Phishing emails from Skype

Phishing emails are emails that appear to be from a legitimate company and ask you for your username and password. It’s a simple trick to get your account details.

Recently (22 April 2010) several phishing emails were sent “appearing” to be sent from Skype. The emails have a link to a web page asking you for your Skype username and password. These details are then collected by hackers and used for malicious purposes.

The general rule is, if you receive any emails from legitimate companies asking you to log onto your accout, don’t click on the links. Open a new browser and go to the company’s web site yourself. This way you can be sure you’re on the real web page, and not be tricked into going to a fake copy of the page.

April 25, 2010 | Filed Under Phishing | Leave a Comment 

Fake CUA Email

The following email is a phishing scam. It tries to trick people into handing over some account details. The usual trick for phishing scams is to make the email sound important, and there’s a link in the email to make it easier to get to the scammer’s web site.

The phishing email says:

Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

CUA Update

Your ticket code is L690545X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.
Member ID 690545

The domain name they use is cua-members-australia (.com). After doing some simple research, CUA is a credit union in Australia. Their real address is www.cua.com.au so the one provided is obviously fake, even though it might sound real. Further research shows that the fake address was registered in USA (even though these details could also be fake).

Below is a screenshot of the phishing scam site:

cua

They get straight to business asking for a card number and a PIN. Very private information that no one should ask you.

February 5, 2010 | Filed Under Fraud, Phishing, Scams | Leave a Comment 

Fake ATO Emails

More fake ATO emails are being sent in Australia. If you receive an email about your “taxe refund” keep in mind that it’s a scam. The real ATO would never misspell tax.

Clicking on the link in the email takes the reader to an exact copy of the real ATO website. The address is clearly wrong,

If you’re in Australia please let others know of this scam.

January 21, 2010 | Filed Under Phishing, Scams | Leave a Comment 

TwitterBuilding

Twitterbuilding (dot com) is a web site that promises a few Twitter features. It’s a fake site. It steals people’s Twitter account details. Do not use the Twitterbuilding site.

twitterbuilding.com - fake site

January 21, 2010 | Filed Under Identity Theft, Phishing | Leave a Comment 

Fake banking App For Android

Android is a system used by some smartphones (similar to iPhone or Windows Mobile, but made by Google). Like other smartphones you can install apps on Android.

One Android app that showed up recently is a free banking app. It looks like it supports US banks. But instead of logging into your bank it sends your online banking details to a scammer. Then it won’t be long until someone steals money from your bank account.

Google has been notified of this malicious app and they have removed it. But for some people it may be too late.

There’s a lesson to be learnt here. Smartphones are cool, installing apps on them is cool. But we shouldn’t let our guard down and trust everything to them. Know what you’re installing, know who wrote the software, and how it stores and sends your login details.

As more people buy smartphone scams are only going to become more common.

January 13, 2010 | Filed Under Fraud, Phishing, Scams | Leave a Comment 

Another Adwords Scam

I just received the following email. It’s a scam made to look like Google Adwords, however the web site was registered just a few hours ago to somebody else.

If you go to this site and enter your Google account details you’re actually letting a stranger (hacker) know your account details. It’s a scam.

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:388520237785520
———————————————

Hello,

You have a new text alert from adwords

Please use the link below to login:

http://www.adwlordls.com/Selects/Login/static/index.html?ref=56105007342

Advertise your business on Google

Best regards, Google AdWords Customer Team © 2009

———————————————
This message was sent from a notification-only email address that does
not accept incoming email. Please do not reply to this message.
Message id:847914946168909
———————————————

So if you see this email or one like it, delete it. Google did not send this email.

January 6, 2010 | Filed Under Phishing, Scams | 2 Comments 

Recovering Compromised Facebook Accounts

Accounts are often hacked, including Facebook accounts. Too many times people fall for scam emails telling them to (urgently) click on a link and type in their password. Too many times people don’t know how to tell the difference between the real Facebook login page and one made by a scammer (read here for some hints).

And when an account does become compromised and hacked, the scammers usually use it to send out spam. Then it can be difficult for people like you to get that account back.

Facebook has given this problem some thought and added a way to recover a compromised account. They will send you an email and ask you to verify your account. Then on their web site they’ll ask you some security questions and ask you to change your password.

There’s more info here.

July 20, 2009 | Filed Under Identity Theft, Phishing, Security | Leave a Comment 

St George Bank Phishing Email

This one’s an old phishing email that never gives up, it’s still being sent in bulk to just about everyone.

St George is an Australian bank and this email’s designed to catch out their customers and to steal their online banking details.

Below is a copy of the email:

Restore your Internet Banking Access

As a result of too many incorrect attempts to access Internet Banking, your access to this service has been locked. We apologize for any inconvenience this may cause.

Please logon to your account and restore your access as soon as possible.

Internet Banking: Restore Access

trashLike all phishing attempts it’s designed to strike some fear and sense of urgency into account holders. Fear and urgency often cause people to make irrational decisions, and possibly to click on the link and quickly type in their banking details before realising they’re on a fake site.

Because this email’s been around for some time a lot of web browsers, email clients, and anti-virus products will block it. If it hasn’t been blocked on your system then you really need to upgrade your software.

June 2, 2009 | Filed Under Phishing | 1 Comment 

PayPal Phishing Email

thumbs down A new phishing email designed to catch PayPal users. This one should be fairly easy to identify as a phishing attempt, the “story” in the email doesn’t make much sense at all. It just mentions PayPal and that you need to open an attachment.

Here’s the email:

For security reasons we have sent you this message as an attachment file. This measure has been adopted to prevent personal information theft and data loss. Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page. To receive email notifications in plain text instead of HTML,update your preferences. 

PayPal Email ID PP694

If you see this just delete it. Don’t open the attachment and certainly don’t type your PayPal login details onto the web page it sends you to.

June 2, 2009 | Filed Under Phishing | Leave a Comment 

Next Page →