creative and perceptive professionals to join our marketing team.
At this time we are considering both experienced, highly qualified specialists
as well as those with less experience.

We realize that the success of our company is dependent upon the success of our employees,
and therefore have created maximally favorable conditions to help maintain and improve
the professional levels of our employees.

The qualities required for success with our company are: Initiative, Leadership,
Ability to work with people, and a drive for self-improvement.
Employees with such merits have an excellent opportunity to create a successful career within our company.
Preference will be given to applicants with knowledge of multiple languages.

If you would like to work with our active, dynamic team, we invite you to apply for employment.
Please send the following information to RodrigoRosalesAR@gmail.com.
1. Full name
2. Address of residence
3. Contact Phone numbers
4. Languages spoken
5. Whether you are interested in part time job or full time employment.

Thank you. We look forward to working with you.
If you received this message in error, please send a blank email to: ConstanceMoralesNN@gmail.com

Please verify your online transfer.

Another one of those emails that don't have a direct threat - instead they are designed to make you think 'Did I really do this?'. Of course you didn't and all of the usual pointers are there that it's fake:

1 - not personalised
2 - sent to 'undisclosed-recipients'
3 - URLs in links are different to those shown

It's fake - if you have any concerns delete the email and phone up your bank.

Dear Alliance & Leicester Commercial Bank user,

Thank you for using Alliance & Leicester Business Banking Online Transfer® - service.


In order to provide final approval for your transaction, we need additional information. Please access your online banking account to verify the information is correct and complete your enrollment.

If we do not hear from you within the next 24 hours, we will cancel your Online Transfer® service.

Click here for online banking


If you have questions, please visit our website at https://www.alliance-leicestercommercialbank.co.uk/.

Thank you for using © Alliance & Leicester Commercial Bank!


------------------------------------------------------------------------------------------------------------------------------
DO NOT REPLY TO THIS EMAIL. IF YOU HAVE QUESTIONS PLEASE CONTACT US.

Sunday 11 November 2007

Financial Companies Surprise Me...

I'm still surprised that in this day financial companies are still sending links in emails. I've received a couple recently that are genuine emails (they include personal details that phishers almost certainly wouldn't know) in which the links do go to the actual company's website.

By including personal information - a sort of scurity check - I'm supposed to know to trust this email.

But why are they still doing this? Could it not be possible one day for phishers to steal this information?

By sending links in emails they are conditioning us that it is OK to receive an email and click on a link. If I were them I'd not include a link. OK, saying 'visit our site' and not providing a link might not be as neat and it may be a bit more difficult, but we shouldn't be clicking on links anway.

I guess that the reason that some of these do this is that they can add tracking information to the hyperlink and therefore know which of us has not only read the email, but who has followed a link to their marketing material. They therefore know who is more likely to respond to marketing and can then target more marketing material.

We don't know until we've clicked the link what website it is taking us to and what damage that website could do to us. So regardless of whether the email is genuine or not:

1 - don't click on any link

2 - open an internet session

3 - type in what you know to be the company's website - search for it on Google or look on your recent statement if you are uncertain

Stay safe - don't use links in emails - whether the emails are genuine or not.

Friday 9 November 2007

Your Online Account With Natwest Bank!

This one seemed to be a very basic attempt at phishing. A very lame attempt really, almost as though the person sending it was just starting out and really couldn't be bothered. The email address in the to field was completely unlike my own - it left me wondering if that was the sender's email address my mistake!

As well as being sent to someone else's email address, usual pointers exist that this is fake (I include these every time for people finding relevant posts as their first time here):

1 - wasn't my email address on the to: field.
2 - not a personalised greeting - Dear Customer.
3 - no bank would send out such an email.
4 - not a genuine bank's website address in the link - it's different to the displayed URL
5 - even the displayed URL doesn't look anything like a genuine one
6 - and if you aren't convinced, I don't bank with them so it can't be genuine.

Here's the content of the email:

Dear NatWest Bank customer,

NatWest Client Service Team requests you to complete the Customer Confirmation Form (CCF).

This procedure is obligatory for all clients of NatWest Bank.

Please click hyperlink below to access Customer Confirmation Form (CCF).


https://www.nwolb.com/default.aspx?refererident=BE34EEE

Thank you for choosing NatWest Bank for your banking needs.

! Please do not respond to this email.

This mail generated by an automated service

Thursday 8 November 2007

Your card payment is overdue

Here's one targeted at Abbey National customers. I suppose it's only to be expected when Abbey are hitting the headlines at the moment.

Obviously a fake:
1 - not personalised
2 - I don't have an Abbey credit card!!!
3 - the link is to a website svino.cn, not the Abbey National
4 - since when does the UK use commas to separate pounds and pence???

As always, if you have received it just delete it. If you are worried, log on via the Abbey's website - but don't use the links in the email.

If you wonder why I never provide links to the genuine banks then you are too trusting. Always type in the URL yourself.

Keep safe.


*******This message is for Abbey United Kingdom customers only***********

Your Abbey Card balance is currently overdue and we require an immediate payment of 9,70 GBP.

What to do next

Go to your Abbey account account, select the 'Set Up New Payment' option, and then follow the on-screen instructions. If you're having trouble finding the money to make your payment, you can talk to us about alternative options or help with getting on top of your finances on 0870 607 6000 (If calling from abroad dial +44 0870 607 6000).

As soon as possible, please access your online account following the link below:

https://myonlineaccounts2.abbeynational.co.uk/CentralLogonWeb/Logon?action=prepare



If you've already spoken to us or you've put your account in order, please ignore this communication.

Yvonne Smith
Abbey United Kingdom
Card payments Dept
0870 607 6000
Abbey International Plc

Friday 2 November 2007

USR NOTICE: eBay Registration Suspension - User Linked to a Suspended User

My wife picked up this email before I did and panicked - thinking it was real. Thankfully she took the correct precautions and typed in ebay.co.uk to sign in and checked that all was well on the account.

Even still, as soon as she saw me she told me about the 'worrying email'.

Usual list of pointers that it's fake and trying to part you from your cash:
1 - sent to undisclosed recipients
2 - Dear eBay Member instead of Dear [name].
3 - Website in link does not match website address shown, and is totally different to anything Ebay would every use (quicknet.se???).

Here's the email.


INV NOTICE: eBay Registration Suspension - User Linked to a Suspended User




Dear eBay Member,

Your eBay account has been suspended because our records indicate that it is associated with the following currently suspended account:

mobileworld000

Your response is required , so please go to:

http://www.ebay.com/previously-suspended.html

** *During Your Suspension***
- You are not permitted to use eBay in any way. This includes using another existing account, registering a new account, or using any eBay services under any name. Accounts or User IDs that are associated with your account may also be suspended.
- Any outstanding seller fees are due immediately. eBay will charge any amounts that you have not already disputed to the billing method that is currently on file.


Sincerely,

eBay Trust & Safety