Category Archives: Fraud

Fake Bank SMS

Below is an SMS that pretends to be from a bank. It’s a scam, and here’s how you can tell:

ANZ scam

  1. I don’t have an account with ANZ. So it’s obviously a scam.
  2. I didn’t request any accounts to be deactivated. They wouldn’t normally do this without you requesting it.
  3. If a bank really did deactivate my account they would send me a letter in the mail, on official letterhead, in a branded envelope. They wouldn’t use SMS or email.
  4. This is the most important clue: the URL at the end is from “is.gd” – this doesn’t sound like anz.com.au, it’s completely different.

So what is a “is.gd” domain?

Firstly, .gd is the top level domain of the country Grenada. Not something an Australian bank would use to communicate with their customer. But apart from Grenadian businesses it’s commonly used as a novelty domain because it sounds like “good”.

Next, “is.gd” is a URL shortening service. I’ve written about URL shorteners before. What you need to know is that it’s used to shorten (or hide) the real URL. So by looking at it you can’t know where the URL goes. You might be tempted to click on it to find out, but I wouldn’t recommend that. Clicking on untrusted URLs is one way to get malware.

So what about this is.gd domain that has the word ANZ at the end? There’s a safe way to find out what it points to – use a service called http://wheredoesthislinkgo.com. You put in the short (untrusted) URL and it expands it. So in this case, it expands to:

So not the ANZ bank’s website. We can stop here, we don’t need to click on the link. We already know it’s not really from the bank, they already lied in the original SMS so their motives are probably malicious.

What about the sender’s phone number? Can it be identified? No. SMS allows senders to change the “from” address or phone number. You need special software to do it but it’s not hard. So In this case the sender is “Message”, which is also suspicious. But really, anyone can put anything in the sender’s phone number. Just like with email.

Delete the SMS, no harm done at this point. And if you tell your friends and family about it (maybe show them the SMS before you delete it), you’ll be raising awareness of the scam. This is the best way to fight back, reduce the chance of others falling for it.

If you receive a similar SMS (with different wording) you can share it here in the comments.

Apple $100 Reward Scam

Some people have received an email that looks like it came from Apple. The email promises a $100 reward card. All you have to do is give the scammers your name, address, date of birth, driver’s license, mother’s maiden name and your credit card details, then pay them $9.

It’s a scam. It’s easy for scammers to fake an email, complete with Apple’s logo and their email address. If you hand over any details your credit card will highly likely be sold off and used for fraudulent transactions. And that $9 – you’ll never see it again.

The email looks like:

Dear Apple Customer,Apple is rewarding its long-term customers.

Your loyalty for our products made you eligible for buying an Apple Discount Card.

With this only 9 AU$ Discount Card you will have 100 AU$ credit at any Australian Apple Store or on http://www.apple.com/au/ .

To acquire your Apple Discount Card please download and complete the attached form.100 AU$ Credit Bonus

(You will receive your Apple Discount Card via e-mail in the following 24 hours after your payment has been made.)

Once again, this email does not come from Apple – it’s a scam. You should never trust unsolicited emails (or phone calls or door knockers).

How could anyone fall for this?

Sadly, there are people who think “what if it’s true, I don’t want to miss out”. The same scam would work with any high profile company or product. Be wary and let others know.

 

Photographer Scam

A recent scam targets photographers, asking them for money. Here’s a quick summary of how the scam works:

  • The scammer places an ad on Craiglist, looking for a photographer to photograph an event. The ad is appealing, offering an easy job and high pay.
  • A real photographer responds and they engage in a quick negotiation and get things going.
  • The scammer sends the photographer a cheque as pre-payment. The cheque is for more than the agreed value (overpay). The cheque is counterfeit.
  • The photographer banks the cheque.
  • The photographer makes out a new cheque to return the balance and posts the new cheque to the scammer.
  • The bank tells the photographer that the cheque bounced. By then it’s too late.

Below is an example email of this scam:

Hello ,

Thanks for the quick response and I’m sorry if my message came in late , i have been busy with other arrangements and i hope you understand .Its really nice reading from you and im glad to hear that you are available for my wedding .

I want you to know that this is a inside wedding and the order of events will mail to you a week before the wedding day but the order events is likely to be pictures first, then the wedding ceremony , and then the reception but let me discuss this with my lady because is our wedding so our two has to make the decision together . I hope you understand my point of view.

I want you to know that we will be taking formal pictures so i will like you to recommend 45minutes or an hour set aside for taking formal pictures because we have large family from both my side and the bride side and friends /co-workers we will want to take pictures with . So it will be easier if we can take the pictures before the ceremony because it will be more relaxed with fewer time constraints and would like you to set up a great “first look” shot of me looking at my bride for the first time on the wedding day.

the wedding date is ##th of sept 2012

Basically we need your service starting from 12pm to 6pm .

We are expecting 250 guests i.e 200 adults and 50 children .

And also there will be a table place set for you at the reception , so you don’t need to bring your own food but it will be nice if you can just give me an hint of what kind of food you want us to arrange for you i.e if you are vegetarian or eat all kind of foods .

Further more , there will be special important parts/people at the ceremony or reception that i would want you to take a picture of .I will send the list of the important parts/people to you a week before the wedding day and i want you to know that my wedding is a sleek modern wedding .

I need you to get back to me with your charges and i will be paying you upfront , I just called my uncle who will be in charge of your service fees he told me that your payment will be paid to you via certified check so he has asked me to ask for your full name and physical address with zip code that you want the payment to be send to so as for me to secure your service for my wedding party.

I’m currently on working on off shore and im using impaired device ,so therefore i can only send message via internet or send you an sms from my pinger ..

I will send you the venue address once you agree to everything i stated above and also waiting for the details to issue on the check…

Will be expecting to read back from you with the details I have asked for thanks so much and God bless.

Regards,
CENSORED NAME

And here’s a photo of the the actual counterfeit cheque:

Counterfeit cheque used in phtographer scam

What can we learn from this? Maybe not to return any money until the cheque clears. And to be vigilant of similar scams. If you know any event photographers you might want to let them know about the scam. There’s more information here.

Melbourne Myki System

Melbourne (Australia) has a transport ticket system called Myki. If you use it there’s currently a security risk you should be aware of.

If you purchase a ticket using their ticket vending machines and pay by credit card, the machine issues a receipt. The receipt shows the credit card owner’s full name, the card’s expiry date, and more than the last 4 digits of the card. All of these things are considered security risk. Anyone finding the receipt can use the information on it to commit credit card fraud.

If this applies to you, don’t use a credit card to purchase tickets until the issue is resolved. I can’t verify it but apparently you can’t avoid printing a receipt. Hopefully all of these issues will be resolved soon.

And for everyone, it’s worth highlighting that you should always pay attention to credit card receipts. They should never show your name, your card’s expiry date, or more than the last 4 digits of the card. You can’t assume that the payment terminal you use is perfect, as shown above.

And you should be careful how you dispose of credit card receipts. Recently there’s been a lot of publicity over a hacked iCloud account –  the hackers used the owner’s last four digits of his credit card to gain access to various accounts.

If you use Melbourne’s Myki system and pay with a credit card or have ideas on credit card receipts please leave a comment below, I’d like to hear more.

Dating Scams

Police in Burwood, Sydney, Australia, are investigating recent fraud cases whereby local women were targeted in online dating sites. The women are lured into an online relationship, complete with emails and phone calls, and once they gain their trust they ask for money. The con artists in these cases are based in Singapore and Malaysia.

In one case a lady sent over $100,000. And in nearby Erskineville a woman was tricked into sending $275,000 to a con artist in England.

The scam begins with an ad on an online dating website, targeting asian women in Sydney. They describe themselves as wealthy bankers or businessmen. They send photos, stolen from other websites on the internet. They lure their victim along for up to six months, gaining their trust, and eventually start asking for money.

These scams happen all over the world. Please help raise awareness by talking about this issue with people you know.

Note: because I used the words “online dating”, Google has placed ads on this page with links to online dating websites. Some people who post ads on these sites are not genuine, use your own judgement here.

New Scam Email Promises $16m

Here is a new scam email. It scams begin with a confusing story about millions of dollars and some official sounding name dropping (the FBI).

If you look closely you’ll see many spelling and grammatical errors. Also, the email was not sent from the FBI – you can see this in your inbox if you place the mouse pointer over the sender.

The emails is:

FBI Headquarters
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001
(202) 324-3000

Sir,

We the Federal Bureau of Investigations (FBI) Washington, DC in conjunction with some other relevant Investigation Agencies in the United states of America and right now in West Africa, headed by Wayne Mitchell (RPO), we understand that your fund has not yet been transferred to you do to an Outrageous Conduct.

We have to let you know the truth because we know that you have gone far in trying to get this fund and you must have paid some amounts of monies to persons you are not supposed to give out a dime to. Through our Global Networking Investigation, we discover that your fund (Sixteen Million United States Dollars $16,000,000.00 including the accrued interest is among the funds ON HOLD in West Africa (Ghana) do to one or two reasons which you have not been told.

As the Executive Director, Federal Bureau of Investigation FBI and a Principal Officer, We strongly know that the people you have been dealing with are not going to tell you the truth because they are all Criminals. You are hereby advised to stop every communication with any Office and feel free to explain to this Bureau why your fund is not yet released to you.

As a matter of fact, we do not have enough time to waste since we have consumed much time in going through your Payment files to ensure that these Funds are genuine and legit. On this Effect, this instruction requires urgent attention because the release of your fund is due.

We awaiting for your urgent response,

Sincerely,

Robert Muller III
FBI Director Headquarters

If you reply to the email they’ll make their story even more complicated and start asking for your bank account details. Their reply is:

FBI Headquarters
935 Pennsylvania Avenue, NW
Washington, D.C. 20535-0001
(202) 324-3000

Kind Attn:

This is to bring to your notice that we have received your mail today.

We understand that your fund has not yet been transferred to you do to an Outrageous Government Conduct which you have not been told. What a mess? though the FBI expertise and the investigation teams has officially instructed the holding bank to release your long awaited fund valued the sum of Sixteen Million United States Dollars $16,000,000.00 to you with immediate and effect.

The financial expertise and the investigation team has resolved to the fact that the fund is genuine therefore you have to stop every communication with any Office and feel free to contact the holding/ paying bank with your banking details through the below contacts information for your fund to be release to you:

MERCHANT BANK GHANA LTD
Contact Person: Managing Director
Email: merban@accountant.com
Phone: +233-247630112
Fax: +233-303403381

Do this and let us know if there’s anything you do not understood so that we can give you further instructions to back you up for this claim.

Sincerely,

Mr. Robert Muller III.

If you see this email, mark it as spam, or delete it.

 

Hotel “Wrong Transaction” Spam

Lately there have been some spam emails claiming to have details about an incorrect hotel transaction. The email is a ploy to install malware on your computer. Here’s how it works,

  • You receive an email telling you that a hotel has incorrectly charged your credit card
  • The email also says that you should fill out an attached form for a refund (i.e. open an attachment and get some money)
  • The attachment installs a fake antivirus program
  • The fake antivirus program asks you to pay money to clean your PC (even though there’s really nothing wrong with it)
This spam email has many variants but they all seem to be based on a hotel transaction. Below are some example subject lines
Hotel Renaissance Chicago made wrong transaction
Hotel Westin St. Francis made wrong transaction
Wrong transaction from your credit card in Woodrun V Townhomes
If you see an email like these just delete it, or mark it as spam. Don’t open the attachment.

Chase.com Scam Email

The following email is a scam, it looks confusing and encourages readers to click on a link. And there are many links in this email, all pointing to a hacker’s virus infected site.

Below is the email, with personal details and all of the malicious links removed:

Dear …,

Thank you for scheduling your recent credit card payment online. Your ($USD) $117.00 payment will post to your credit card account (CREDIT CARD) on 08/06/2010.

Now that you’re making your payment online, are you aware of all the convenient ways you can manage your account online?

Just log on to www.chase.com/creditcards today. Using the "I’d like to…" links for your credit card account, you can access more than a dozen features, including links to:
See statements – Choose to stop receiving paper statements, and see up to six years of your statements online.
See automatic payments – Set up monthly payments to be made automatically.
Transfer a balance – Transfer a balance to your credit card account.
Go to Personalized Alerts – Schedule Alerts to remind you of key account activity.
You can also see past payments you’ve made online by logging on to www.chase.com/creditcards and clicking "See/cancel payments" under "I’d like to …"

If you have questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Sincerely,
Cardmember Services

Never trust emails like this, especially if you don’t have an account with the company.

A useful trick to spot these scams is:

  • Identify which company the email claims to be from. In this case, it’s a company called Chase.
  • Place your mouse pointer over a link, but don’t click.
  • Look at the bottom of your screen, you should see the real link it points to. (You need to be using a modern web browser for this to work).
  • If the addresses don’t match then it’s likely a scam.

E.g., the email above talks a lot about chase.com. This is a real company in USA. scam link - do not visit this siteWhen I place my mouse pointer over the link, my browser says it goes somewhere different. The addresses don’t match, this is a scam. See the picture on the right.

Another Scam Job

Emails like this are scams. They are not legitimate jobs and you should not contact the sender – it’s part of a money mule scam.

Some words in this email can change but the general part of it remains the same:

Hello,
My name is Earnest and our company currently has several positions it needs to fill in your region.
We are a well known company with offices throughout Europe, Asia and North America.
Our current turnover is over 130 million annually and we are still seeking for expansion.
I have 12 vacancies of Financial Assistant that need to be fulfilled immediately.

Major operational duties are prompt receiving and processing customer’s payments for their further transfer according to the specified method. Detailed work scheme will be provided upon request.

I am looking for self-motivated individuals with strong work ethics and ability to schedule work hours effectively.

Requirements:

* Expert skills in managing payments and transfers between our company and clients
* Knowledge of basic payment systems
* Bank account (personal or business)
* Advanced PC and Internet skills
* Minimum 24 y.o.

Benefits:
*Salary plus commissions
*Full reimbursement of banking and Western Union fees.

NOTE: This vacancy is valid for American residents ONLY.

Contacts: <removed>

So if you see an email like this delete it. Don’t fall for the scam.