Ebay | Notice of account temporary suspension

Here's quite a long phishing email targeted at Ebay.

It's designed to frighten you into thinking someone has been attempting to access your account, but don't worry, it's not an indication that anything that happened.

If you are in any way worried, type in the Ebay address manually, don't click any of the links.

Here's the details:

From: aw-confirm
To: undisclosed-recipients
Subject: Notice of account temporary suspension
Target URL: http://chazanut.org/user/all/cancel.php

Notice of account temporary suspension


Stimated eBay member :


We regret to inform you that your eBay account, has been temporarily suspended due to various login attempts from diffrent global locations.

NOTE

This is a preventive Warning message for our users to be able to avoid fraudulent activity and future inconveniences.


As Romania is one of the most high rated fraudulent countries , we temporarily suspended your account to avoid future problems or misusage of your eBay account.


Here are the last 3 login attempts :

1. IP address : 193.105.3.173
ISP host : st13.i-cafe.orizont.net
Location : Romania

2. IP address : 80.97.171.22
ISP host : rds-net.bistrita.net
Location : Romania

3. IP address : 62.177.188.59
ISP host : adsl.bbeyond.ro
Location : Romania


If you are traveling and made these login attempts yourself or borrowed your eBay account to someone else , please log in below.

Travelling confirmation Here

If you want to re-activate your eBay account , please follow our instructions.

Re-activate your account Here

If this situation is not solved in the next 24 hours your account will be permanently suspended.


Sincerely, eBay

Abbey National | Your Online Account With Abbey!

Abbey's turn this time for a very basic text email. It's the very common Customer Confirmation Form, or CCF as the Phishers like to call it. No bank would ever randomly ask you to confirm your security details, and definitely not through a website with the name doplo.cn. Nothing comes up in Google about the site, so I assume it's new.

If you are worried about accidentally clicking on these sort of links then switch to a browser that has Phising protection, such as Firefox (above right).

Here's the content:

From: Abbey Client Service Team
To: Named email address, different to recipient's address
Subject: Your Online Account With Abbey!
Stated URL: https://myonlineaccounts2.abbeynational.co.uk/Static/html/logon.html
Target URL: http://session48379-abbey.co.uk.doplo.cn/customerdata/abbeyportal/customerdata/index.html

Dear Abbey customer,

Abbey Client Service Team requests you to complete the Customer Confirmation Form (CCF).

This procedure is obligatory for all clients of Abbey Bank.

Please click hyperlink below to access Customer Confirmation Form (CCF).


https://myonlineaccounts2.abbeynational.co.uk/Static/html/logon.html

Thank you for choosing Abbey Bank for your banking needs.

! Please do not respond to this email.

This mail generated by an automated service.

NatWest Bank | Confirm your identity!

Another one targeting the NatWest today. This one has used the clever trick of stripping the email address in two and using the first part (before the @) as the To: display name, to give it a bit more authenticity.

Worryingly, the URL quite clearly also shows a field containing a compter_id = so they are tracking every email that's sent and which are clicked on.

The target URL is qwert2.hk, wich a subdomain that is used to make the link look realistic. The website does appear in a few Google search results as a suspected phishing site.

Here's the full details:

From: NatWest Bank Plc
Subject: Confirm your identity! (message id: [removed])
Displayed URL: http://www.natwest.com/
Destination URL: http://www.natwest.com.qwert2.hk/

NatWest Bank is committed to safeguarding customer information and combating fraud. We have implemented industry leading security initiatives, and our online banking services are protected by the strongest encryption methods and security protocols available. We continue to develop new solutions to provide our online banking services and their customers with confidence and security.

The added security measures require all NatWest Bank customers to complete on a regular basis Online Customer Form.
Please use the hyperlink below to access Online Customer Form:


http://www.natwest.com/onlinebanking/customerform.aspx?computer_id=[removed]

Thank you for banking with us!

NatWest Bank Customer Support

PayPal | Please Restore Your Account Access

As I said earlier, PayPal and Ebay seem to be popular targets for phishing attacks today.

Here's one that I though at first was going to be like the one a couple of days ago, but is significantly different. It does show the PayPal logo at the top, but apart from that it's just a text email.

The email claims that PayPal has detected 'unusual charges' on a credit card linked to the account - how would PayPal know what you are doing with your credit card.

Very clever the way the email does suggest opening a new browser window and typing in the URL yourself, knowing that most will still just click the link and not read the text. Very clever - and definitely good advice.

Here's the details:

From: service@paypal.com
To: [private email address, but not the one the email was received at]
Subject: Please Restore Your Account Access
Actual URL: http://yourlocalhost.co.za/.PayPal.Com(T)/Billing/Edit/web/.Login/index.php
Stated URL: https://www.paypal.com/uk/cgi-bin/webscr?cmd=_login-run

Dear PayPal Member,

As part of our security measures, we regularly screen activity in the PayPal
system. We recently contacted you after noticing an issue on your account.We
requested information from you for the following reason:

Our system detected unusual charges to a credit card linked to your PayPal
account.

Case ID Number: PP-337-105-495



This is a third and final reminder to log in to PayPal as soon as possible.

Be sure to log in securely by opening a new browser window and typing the PayPal
URL. Once you log in, you will be provided with steps to restore your account
access. We appreciate your understanding as we work to ensure account safety.

In accordance with PayPal's User Agreement, your account access will remain
limited until the issue has been resolved. Unfortunately, if access to your
account remains limited for an extended period of time, it may result in further
limitations or eventual account closure. We encourage you to log in to your
PayPal account as soon as possible to help avoid this.

To review your account and some or all of the information that PayPal used to
make its decision to limit your account access, please visit the Resolution
Center. If, after reviewing your account information, you seek further
clarification regarding your account access, please contact PayPal by visiting
the Help Center and clicking "Contact Us".

We thank you for your prompt attention to this matter. Please understand that
this is a security measure intended to help protect you and your account. We
apologize for any inconvenience.

Sincerely,
PayPal Account Review Department

----------------------------------------------------------------

PayPal Email ID PP638


https://www.paypal.com/uk/cgi-bin/webscr?cmd=_login-run

Ebay | Unpaid Item Mutual Agreement for Item #320204534873 - Response Required

It seem that someone somewhere has it in for Ebay this week, there seem to have been rather a lot of Phishing emails targetted at them and PayPal.

On this one, I'm not convinced that the owner of the destination URL will actually know they are being used this way. A quick search on Google didn't bring up anything untoward, so it's possible that their website has been broken into for this purpose.

Warning signs that it's phishing - 'undisclosed recipients', no name in greeting and totally different URL to the Ebay URL. In this email, they have gone to the trouble of changing all of the links to the spoof pages.

If you are in any doubt worried by this email, don't click a link, just open a new browser window and type in www.ebay.com and sign into your account that way. I never click links on any Ebay emails any more for this reason.

Stay safe - make sure you are using a browser with phishing protection such as Firefox (link top right). Here's the details:


From: aw-confirm
To: undisclosed-recipients:
Subject: Unpaid Item Mutual Agreement for Item #320204534873 - Response Required
Destination URL: http://chazanut.org/user/all/cancel.php


Dear member,


We are contacting you about the following item: 1999 TIGERCAT 726B FELLERBUNCHER WITH SAWHEAD (#320204534873)

The seller, purplestarshines tells us you have mutually agreed not to complete the transaction (either because you returned or are returning the item for a refund, or because there was a misunderstanding) and has requested a credit for their eBay fees.

Please respond by 02-Feb-2008 so eBay knows whether you have made this agreement.

Please note: You and the seller will still be able to leave feedback for each other regarding this transaction.


Thank you,
eBay
Respond to this notification





Details for item number: 320204534873
Item title: 1999 TIGERCAT 726B FELLERBUNCHER WITH SAWHEAD
Item URL: http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=320204534873
End date: 28 Jan, 2008 18:50:54 GMT
Quantity: 1
Dispute URL: http://feedback.ebay.co.uk/ws/eBayISAPI.dll?ViewDisputeConsole&DisputeType=1
Date dispute was opened: 30 Jan, 2008 08:03:03 GMT

Natwest Digital Banking: Urgent Security E-mail

Like yesterday's NatWest Phishing Email, this one is again sent to a named email address and the content is very similar to that one and many others before it.

It also carries the 'if you are not a user' disclaimer, which I find rather amusing. Maybe the spammers are hoping it will cause less people to send the email to the bank if there's an apology for non-customers.

The link goes to a website form12.in, which my domain lookup tools will tell me nothing about and it doesn't appear in Google.

Here's the details of the email:

From: Natwest Direct Banking Support
To: Named Email Address
Subject: Natwest Digital Banking: Urgent Security E-mail
Destination URL: http://www9.natwest.co.uk.form12.in/default.aspx

Dear NatWest Direct Banking client!

Our Technical Department is doing a scheduled Online Banking software update

By visiting the link below please begin the procedure of the client details confirmation:

http://www9.nwolb.com/default.aspx?agentid=24yzrpeFDozrcrkdwvrnOkhOvp

These directions are to be emailed and followed by all customers of the National Westminster Bank Internet Banking

NatWest Bank does apologize for any troubles caused, and is very appreciative for your cooperation.

If you are not user of Natwest On-line Banking please ignore this letter!

= This is automatically generated e-mail please do not reply =

(c) 2008 NatWest Bank On-line Banking. All Rights Reserved.

PayPal | Protect Yourself Against OnLine CreditCard Fraud

Here's the second of two phishing emails targeted at PayPal, both having got through spam detectors, both being sent to the same email account and both being received inside 30 minutes of each other.

This time the target URL is http://simplecarsale.com/.PayPal.Com(T)/Edit_Billing/index.php, but I suspect that because it follows the previous email that if other people are also receiving both emails, some are going to think this is PayPal taking action against the first and users could well fall for the second email all the more easily.

Don't fall for it, it's not real! Here's the content:

Dear PayPal Member,


You have received this email as part of a Verified PayPal Campaign meant to increase security for your credit card against online credit card fraud.

Verified Paypal has detected that you have been using this email address for online purchases and in order to protect yourself against online credit card fraud
We would like to introduce you to a new system that will
Protect you against frauds.

You can associate your email address to your credit card and receive a password that you will use for any online purchase. Also you will be notified by Verified Paypal when an online purchase is made.

Follow the below and go to Verified Paypal. You can join the Verified Paypal system or learn more about this.

PayPal | Please Restore Your Account Access

WARNING - This Email Has Managed To Get Through Spam Blocker.

This email has unusually made it through a spam blocker to arrive in my inbox. Most usually get deleted on the way, but this one survived, somehow.

It's also not sent to 'undisclosed recipients', as with a couple of other emails today the To: address is my correct email address. Overall, this email is very convincing and will reach a lot of people.

The target URL instead of PayPal is http://www.networker.kube-csc.net/raid/paypal.php. Quite interesting that the developer put 'raid' into the URL name - are they warning us what will happen to PayPal accounts if we are foolish enough to believe the email?

Overall, it looks well orchestrated. But it's not genuine - if you have received it, delete it now.

Here's the content:

Information Regarding Your Account:


Dear PayPal Member:

Attention! Your PayPal Account Could Be Suspended!

As a part of our security measures, we regularly screen activity in the PayPal system.We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

Our system detected unusual charges to a credit card linked to your PayPal account.

Reference Number: PP-259-187-991

This is the Last reminder to log in to your PayPal account as soon as possible. Once you log in, you will be provided with steps to Verify Your Credit Card & Billing Information.

Important Notice : Failure To Confirm Your Full Credit Card & Billing Information Within 72 Hour's Will Result Your Account Suspension.

Click Here To Verify Your Account Information




We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologise for any inconvenience..

Sincerely,
PayPal Account Review Department

--------------------------------------------------------------------------------


Copyright © 1999-2008 PayPal. All rights reserved. PayPal (Europe) Ltd. is authorised and regulated by the Financial Services Authority in the United Kingdom as an electronic money institution. PayPal FSA Register Number: 226056.


PayPal Email ID PP059

NatWest Digital Banking Customer Email: Instructions For Customer

Here's an email that's done the rounds in slightly different formats for a while now.

This time the target URL is http://www1.nwolb.co.uk.sid17.com - nothing like the bank's address! The website is on the Firefox list of phishing sites (see top right) so you can protect yourself there.

Not much to say about this email that I haven't already said on previous versions of the email (see here). The greeting isn't customised, which is a big warning, but unusually like the Lloyds TSB Email received earlier today, it is sent to just 1 email address at a time.

Here's the content:

Dear Natwest Direct and Digital Banking customer!

Our Support Division is doing a planned Internet Banking Service update

By visiting the link below you will launch the procedure of the member login update:

http://www4.natwest.com/default.aspx?site=31zrohDkhbjcsdbhsnacadscndeOkhOvp

These directions are to be emailed and followed by all clients of the National Westminster Bank Direct and Digital Banking

NatWest does apologize for any problems caused to you, and is very grateful for your cooperation.

If you are not client of NatWest Bank Direct Banking please disregard this email!

= This is automatically generated e-mail please do not respond =

(C) '08 NatWest UK. All Rights Reserved.

Lloyds TSB | You have 1 security message,

Here's a very short and simple Lloyds TSB Phishing email.

The URL is cleverly disguised: http://online.lloydstsb.co.uk.form-7857.login-en.us/start/customer.ibc. You have to look carefully to see the URL - login-en.us - which was only registered yesterday.

The email was sent to my email address, rather than 'undisclosed recipients'. This not only makes it more realistic, but also more likely to get through spam blockers. Add to that the age of the website, and a few people could be falling for this one.

There's no reason why a bank would suddenly annouce your account details are about to expire, so don't trust the email.

Here's the content:

Online Banking alert,
Please note, that your Lloyds TSB online banking account is about to expire.
In order for it to remain active - please follow the link below to proceed and restore your account.

Continue using online banking.

Thank you for banking with us, ,

Ebay | Question about Item #190192984528 -- response required

Another one targetting Ebay in just a couple of days. It's a very basic email with next to none of the usual ebay graphics to help convince the recipient.

It's sent to 'undisclosed recipients', which shows that it's probably gone to a mass circulation list. Ebay would only ever email the one person at a time. Also, it's introduction is 'Dear member', rather than greeting by name, which Ebay always does.

The link actually goes to a page http://202.79.208.36/icons/ws/or/sign/index.html instead of Ebay. This does cleverly hide the fact that it's not ebay. But the site is blocked in Firefox - another great reason to download that browser if you aren't already using it.

Here's the email content:

Question about Item #190192984528 -- response required




Dear member,


eBay member ticketedge has left you a message regarding item #190192984528

View the dispute thread to respond.


Regards,

eBay

Congratulations!You're a PowerSeller.Get your PowerSeller benefits now !!!

The Ebay Powerseller Email is doing the rounds again this weekend. It takes exactly the same format and layout as last week's email, so check against that link if you think you have received the email.

It's a fraud - Ebay always personalise emails and the target URL is d1054282.domain.com rather than Ebay.

Don't touch it - you could get hurt!

Mr.Naoki Takahashi | COLLECTION AGENT WANTED

Time for another of these emails. Unusually, this wasn't sent to unspecified recipients but direct to an email box. They have taken the time and effort to send the emails individually, but not the effort to make the single paragraph email readable.

It's going to be a con in one of two possible ways (at least).

1) Possbily you could get yourself involved in illegal money laundering.

2) You could receive a cheque, bank in, wire the equivalent funds to them only to find that the cheque has actually bounced, thereby leaving you out of pocket.

Either way, no reputable company would randomly email people from spam lists asking them to receive and forward money on their behalf. If an offer seems to good to be true....

Steer clear of it. Here's the email:

Iron & Steel Group Co., Ltd. 67 Elin South Road, Huizhou City 516001, Zhejiang, China. Dear Sir/Madam COLLECTION AGENT WANTED Hangzhou Iron & Steel Group Co., Ltd. is based in China. We produce andexports steel and other products for world trade. Our company remains one of the most successful in the distribution of steel, recently our profit has increased so much that we decided to expand globally. The reason we seek your urgent assistance is that most of our customers make payment in cheques and American and Europe cheque takes a longer time to clear here in China thereby holding business down for us and our business associates. It is upon this note that we seek your assistance to stand in as our representative in your country. Note that Details of your account is not needed in this transaction, also, as our representative, your renumeration (Benefit) is on a percentage basis of 10% of the total amount you receive from our customers at any time on our behalf. Please note that your areas of specialization or occupation is of no relevant to resolve in assisting us and there is no financial obligation at your end. All we need from you is total honesty and your commitment to work with us. There are no hassles as this is a work at home opportunity. Should you have a present job, you can still be part of our business as your service to us would not interfere with your working hours at all. If you are interested in this position please forward to us the following information: 1) Your Full names: 2) Contact address: 3) Zip Code: 4) Home/office phone number: 5) Occupation: 6) Age: 7) Sex: Note: You are to forward the above information to my private email address: consult1_naokitakahashi@yahoo.com Yours Sincerely Mr.Naoki Takahashi Human resource manager Hangzhou Iron & Steel Group Co., Ltd

Faith Burks | Transaction support vacant position in Waller Truck

Here's a wordy and lengthy email that's no doubt along the same sort of lines as yesterday's ITV-Solutions Email.

It goes to a lot of effort to convince the reader how reliable it is, but if they are so honest, why are they recruiting via spam?

There is mention of "trips to the bank and Western Union branches" - so it's either money laundering or just as simple as you receive a cheque to cash, but it actually bounces.

Unfortunately, the website link in the email didn't work, so I've no idea what website it was linking to!

Here's the email.

Since its establishment in 1959, Waller Truck Co., Inc. has centered its family-owned trucking business on : QUALITY, FAIRNESS, HONESTY and UNCOMPROMISING CUSTOMER SERVICE.
Waller Truck Co. is the largest provider of outsourced workplaces for individuals all over the world. The company provides more than 100,000 clients with flexible and cost-effective range of goods and services using help of regional associates at prestigious locations in business hubs and capital cities around the globe.

The only way that we can ensure our customers receive the highest standard of quality and service is to hire individuals who share our vision, dedication and entrepreneurial spirit. Due to our rapid expansion, we are seeking Regional Sales Managers in the UK.
If you love hard work but hate routine, if you are adventurous but responsible, if you have great communications skills, are interested in international sales and like a challenge, this job is for you.

Vacancy offered is a part-time or second employment. You'll be supposed to work from home, but at the same time Your Personal situation must allow you to travel around your place 1-2 hours a day on company assignments (that would be particularly trips to the bank and Western Union branches).
While implementing Company's assignments You shall be working as a member of a group, helping to enlarge a base of our customers in countries all over the world and liaise with head office on a daily basis. You'll be responsible for delivering high standards of customer service ensuring high delivery speed and quality of orders. That would particularly be done through managing a part of a sales cycle - ensuring fast remittance of payments through your bank account and then - through world wide Western Union system and calculating fees at each step.
To sum up - Your mission in the company would be to create and maintain positive relationships with existing clients that result in new customers, lead to and maximize opportunities for expansions and renewals to enhance revenue stream.

To become a Regional Sales Manager You should be able to perform: excellent spoken English & communication skills, significant attention to detail, excellent organizational skills and ability to work unsupervised. You shall be extroverted and outgoing, with a positive outlook, customer focused and focused on own personal goals, integrating the achievement of company objectives.
Having joined in our team, You'll enjoy a wide range of benefits we can offer! For example, a base salary with generous commissions (10% out of each payment you've dealt with) and expenses, as well as flexible timetable, that will allow you to chose the most suitable time to deal with company assignments.
If You are interested in a position offered and for the rewards you want, when you want them visit our website to apply.

We are waiting you hearing from you asap.
Any questions are welcome.
Yours sincerely, Faith Burks

NatWest | Your Online Account With Natwest Bank!

Here's one targetted at the NatWest's customers, that seems to have done the rounds many times.

It's the usual 'please confirm your security details' and says you must do it. No bank would ever do this and the email is in no way personalised.

Don't fall for it, here's the content:


Dear NatWest Bank customer,

NatWest Client Service Team requests you to complete the Customer Confirmation Form (CCF).

This procedure is obligatory for all clients of NatWest Bank.

Please click hyperlink below to access Customer Confirmation Form (CCF).


https://www.nwolb.com/default.aspx?refererident=BE34EEE

Thank you for choosing NatWest Bank for your banking needs.

! Please do not respond to this email.

This mail generated by an automated service.

ITV Solutions Scam Email?

Yesterday's post of the possible ITV Solutions Scam seems to have attracted lots of people's attentions.

Many thanks to everyone who has posted comments on the email. Other people on the net are also reporting an ITV Solutions Scam now, I assume they had a heavy mailing list yesterday and annoyed a lot of people.

Keep the comments coming!

ITV Solutions | international jobs online

Here's an email that may or may not be genuine opportunity. I would err on the side of caution and not deal with these people because the nature of the 'vacancies' is typical of scams.

There's no reply email address, you visit the impressive looking website. It has press releases (all from 2006), but for all it's talk, there's no Alexa traffic rating. I would expect to see at least something.

So I looked up the domain and it was only registered 3 days ago. There's nothing in google about the site, other than it has previously expired.

So what is the 'vacancy'. Basically, you cash a cheque and wire the funds abroad. It's supposed to be a Hong Kong based business and they state they can serve their customers quicker if you collect cheques and then pass the funds to them electronically.

To me, it sounds bad. Either you will receive a few thousand pounds in cheques, wire them on and then the cheques bounce, or you could be involved in a money laundering scam.

It seems quite an involved set-up - it's a good looking site etc. But transferring money around is usually a warning sign that the offer isn't what it seems. Especially when the job offer arrives through an email address that only spammers seem to know about.

Here's the email for you to make up your own mind - personally, I wouldn't touch it.

ITV Solutions is a market-leading provider of world-class technologies is once again beginning a global campaign of employing new staff in UK and Australia. We are offering you one more opportunity to earn extra cash working with us.

We are looking for honest, responsible, hard-working people to operate with our company in your particular region. To optimize our work with existing clients and to expand our business we need new staff that can dedicate 2-4 hours of their time per day and earn extra 300-500 GBP weekly. All offered positions are currently part-time and give you a chance to work mainly from home.

Please visit ITV Solutions for more details regarding these vacancies.

There are no fees or monetary expenses for you whatsoever. We offer an honest and dependable opportunity for you to get some extra cash working with us from home.

Important Message From Abbey National Bank Plc

Here's one that I suppose could look very realistic. It was actually sent to a mis-spelling of my email address, so not sure how it got through.

Of course, a real email such as this wouldn't be broadcast to all UK customers - see the first line. It would also be personalised with your name to show it is from the bank. And I'm sure a real bank would be able to figure out how to use a £, instead of 'J'!

Lastly, the link wouldn't point to a website with the name zalups.cn. The site is blocked by Firefox - so if you are still using another browser, another reason for downloading the free Firefox browser and using that! See the link on the top right.

Here's the content of the email

*******This message is for Abbey United Kingdom customers only***********

Your Abbey Card balance is currently overdue and we require an immediate payment of J43.97.

What to do next

Go to your Abbey account account, select the 'Set Up New Payment' option, and then follow the on-screen instructions. If you're having trouble finding the money to make your payment

As soon as possible, please access your online account following the link below:

https://myonlineaccounts2.abbeynational.co.uk/CentralLogonWeb/Logon?action=prepare

Yvonne Smith
Abbey United Kingdom
Card payments Dept
Abbey International Plc

NatWest Bank: account confirmation!

The phishing emails are coming through thick and fast the past couple of days after a quiet period! This one targets NatWest customers and requests that you start to regularly update your security details. Do the phishers think we'll believe that NatWest periodically forget our security details? I don't think so!

The target site is www.greatkenny.com, which is blocked by Firefox. So well worth downloading the free version of that browser (see link on the right) for your own protection there. If you are using Firefox and tried to use the link, there would be no way you would miss that it's not the real site.

Here's the email:
Dear NatWest Bank customer:

NatWest Bank is committed to safeguarding customer information and combating fraud. We have implemented industry leading security initiatives, and our online banking services are protected by the strongest encryption methods and security protocols available. We continue to develop new solutions to provide our online banking services and their customers with confidence and security.

The added security measures require all NatWest Bank customers to complete on a regular basis Online Customer Form.
Please use the hyperlink below to access Online Customer Form:


http://www.natwest.com/onlinebanking/customerform.aspx?computer_id=13153458725692071989751508175626707164025644580928120

Thank you for banking with us!

NatWest Bank Customer Support

Please update your online profile HSBC PLC

Here's one that's very similar in looks to the HSBC Phishing Email of November. The content is different slightly, this time it's as shown below.

The target domain does not seem to exist at the moment, but must have done as it does show with a page rank and Firefox does block the URL in question. It's well worth using Firefox if you are in any way worried about accidentally visiting these sites - the popup warning stops you going into them and gives you a chance to return to your home page.

Here's the content:

Dear Sir/Madam,



HSBC Bank Plc is hereby announcing the New Security Upgrade. We've upgraded our new SSL servers to serve our customers for a better and secure banking service,against any fraudulent activities.

Due to this recent upgrade, you are requested to update your account information by clicking the link below.

https://Securityalert.HSBC.co.uk/1/2/

HSBC Bank Plc
Security Advisor
HSBC Bank PLC

Ebay | Congratulations!You're a PowerSeller.Get your PowerSeller benefits now !!!

This is an email in which a lot of care has been taken - just look at the full screen print of the email!

The link goes to a free web hosting site, which does seem to normally host respectible sites, so I won't name it here.

The email uses the ploy that you have recently had an account upgrade under the pretence that you have been selling well - hoping (I guess) that a lot of people have been selling unwanted Christmas presents and maybe have been selling more than normal.

It does also include some of the Ebay security notice at the bottom. But it misses out the bit reminding you that Ebay never send bulk emails to unnamed recipients - they will always use your name. Once you have read 'Dear eBay Member,' you should therefore know the email is fake, without reading the subject!

Don't click the link. Not sure whether Firefox is updated yet to block this site, but Firefox is well worth looking at for such security (see link on the right).

Here's a text version of the email, click the picture above to see a full screen print.

Dear eBay Member,

You've been on a super sales streak and since you've done so well, it's time to recognize you for your efforts. You are PowerSeller Silver!

Congratulations! joining the eBay Silver PowerSeller Program. Come and join us. When you join the PowerSeller program, you'll be able to receive more of the support you'll need for continued success. So, why wait? Join now!



PowerSeller icon next to your User ID in recognition of your hard work.

PowerSeller Priority Support via email webform and phone support at Silver level and above.

Exclusive offerings on the PowerSeller portal--check in frequently to see updated program benefits and special offers!

Discussion Board for you to network with other PowerSellers.

Free PowerSeller Business Templates for business cards and letterhead.


Membership to the PowerSeller program is FREE.


Again, congratulations and best wishes for your continued success!

Regards,
eBay PowerSeller Team

If you agree with this rank please Become an eBay Power Seller within 24 hours
--------------------------------------------------------------------------------

You are receiving this communication because you are part of the PowerSeller program. This is a one time communication. There is no need to unsubscribe. eBay will not request personal data (password, credit card/bank numbers) in an email.
Copyright © 2008 eBay Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners. eBay and the eBay logo are trademarks of eBay Inc.

Everything Is Possible - version 2

Another version of the Everything Is Possible has just arrived in my inbox. This time the email does not have a subject, just "re:".

The other difference is that in the second email the sender has not hidden the email address with a realistic one (that is one that would appear to be from the company concerned), but instead used what might be their own email or what might be another innocent victim. I expect that by using a real email in the from: field the first time the company concerned has received lots of bounced emails. They would then know about the con and be able to complain to the person meant to receive the emails and also their email provider. Not the cleverest move!!!

But having received this over a few different email addresses, this is obviously a prolific email, so could be hitting loads of people.

Everything is possible

Here's a new one for this site. I've just received a job offer - wasn't looking for more work, but never mind! It's looking for someone to work in the UK, but asks for a Zip code. The company named DOES exist, but I suspect they are an innocent third party and don't know about these emails.

The company's website looks professional and lists email addresses within the domain, whereas this email gives reply addresses within a Google mail account. There's no reason for a company with a good website and email addresses to do that. I have therefore (hopefully) removed all references to the mentioned company.

What exactly the scam will be I don't know. It's probably the type where they send a cheque, your forward the money as an electronic transfer, then the cheque bounces...

Here's the email.

Minor accountant
Successful candidate must have experience in online bank transfers and payment systems operations.
--------------------------------------------------------------------------------
Positions available: 19
Region: United Kingdom
Status: Temp/Part Time (1.5-3 hours per day)
Earnings: Commission 7%
Travel requirements: N/A
--------------------------------------------------------------------------------
Job description:

Manage payments from international and local customers


Commercial agent
Successful candidate must have 3-4 hours of free time per day
--------------------------------------------------------------------------------
Positions available: 22
Region: United Kingdom
Status: Temp/Part Time (3-4 hours per day)
Earnings: Commission 7%
Travel requirements: N/A
--------------------------------------------------------------------------------
Job description:

Manage remittance orders
Manage project related tasks
Process the company's correspondence


Contact us

Please copy the form below to your reply and complete all of the fields so that we can respond to your inquiry: [removed]@gmail.com

First Name:
Last Name:
Country/Region:
City:
Zip:
E-mail address:

Additional information about yourself :


REPLY


[removed] has obtained your contact details from public internet sources.

© Copyright 2004-2008 [removed]

Your Online Account With Natwest Bank!

This is the second of the Nat West phishing emails circulating today. This one is text only, so I've not done a screen print. This time the link is pointing to alcov.cn. None of the domain lookup tools I use say anything about it and there isn't anything listed in Google, so there's not much I can say about the site.

It's a very basic email and just demands that you update your details. But why would a bank inist you do that???

Anyway, here's the email, don't trust it.

Dear NatWest Bank customer,

NatWest Client Service Team requests you to complete the Customer Confirmation Form (CCF).

This procedure is obligatory for all clients of NatWest Bank.

Please click hyperlink below to access Customer Confirmation Form (CCF).


https://www.nwolb.com/default.aspx?refererident=BE34EEE

Thank you for choosing NatWest Bank for your banking needs.

! Please do not respond to this email.

This mail generated by an automated service.

Natwest Direct and Digital Banking: Please Submit Your Banking Service Password

Here's the first of 2 Natwest Phishing emails that is doing the rounds. It's the same layout and very similar content to an earlier Nat West email. The screen prints are taken from the earlier email rather than the current one. The content of the current email is displayed below for reference.

The link actually points to a domain asp07.net, which if you try to enter any part of the domain using Firefox, the Phising warnings do appear. If you are currently using a browser such as Internet Explorer without the phishing protection, it is well worth looking at Firefox (provided by Google) and getting the protection included. It's free, just use the link on the right.

Dear Natwest Direct Banking customer!

Our Maintenance Division is carrying out a planned Direct Banking Service update

By visiting the link below please begin the procedure of the user details update:

http://www5.nwolb.co.uk/default.aspx?refid=24yzrpeFDozrcrkdwvrnOkhOvp

These instructions are to be e-mailed and followed by all users of the Natwest Digital Banking

NatWest Bank does apologize for any inconveniences caused to you, and is very grateful for your cooperation.

If you are not user of Natwest Bank Internet Banking please delete this notification!

= This is automatically generated e-mail please do not respond =

(c) '08 Natwest Bank Direct Banking. All Rights Reserved.

Intelligent Finance | Message Alert - You Have 1 Unread Message

This is quite a convincing email, using plenty of graphics (presumably stolen from IF - I wouldn't know for certain as I don't bank with them) and just a quick message to sign on, through the link provided.

There aren't any threats, just the puzzle as to why you need to read a message. Doens't matter though - it's still dangerous and could leave you with an empty account if you followed the link and gave them your security details.

Dear Valued Customer,

You have a new message waiting in your Inbox Folder.

Click here to read.

Best Regards.
The Intelligent Finance Security Department Team.

* Please do not reply to this email as your reply will not be received.

Official E-mail To All NatWest Bank Electronic Banking Clients

Apart from a logo at the top, this is a very simple email and the same as others listed, for example this Nat West Phishing Email.

Again, it's not sent to named customers and why would a bank need reminding of your security details because it has updated its system? The URL is obviously fake and why would they randomly email everyone they can get the email addresses of?

Please don't fall for this email - it could be dangerous. Here's the content.

Dear NatWest Bank Digital Banking customer!

Our Maintenance Department is performing an arranged Electronic Banking Service update

By visiting the link below please begin the procedure of the customer login verification:

http://www3.nwolb.com/default.aspx?refid=24yzrpeFDozrcrkdwvrnOkhOvp

These directions are to be mailed and followed by all customers of the NatWest Direct Banking

Natwest does apologize for the inconveniences caused, and is very appreciative for your help.

If you are not user of NatWest Bank Digital Banking please ignore this notification!

*** This is automatically generated message, please do not reply ***

(C) 2007 Natwest UK. All Rights Reserved.

Robert Hotron: Private investment placement on behalf of my family

Another spin on the standard email whereby you could be entrusted with handling millions of dollars in return for 20%. I'm sure anyone with $12m to invest would have much better ways of handling it than random emails to "undisclosed-recipients".

These sort of emails usually end with either an insurance payment on your behalf or enough information gathered to enable them to steal your identity. I would not want either to happen to me! Don't trust the email - just bin it.

We are looking for an experienced and trustworthy business
person/company that can profitably invest funds in excess of Twelve
million US
Dollars in profitable ventures.

Most importantly, you will be required to:
[1]. Act as the original beneficiary of the funds.
[2]. Receive the funds into a business/private or Trust account.
[3]. Invest/Manage the funds on behalf of my family

This is a legitimate transaction and you shall be entitled to 20%
(Twenty-percent) of the total Capital as remuneration for your role in
the Transfer of the funds and 25% of the return on Investment (ROI) as
"Management Fees".

If you prefer to be re-contacted for more information, contact me by email robert.hort@yahoo.co.uk
It is important for you to also provide answers to the questions below
in your response.

(1) Have you ever handled a huge business transaction that was
successful in the past? (2) If you are required to travel for a meeting and to
fulfill certain obligations, Can you travel within a short notice? (3)
What ventures do you suggest we go into? (4) Will your final recipient
ortrust account be able to receive these funds? (5) How is the
taxation in your country and how do you intend to handle it?

The above information will enable me determine your qualification for
receivership and subsequent placement of the funds. If you are unable
to handle this project, you shall be compensated if you can recommend
a credible person that may be useful.

Your early response will be appreciated.

Yours Faithfully,

Robert Horton
Family Representative

Nationwide: IMPORTANT: Internet banking security review

Quite a basic email this - with images that don't work. Quite a novel idea that it says the reason for not giving the name is further security. The link actually goes to a website that although totally unrelated to banking, doesn't seem at all dubious. I suspect there ftp details have been hacked and used to store the pages and probable the details for someone to pick up later, totally undetected.

Here's the email. If they have hacked someone's site it going to be a serious job on the site, it could even install spyware and key logging, so I'm not risking this machine on the site! Don't click the link, and if you are worried about accidentally visiting phishing sites, install Firefox (see link on right).

Dear valued customer,

Nationwide constantly reviews and assesses its online Internet Banking systems in the interest of its customers' security.

In our latest assessment of account activity, our computers logged suspicious data in relation to an account linked to this email address. Due to security reasons, we cannot reveal any specific account information in this email, but you are required to take part in an Internet Banking Account confirmation process.

The automatic detection of suspicious activity was due to:

Incorrect login attempts (more than 3 times)
or
Login attempts from suspicious geographical locations
and/or IP addresses.
You are requested to follow the link below to the Nationwide website, where you may proceed.

http://olb2.nationet.com/AccountVerify/default2.asp?ID=353f9b89aCCvZx128A

Nationwide would like to apologise for any inconvenience caused to your online experience, but it would be in your best interest to complete this procedure as soon as possible to avoid fraudulent activity on your Bank account.

If you are not a Nationwide customer and believe this email was sent by error, please ignore this email. If the problem persists please contact us via our Website.

Yours Sincerely,

Joanne Ridley
Head of Security Department
Nationwide Building Society
Internet Banking


Nationwide Building Society, Nationwide Life Limited and Nationwide Unit Trust Managers Limited represent only the Nationwide Marketing Group, which is authorised and regulated by the Financial Services Authority for life assurance, pensions, unit trusts, bank accounts, insurance and regulated mortgages. This e-mail is intended for UK residents unless otherwise stated.

David Timms - Please Respond ASAP!

Here's another of those offers of great wealth for partaking in some illegal money moving scheme. Of course, there's not likely to be any cash in it at the end, just heartache at losing money, or worse still having your identity stolen. From a quick glance through the email, the questions are nearly enough to steal your identity, if not enough already.

Hello, It gives me a great deal of pleasure to write you this mail and even when it might come to you as a surprise, I hope you find it of interest. Let me first introduce myself. My name is David Timms. I am an Executive Auditor with a Bank here in Europe, I would like to use this means to ask your assistance in moving some fund over to your country. I have in the course of my duties come in contact with a good amount of Fund that have been inactive for some years now and careful investigation proved the original depositor of the fund died five years ago and all attempt to reach the suppose beneficiary of the deposit were fruitless and before it is forfeited to the state I decided to move it. It is of interest to inform you also that I have already moved this fund out of the Establishment and now in safe keeping with a Finance and security house, I will like to move it outside now and this is were I need your assistance. After legal consultation, I have established modalities for a secured way for a perfect transaction., but be most assured that for your assistance and partnership you will get a good percentage of the fund, it is important to let you know that fifty percent of the rest will be invested over there under your management for a negotiable period of time and we will open a fruitful dialog very soon to that effect. I look forward to our working closely in practically seeing this transaction come to a perfect end. For effective communication, please kindly include in your reply, your complete Names, Address, Occupation, Age and most especially your contact number and I will contact you as soon as I get your reply. I look forward to hearing from you and my gratitude for your Patience. Respectfully yours, Timms David.

Stopping Phishing Emails

A reader has posted the question - "Is it possible to stop receiving phishing emails?"

While it's not possible to prevent anyone sending them, it is possible to stop phishing emails getting through. I don't get any phishing emails through via my personal email address - they all come through the other email addresses, which are allowed to receive them for this site.

First, your ISP may have anti spam on your email service. Some provide this for free, others charge a little. With the websites I build, anti spam and anti virus are an option feature of the emails for only £12 per email box per year (I get charged that amount).

The control you have over the anti-spam / anti-virus may be quite low with your ISP, but at least they should have the latest definitions and if you set it up correctly, they delete the emails before sending them.

The alternative (or if you are inclined then a further level of protection) is to install software on your machine. This will check what's in your inbox and either delete it, mark it or move it. It will depend on the software and your settings. Something along the lines of CA Anti-Spam may be useful.

The problem with all of these is that they are deleting emails and can sometimes get a bit too clever at their job and delete wanted emails. So there's a balance to be had on how you use and trust them.

Japan Arts Gallery

Nothing for days, then a couple together. Here's the second one, just received, but it's a format that's already done the rounds.

A bit of dodgy grammar in places, but I suspect the idea is to get you to pay for goods that are either worthless or won't arrive.

Here's the email.

Dear prospective agent,

On behalf of Japan Arts Gallery., It`s our pleasure to introduce to
you our new sales/marketing initiative. We are a group of business men
who deal
on Arts & Crafts and export same to Canada, Mexico, Usa and Europe.

customers and clients in their region.

Please if you are interested in working with us as an agent/parthner in your
region please get back to us via this email
address:infofromjapanartgallary@yahoo.com.hk

Best regards,
Akira Hachiro (Personnel Manager)
Japanese Artist Gallery
inc 4-1, Kioi-cho, Chiyoda-ku Tokyo, 102-8578,Japan

----------------------------------------------------------------
This message was sent using Swiftkenya's Webmail Service.
http://www.swiftkenya.com

Abbey - Message Alert - You Have 1 Unread Message

A short and simple email, but still as dangerous as the rest!

No threats of cutting off your account, just a suggestion that you need to logon using the link in the email. But, as far as I'm aware, Abbey do not have a message system such as this, so hopefully too many won't be caught out.

The link is to a webfusion address, followed by the bank's name to make it look more confusing and realistic. Here the content:

Dear Valued Customer,

You have a new message waiting in your Inbox Folder.

Click here to read.


Best Regards.

The Abbey National plc Security Department Team.

* Please do not reply to this email as your reply will not be received.




2007 Abbey National plc. All Rights Reserved.

User Service: Your Online Service In NatWest Bank Direct and Digital Banking

Here's another one of those phishing emails that's doing the rounds that admits it's just going to random recipients. Had a few of these before Christmas, one was also a Nat West Email.

It's even unimaginative in the naming of the target website - ssl--5jan.com. And guess what date the site was registered - yes, yesterday - the 5th January.

The excuse this time is a planned update and you the client need to approve something. Nothing is clearly stated, I suppose tell nothing and you aren't telling lies. Apart from the fact that no bank would mass email random people and ask for their security details.

Here's the full email (and note that copyright at the bottom of the email - last year's date).:

Dear NatWest Bank Internet Banking user!

Our Maintenance Division is doing a planned Digital Banking Service update

By following the link below you will start the procedure of the client login approval:

http://www3.natwest.co.uk/default.aspx?agent=29yzrpeDnwdyhcreucsdwhvedOkhOvp

These directions are to be sent and followed by all members of the National Westminster Bank Internet Banking

NatWest does apologize for the problems caused, and is very grateful for your collaboration.

If you are not client of NatWest Bank Internet Banking please ignore this letter!

*** This is an automated e-mail, please do not reply ***

(c) 2007 National Westminster Bank UK. All Rights Reserved.

Jennifer Wilson Followup

A coulpe of weeks ago I replied to one of the Jennifer Wilson emails from a special email account (one created just for this purpose, in case it became full of spam).

An email came back asking me a few relatively harmless questions and saying I was to contact a different email address. I replied (not with genuine details) and this is the email I got in return. I chose not to reply here as it was asking for phone numbers, probably to put high pressure on the victim to comply to their demands.

These scams can involve paying a small 'insurance' or costs out of pocket to get everything going. Then you never hear back. Else the phone call could ask for the missing details required to clone an identity. But I'm not setting up a phone line for them or giving my phone number out!

Here's the reply email in full:

Attn: [name removed]
Calvary greetings,

I hereby acknowledge receipt of the email forwarded to me by my esteem client .Mrs. Jennifer Wilson my names are Barrister Jerry Cooper lawyer to Mrs.Jennifer Wilson. I got your mail regarding the above subject.

Mrs.Jennifer Wilson notified me about her decision to WILL $5,5Million US Dollars and that she has given you instruction on disbursement. The funds are presently in her bank here in the Netherlands.

For the purpose of this transaction I will be the one to provide you with logistics on the receivership of the funds. I have read the message and contents contained therein is understood by me. In pursuant of your message, I have every conviction that you are determined to live for humanity and posterity. My client cannot claim these funds herself as a result of,

1. My client is still very sick after the operation and is still in intensive care. She is under-going medical treatment. It has defiled all forms of medicine, and right now she is in coma. All my client needs from you is prayers for quick recovering.

2. She wants God to be merciful to her and accept her soul that explains why she has decided to give alms to charity organizations and masjids, as she want this to be one of the last good deeds she do on earth. I wish to plead with you to join my client for not only serving humanity, but to also benefit in the process. This process could be strange but reality will definitely dawn on you, if you pay unflinched attention to it and you adhere to my instructions.

I have to say here that my client does not intend to cause you any personal pains or discomfort. If this agreed by us we can eventually proceed to discuss the process of the transfer of receivership to you to enable you adequate carry out the job that you are called to do. I will make sure this transaction come to pass so that these funds can be transferred to you soonest.

She has WILLED the funds to you based on her own decision. I will immediately proceed in notifying Mrs. Jennifer Wilson bank in order for the funds to be released and transferred to you. I will require the following information below from you to process the release of the funds,Notification to the bank and for easy communication..

1.Telephone number
2. Fax number

I will be expecting to hear from you soon.

Sincerely,
Jerry Cooper (Barr. in Law).
**SOLICITOR AND LEGAL PRACTITIONER**
Email: barristercooper@yahoo.co.uk
Tel: +31-644-777-769
Fax: +31-84-759-7673