Ebay | Listing confirmed. Sell another item now!

Here's an interesting twist to ebay. Instead of telling you something is wrong, it makes you think someone has access your account.

But, it's sent to 'undisclosed recipients' and there's no greeting by name, so it's a fraud. The target URL is http://lvps80-86-92-154.webperoni.de/include/template/templates_c/ws/eBayISAPI_dllSignIn_co_partnerId_2/ - yest another German (???) site being used.

Again, the site looks unconnected to phishing, so it could be another one has been hacked.

Don't use the link, if you are in any way worried type in the URL for yourself and check your account manually. And to protect yourself from phishing, install a phishing protected browser, such as Firefox (free download - use the link on the top right).

Here's the content of the email, I have of course, passed a copy to Ebay already.

Hi eBay member,

Your item has been successfully listed on eBay. It may take some time for the item to appear on eBay search results. Here are the listing details:



CARVER MARINER 28 FLYBRIIDGE
Starting price: $4,000.00
View item | Go to My eBay | Revise item

Details for item number: 190133141838
Listing URL: http://cm.ebay.co.uk/cm/ck/1065-29296-2357-0?uid=375549804&site=0&ver=LCA080805&item=190133141838&lk=URL
Start date: Feb 29, 2008 04:33:52 PDT
End date: Mar 06, 2008 04:33:52 PDT
Quantity: 1
Duration: 7 days
Listing fees: $179.75 (Insertion fee: $40.00; Featured gallery: $99.95; Pro Pack: $29.95; Photo: $2.85; Listing icon: $2.00; Listing Designer: $5.00)
Listing format: Auction

Information for amonnl

NatWest | Security measures! (Thu, 28 Feb 2008 21:53:55 -0600)

It's the old NOF back again!

Again, it's just a plain text email, nothing fancy and no graphics. The email is sent to 'Links' (being the start of the email address) and the target URL is http://online.natwest.co.uk.readyonline.es/NOF/startupdate.aspx?refererident=[removed]&cookieid=[removed].

readyonline.es appears in many Google search results, for phishing emails targeting citibank and hsbc. Well this will be another to the collection!

I've already sent my copy of the email to phishing@natwest.com, so just delete any copies you receive and please don't press the links. If you are worried that you might accidentally click a dangerous link such as these, install a browser with phishing protection, such as Firefox (free download - see button top left of this screen).

Stay safe - here's the email:

Dear NatWest Bank customer,

We have implemented security measures consistent with our internal information security practices to help us keep your information secure. These measures include technical and procedural steps to protect your data from misuse, access or disclosure, loss, alteration or destruction.

One of these security measures is NOF (NatWest Online Form) to help us to keep your personal and banking data up to date.

You should complete NOF on a regular basis.

Please complete NOF using the link below:

http://online.natwest.co.uk/NOF/startupdate.aspx?refererident=[removed]&cookieid=[removed]

NatWest Automated Mail Service. Please do not respond to this mail.

Ebay | Question about Item -- Respond Now

This email looks very similar to one from earlier this month.

Whereas last time the person had sent money and was wondering when dispatch would be, this time they are unable to pay because of an account fault. Very imaginative, but also very dangerous if you fall for it...

The target url is http://lluxxuss.de/img/news/cancel.php, which seems to be a respectable site, so maybe they unknowingly have some squatters.

Several phishing emails targeted at Ebay have all used a page 'cancel.php' recently, with a few also using .de websites, so it could be they are all from the same senders (Unpaid item, Temporary Suspension, Suspension Notice and Unpaid Item).

Here's the content of the email:

Item: SHARP 46" FULL HD LCD TV LC-46D62U 1080p HDTV LC46D62U (200102405492)
This message was sent after the listing closed.
beyondplasma is the seller.

Hey, I have tired twice to pay you through paypal but the transaction is not working its keeps giving an error message (This recipient is currently unable to receive money) is there anything wrong with your paypal??

Thank you,
eBay

Details for item number: 200102405492
Item title: SHARP 46" FULL HD LCD TV LC-46D62U 1080p HDTV LC46D62U
Item URL: http//cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=200102405492&sspagename=ADME:L:AAQ:US:1

Citibank | Your online account.

It's a while since a CitiBank phishing email has featured on these pages. This one is quite a short attempt to get at your hard earned cash in a text only email. They have been clever enough to guess my name from the first part of the email address, but that's not convincing.

The actual target URL used in the email is actually http://citibusiness.citibank.com.losao7.es/businessdir/cbof/start.do?ref=[id removed&session=[id removed] and losao7.es appears in plenty of 'suspected phishing' results on Google. The double session id / ref in the URL is also the same as the HSBC Email of last week, so it's possible the same people are responsible for both???

Here's the content.

Dear CitiBusiness customer,

CitiBusiness new Scheduled Maintenance Program protects your data from unauthorized access. CitiBusiness Online Form is important addition to our scheduled maintenance program.
Please use the link below to access CitiBusiness Online Form:


CitiBusiness Online Form

Please do not reply to this auto-generated email. Follow instructions above.

Ebay | FPA NOTICE: eBay Account Suspension

Here's one that came through last night targeted at Ebay. The destination URL is really quite long and intentionally confusing: http://snosa.org/system/cache/pictures/ws/signin.ebay.com/www.ebay.com/eBayISAPI.dllSignIn&pUserIdco/. There are a couple of results in Google about snosa.org having a suspected phishing page, but the site does also seem to exist for genuine reasons. So maybe they have been hacked.

Remember that Ebay would never use an introduction of "Dear eBay Community Member"; they would not send such an email to "undisclosed-recipients:" and if you ever are in any doubt, open up Ebay by typing www.ebay.com into your favourite browser and sign on from there. Get the latest Firefox browser for free (link top right) as well, as that has Phishing protection.

Here's the content of the email, about to be sent to Ebay, so just delete your copies.

Dear eBay Community Member,
We regret to inform you that your eBay account has been suspended due to concerns we have for the safety and integrity of the eBay community.

During to of the eBay User Agreement states, in part: we may limit, suspend, or terminate our service and user accounts, prohibit access to our website, remove hosted content, and take technical and legal steps to keep users off the Site if we think that they are creating problems, possible legal liabilities, or acting inconsistently with the letter or spirit of our policies.

The reason of the suspension of your account is an unauthorized access from a third party which acted inconsistently with the letter or spirit of our policies. If you are the rightful owner of the account please confirm your information:

https://signin.ebay.co.uk/eBayISAPI.dll?Access%Violation%Case%ID#27162

For your security check that the Web address in your browser starts with https://signin.ebay.com/. More account security tips.


If you fail to resolve this case please note that any seller fees due to eBay will immediately become due and payable. eBay will charge any amounts you have not previously disputed to the billing method currently on file.





Regards,

Safeharbor Department

HSBC Bank: safeguarding customer information!

And another text only email, this one targeted at the HSBC.

This time the target URL is http://bibform.hsbc.com.defelopour61.es/1/2/3/business/online/business-internet-banking/form-do?session=[id removed]&id=[id removed]. Again, there are plenty of listings in google for defelopour61.es as suspected phishing emails.

Again, a copy of this email has been sent to the HSBC phishing address, so just delete any copies you may receive.

Here's the content:

Dear HSBC Bank customer,

We have implemented security procedures which use reasonable measures to ensure the security, confidentiality and integrity of Business Customers Data in our possession and guard against unauthorized access or use.
HSBC Business Internet Banking Form (BIB Form) is one of these security measures. You should complete BIB Form on a regular basis.
Please complete BIB Form using the link below:


http://bibform.hsbc.com/1/2/3/business/online/business-internet-banking/form-do?session=[id removed]&id=[id removed]

This is an automatically generated email and replies will not be responded to or reviewed.

National Westminster Bank UK Online Banking Service - Customer's Records Verification

Another one with a copy of the bank's logo followed by a text email, same as other recent Natwest emails.

Again, this is sent to just the one email at a time, but the link is actually pointing to http://www6.natwest.co.uk.func52.net/details.aspx?cookie=[id removed]. func52.net appears in a few results on Google.

It's not a genuine email - as you can see by the target URL. A copy has been sent to the Natwest for them to take action.

Here's the email content:

Dear National Westminster Bank Digital Banking customer!

Our Maintenance Department is performing a scheduled Direct Banking Service update

By visiting the link below you will launch the procedure of the customer details authorization:

http://www4.nwolb.com/details.aspx?refid=[id removed]

These directives are to be e-mailed and followed by all customers of the Natwest Bank Digital Banking

Natwest Bank does apologize for any problems caused, and is very appreciative for your help.

If you are not client of NatWest On-line Banking please disregard this notice!

** This is automatically generated message please do not reply **

(c) 2008 National Westminster Bank Direct Banking. All Rights Reserved.

Nationwide Secure Profile Update Confirmation

Here's on that's quite dangerous and could fool a lot of people. It's got the Nationwide's logo at the top of a plain text email. It's sent to just the one email at a time, and the link in the email goes to "http://nationwide-ebanking.co.uk/sing-on".

Now apart from the fact the link says 'sing-on' instead of 'sign-on' (!!!), that's quite a plausible URL. The only problem is that it is registered to a UK individual, using Fasthosts as their registrar and host, and the domain was only registered yesterday (Saturday).

There's been a few of these plausible addresses on Fasthosts space - presumably still the backlash from their security problems a few months ago. So it's likely the details are wrong and it's just a site being hosted by an innocent party. But don't trust the email!

Here's the email. I've sent a copy to phishing@nationwide.co.uk, so hopefully they will get the site closed pretty soon.

Dear Customer,

Nationwide's Internet Banking, is here by announcing the New Security Upgrade.
We've upgraded our new SSL servers to serve our customers for
a better and secure banking service,against any fraudulent activities. Due to
this recent upgrade, you are requested to update your account information by
following the reference below.

Reference*

http://www.nationwide.co.uk/update.asp?ID=[id removed]

Regards

Customers Service
Nationwide Building Society

2008 BEIJING OLYMPIC GAMES LOTTERY DRAW

Here's another amazing lottery win - but who can win $1.5m in a lottery they have never entered.

It's either an attempt to clone your identity or you will be asked to pay an insurance for receiving the cheque. Your insurance is cashed, the prize money doesn't arrive.

Also, if you are still not convinced that you & I have not both won this lottery - if it's sent to a winning email address, why is the email sent to 'undisclosed recipients' - this means it could be being sent to thousands of addresses in one go.

Here's the content of the email:

2008 BEIJING OLYMPIC GAMES LOTTERY DRAW
CHINESE OLYMPIC COMMITTEE
REF
#:-EU/2457/2008/008

This is to inform you that your Email ID has won
US$1.5Million in the second dip of our computer ballot email lottery
with the said winning number giving below;
REF # :-EU/2457/2008/008
LUCKY DRAW NUMBER:-COC/000023675
SERIAL NUMBER:-290/200000000786

To
claim your winning,you should contact the OFFICIAL and APPROVED paying
bank here in Holland-Netherlands urgently:-

THE PROCESSING OFFICER,
POSTBANK NL
HOLLAND-NETHERLANDS.
E-MAIL:-lottclaimpostbnk@aim.com
WEB-
PAGE:-www.postbank.nl
You are also advice to furnish them with the
following information:-

Your Names:-
Telephone / Fax-
Your Nationality
{Your country of Origin}-
Your occupation:
Your winning Numbers:

Congratulations once again from management and staff of this company,
and thanking you for being a lucky winner of our promotions program.

Congratulations
Yours Sincerely.
Li C. Lee
BLUELAKES LOTTERY
PROMOTIONS

Natwest | Urgent Security Notification For Client -Thu, 21 Feb 2008 20:44:20 -0600

Today the Natwest NOF phishing email is doing the rounds, again. Slightly different subject, but basically the same email.

The email is sent to the one email address, which is displayed as the bit before the @ to try to make it look more realistic. The target URL is http://online.natwest.com.platoniv4.es/NOF/startupdate.aspx?refererident=[removed], which is obviously very wrong. There are already a handful of results on Google for platoniv4.es as a suspected phishing site.

Here's the content of the email, my copy has already been sent to phishing@natwest.com, so they should be aware of the email. That's assuming my ISP allows the email through - they quite often delete such emails!

Dear NatWest Bank customer,

We have implemented security measures consistent with our internal information security practices to help us keep your information secure. These measures include technical and procedural steps to protect your data from misuse, access or disclosure, loss, alteration or destruction.

One of these security measures is NOF (NatWest Online Form) to help us to keep your personal and banking data up to date.

You should complete NOF on a regular basis.

Please complete NOF using the link below:

NatWest Online Form

NatWest Automated Mail Service. Please do not respond to this mail.

Abbey | REF# 2121 Important Information Regarding Your Account

This one is very similar to the previous report. As far as I can tell, it's just the number in the title that's changed.

The destination remains the same at http://211.202.2.46/~sehwa/db/q1.php?klsud=[email removed], so maybe the number in the title references the email address targetted in some way, as the two emails were received through different boxes. For reference, this Natwest and this Nationwide emails are identical.

Here's the content again,

Dear [email removed]
,
We recently reviewed your account, and we suspect an unauthorized ATM based transaction. Therefore as
a preventive measure we will temporary limit your access to sensitive Abbey features. To ensure that
your account is not compromised, please login to your Abbey Online Banking and verify your identity to
prevent deactivation.
SERVICE: Abbey Online Banking.
What you need to do:
- Go to: Abbey Online Banking
https://myonlineaccounts.abbeynational.co.uk/CentralLogonWeb/
- Login to Online Banking.

Thanks for your patience.
Sincerely,
Abbey Centre
****************************************************************************
For any inquiries, contact Customer Service.
****************************************************************************

Abbey | REF# 3139 Important Information Regarding Your Account

This one seems to be identical to the Natiowide phishing email from November, so could be the same senders.

Cleverly, it is sent to just on email address at a time and therefore also includes the email address in the content. It is just a purely text email, no fancy graphics. The destination URL this time around is http://211.202.2.46/~sehwa/db/q1.php?klsud=[email removed], which is a clever way of hiding from us that it's target is not the real Abbey website.

I've not yet discovered the email address to report these emails to Abbey, so can't forward it on. If anyone reading does know the correct address, or for that matter the correct email to report phishing for any bank, please let me know in a comment. I'll continue to add them to the list on the right.

Here's the email content.

Dear [email removed]
,
We recently reviewed your account, and we suspect an unauthorized ATM based transaction. Therefore as
a preventive measure we will temporary limit your access to sensitive Abbey features. To ensure that
your account is not compromised, please login to your Abbey Online Banking and verify your identity to
prevent deactivation.
SERVICE: Abbey Online Banking.
What you need to do:
- Go to: Abbey Online Banking
https://myonlineaccounts.abbeynational.co.uk/CentralLogonWeb/
- Login to Online Banking.

Thanks for your patience.
Sincerely,
Abbey Centre
****************************************************************************
For any inquiries, contact Customer Service.
****************************************************************************

Ebay | New URL For Unpaid Item Mutual Agreement for Item #170151922759 - Response Required

The Ebay Unpaid Item email from this morning is doing the rounds again, with a different URL.

In this instance, the url has changed to http://sinewmedia.de/bilder/cancel.php, so it could be that the earlier URL has been taken down. I've already sent this email to Ebay, so shouldn't be long before they can take action on it.

Here's a reminder of what it contains.

Dear member,


We are contacting you about the following item: HUMMER (ALL NEW 2008 MODEL) (#170151922759)

The seller, purplestarshines tells us you have mutually agreed not to complete the transaction (either because you returned or are returning the item for a refund, or because there was a misunderstanding) and has requested a credit for their eBay fees.

Please respond by 21-Feb-2008 so eBay knows whether you have made this agreement.

Please note: You and the seller will still be able to leave feedback for each other regarding this transaction.


Thank you,
eBay

Ebay | Unpaid Item Mutual Agreement for Item #170151922759 - Response Required

This one is a realistic looking email, but a quick look around and every link points to the page http://mietserver3.webplus24.de/include/template/templates_c/cancel.php - the same as the Ebay Suspension Notice Phishing Email sent a few days ago. If the emails are still doing the rounds, it looks like Ebay have not managed to close the site down, so be aware.

Other points to identify it as phishing are that it's sent to 'undisclosed-recipients' and it starts 'Dear member' - Ebay will always email such communications directly to your email box and refer to you by your member name. For this reason, it's good to have the member name different to the first part of your email address, as sometimes these people have the patience / technology to individually email out and will assume your name is the part of the email address prior to the @.

But get protected. Download Firefox or another browser with phishing protection if you don't already have it. Here's the content.

Dear member,


We are contacting you about the following item: HUMMER (ALL NEW 2008 MODEL) (#170151922759)

The seller, purplestarshines tells us you have mutually agreed not to complete the transaction (either because you returned or are returning the item for a refund, or because there was a misunderstanding) and has requested a credit for their eBay fees.

Please respond by 21-Feb-2008 so eBay knows whether you have made this agreement.

Please note: You and the seller will still be able to leave feedback for each other regarding this transaction.


Thank you,
eBay
Respond to this notification





Details for item number: 170151922759
Item title: HUMMER (ALL NEW 2008 MODEL)
Item URL: http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=170151922759
End date: 17 Feb, 2008 18:50:54 GMT
Quantity: 1
Dispute URL: http://feedback.ebay.co.uk/ws/eBayISAPI.dll?ViewDisputeConsole&DisputeType=1
Date dispute was opened: 19 Feb, 2008 08:03:03 GMT

Congratulation Your Email Id Have Won!!!

I've not had one of these lottery wins for a while. And why anyone win €2million in a lottery they have never entered??? More to the point, why if you had won, would you be emailing someone with a yahoo email address rather than a corporate address????

It's a con - most likely you have to pay an 'insurance' to have the cash transferred over to you, then you never hear from them again. Save your cash - delete the email.

Congratulation Your Email Id Have Won!!!

PRIME STAATSLOTERIJ PROMOTIONS.In line with the weekly sweepstakes of the above named organization held on the 6th of January, 2008.

It is our pleasure to inform you that your e-mail address attached to the above Ref No.BVMSA/2690/023/02,Batch No.20/333/MBV, Serial
No:5368/06,and Award No.02,03,13,16,18,20,23.came up in the first category has won the prize Sum of: €2,000,000.00 (Two Million Euro) Do contact the details below:

Contact Person: Mr. Fred Van
Email: pstaatslotclaimdept08@yahoo.de
Phone: +316-295-404-44
Fax: +31-847-185-133

You are advised to provide him with the following information:

Your Names:
Phone number:
Fax number:
Nationality:
Occupation:
Email Address:

Yours Sincerely,
Vjertis Von Adrian (Ms.) CPA.

Ebay | Suspension Notice

Here's a short and simple phishing email pretending to be involved with ebay. The actual target URL is http://mietserver3.webplus24.de/include/template/templates_c/cancel.php - which my phishing detectors are warning me about when the email is opened!

It pretends to be from aw-confirm but is sent to 'undisclosed-recipients:' - not the way ebay would email people.

Don't believe it - it's not genuine.

Your eBay userid has been unactivated

You have been unactivated from eBay because of recent fraudulent activities on your accounts.
To reactivate your userid. Click Here.


Thank You.

DONALD MUKHENZE | please, i need your humble assistance

Does anyone trust these 'money transfer' scams still? Someone must be desperate enough to fall for them else they wouldn't be doing the rounds.

It's a little bit of a puzzle that the email is indiatimes whilst the person claims to be from South Africa. But cons like this will end up with anyone who goes along with them either losing their own cash through paying 'insurance' premiums and the likes, or being involved in illegal money laundering.

FROM:MR DONALD MUKHENZE
SUITE 141 JAN SMUTH AVE,
JOHANNESBURG,SOUTH AFRICA.
DIRECT TEL: +8821621128553
PRIVATE E-mail: mukhenze@indiatimes.com


Dear Sir,

FAMILY ASSISTANCE/FUND TRANSFER

----------------------------------------------------------------------------

With due respect,trust and humanity,I write this letter to you seeking your
help and assistance,though its difficult since we have not met before.I got
your address from the SOUTH AFRICA INFORMATION EXCHANGE (S.A.I.E)regarding your
business profile and sincerity.I believe that you are capable and reliable in
handling this urgent international transaction of this sort.

I am MR.DONALD MUKHENZE,the first and only son of COMRADE.BORDER
D.MUKHENZE,the Zimbabwean former Minister for Youth & Gender Equality who is
also a businessman and politician,in the Zimbabwean political arena.My father
was the famous politician who stood firm against President Mugabes idea of
continuous fight in Democratic Republic of Congo and my father also stood
against the seizure of white owned farms and the distribution of it to the
blacks without Compesiation to the white owners.Before my father's death, in
his "WILL"he specifically drew my attention to this sum of
US$21,320Million,(TWENTY ONE MILLION,THREE HUNDRED AND TWENTY THOUSAND UNITED
STATE DOLLAR)which he deposited in a safe box of a private security
company in south Africa,INFACT MY FATHER SAID IN HIS WILL AND QUOTE:-

"MY beloved son,I wish to draw your attention to the sum of
US$21,320,000.00(TWENTY ONE MILLION,THREE HUNDRED AND TWENTY THOUSAND UNITED
STATE DOLLAR),which I deposited in a box with a security company in
Johannesburg,South Africa. Incase of my absence on earth caused by death,only
you should solicit for reliable foreign partner to assist you to transfer this
money out of south Africa for investment purpose.I deposited the money in your
name and it can be claimed by you alone with the deposit code.Your mother has
all the document.Take good care of your mother and sister

From the above,you will understand that the lives and future of my family
depends on this money,I will be very grateful if you can assist us,we are now
living in South Africa as political asylum seekers and the financial laws of
south Africa does not allow asylum seeker certain financial rights to such huge
amount of money.In view of this,I cannot invest this money here in south
africa,hence I am asking you to assist me transfer this money out of south
africa for investment purpose.

For your efforts,am prepared to offer you 25% of the total funds, while 5% will
be set aside for local and international expenses and 70% will be kept for my
family and me.All I want you to do is to furnish me with your entire personal
phone and fax numbers for easy communication.Note that this transaction is 100%
Risk free and absolutely confidential.

Looking forward to hearing from you.


Yours Faithfully
MR. DONALD MUKHENZE
pls you can also reply to: mukhenze@indiatimes.com

NatWest | Important Notification!

Catching up on some phishing emails after my holiday! Here goes with one received yesterday targetting the NatWest.

This one has an id in the subject and in the link - they are obviously tracking their recipients well. The actual target URL is http://natwest.com.ready2online.st. ready2online.st appears in a couple of Google searches for 'suspected' phishing emails.

This one is also just sent to the one email address and within the to: field displays the first part of the email address. But don't trust it.

Dear National Westminster Bank customer,

We have implemented security measures consistent with our internal information security practices to help us keep your information secure. These measures include technical and procedural steps to protect your data from misuse, access or disclosure, loss, alteration or destruction.

One of these security measures is NOF (NatWest Online Form) to help us to keep your personal and banking data up to date.

You should complete NOF on a regular basis.

Please complete NOF using the link below:

http://natwest.com/NOF/startupdate.aspx?refererident=[id removed]
National Westminster Automated Mail Service. Please do not respond to this mail.

From Mr Owusu

Another unsolicited offer of illegal work is doing the rounds. This one asks for the recipient to call a number, rather than reply to the email. Maybe they are just trying to make the con easier, more realistic, or maybe the number is a premimu rate number charging a small fortune.

Whatever the aim of this scam is, it is just that - a scam designed either to part you with cash or to get you to take part in illegal money laundering. Don't touch it.

Dear Friend,

Compliment of the season to you, Am Mr. Patrick Owusu the regional
manager of one of Rural Bank in Ghana, Tamale branch in northern
region of Ghana.

Am 47 years old married with two lovely kids. Am a man of peace
with harmony and I only hope you can assist me and if you co-
operate with me as partner you will never regret I ever contacted
you. I have packaged a financial transaction that will benefit you
and I, as regional manger of R.B it is my duty to send auditing
report to our bank head office in the capital city Accra-Ghana at
the end of each business year. On the course of last year (2007)
business report .I discover that my branch in which am the manager
made Three million united state dollars (US$3,000,000.00) which
our bank head office does not aware of and will never be aware of.


Further more in my private investigation before contacting you I
discover that this money belong to a pharmaceutical company which
was bankrupted over a decade now and I have immediately placed
this fund on what we called Escrow Account, an account without any
beneficiary information. Therefore as an official in our bank I
can not be directly have access to this money.

So my aim of contacting you is to seek for your partnership to
assist me receive this money with your bank account and get 40% of
the total fund as commission for your understanding and co-
operation. Lastly, it is strictly bank to bank transaction without
traveling to any where, all I need from you is to stand claim as
the depositor and title holder of this money who made the deposit
with my branch where am the manager so that our head office can
release the money to your bank account.

I will be very grateful if you accept to team up with me to
achieve this fund to our possession.
Kindly call me on +233-249-840830 for voice conversation.
Regards,
Mr. Patrick Owusu.

Ebay | Question From eBay Member !! - Respond Now

Another one designed to catch the unwary and aimed at Ebay, I seem to be receiving more of these recently.

The inventor of this one seems to have put in some effort disguising the URL - a huge URL string to hide the very small 9hz.com at the end. This website appears to provide web forwarding to the actual website - usually used to hide long affiliate links etc. In this case, it's to make it harder to find who is running the phishing site. You have to click the link to find out.

Here's the details.

From: aw-confirm@ebay.com
To: [email address]
Subject: Question From eBay Member !! - Respond Now
Target URL: http://signinebayonlineactionsecureloginonlineebay.9hz.com/

Hello,
Money was sent today.Please e-mail me as soon as possible because I want to know when I receive my package. Give me a good feedback !! ASAP
Thank you,
markantonio


Regards

NatWest Bank customer service: automatic notification

This one seems very similar to the Natwest phishing email reported on Thursday. Only the subject has changed and the target URL. From a quick read through, the content of the email is exactly the same, and if my memory is correct, it's been sent to the same email address.

Again it's been sent one email at a time and the to field contains the first part of the email address (the part prior to the @). Like Thursday's email, the computer_id is also recorded in the URL, so they are tracking exactly who is clicking on the emails. I expect they could also tie in the landing screen to a simple database using this to put your email address on the form, to convince you further that it's a safe form.

BUT IT'S NOT! The destination URL is temx3.hk and Google finds that site in many phishing etc results. So don't touch the link.

Here's the details, and remember to use a browser such as Firefox for it's anti-phisihing protection for your added security!

To: info (first part of email address)
From: National Westminster Bank Plc
Subject: NatWest Bank customer service: automatic notification
Stated URL: http://www.natwest.com/onlinebanking/customerform.aspx?computer_id=[removed]
Actual URL: http://www.natwest.com.temx3.hk/onlinebanking/customerform.aspx?computer_id=[removed]

Dear NatWest Bank customer:

NatWest Bank is committed to safeguarding customer information and combating fraud. We have implemented industry leading security initiatives, and our online banking services are protected by the strongest encryption methods and security protocols available. We continue to develop new solutions to provide our online banking services and their customers with confidence and security.

The added security measures require all NatWest Bank customers to complete on a regular basis Online Customer Form.
Please use the hyperlink below to access Online Customer Form:


http://www.natwest.com/onlinebanking/customerform.aspx?computer_id=[removed]

Thank you for banking with us!

NatWest Bank Customer Support