Category Archives: Phishing

Fake Bank SMS

Below is an SMS that pretends to be from a bank. It’s a scam, and here’s how you can tell:

ANZ scam

  1. I don’t have an account with ANZ. So it’s obviously a scam.
  2. I didn’t request any accounts to be deactivated. They wouldn’t normally do this without you requesting it.
  3. If a bank really did deactivate my account they would send me a letter in the mail, on official letterhead, in a branded envelope. They wouldn’t use SMS or email.
  4. This is the most important clue: the URL at the end is from “is.gd” – this doesn’t sound like anz.com.au, it’s completely different.

So what is a “is.gd” domain?

Firstly, .gd is the top level domain of the country Grenada. Not something an Australian bank would use to communicate with their customer. But apart from Grenadian businesses it’s commonly used as a novelty domain because it sounds like “good”.

Next, “is.gd” is a URL shortening service. I’ve written about URL shorteners before. What you need to know is that it’s used to shorten (or hide) the real URL. So by looking at it you can’t know where the URL goes. You might be tempted to click on it to find out, but I wouldn’t recommend that. Clicking on untrusted URLs is one way to get malware.

So what about this is.gd domain that has the word ANZ at the end? There’s a safe way to find out what it points to – use a service called http://wheredoesthislinkgo.com. You put in the short (untrusted) URL and it expands it. So in this case, it expands to:

So not the ANZ bank’s website. We can stop here, we don’t need to click on the link. We already know it’s not really from the bank, they already lied in the original SMS so their motives are probably malicious.

What about the sender’s phone number? Can it be identified? No. SMS allows senders to change the “from” address or phone number. You need special software to do it but it’s not hard. So In this case the sender is “Message”, which is also suspicious. But really, anyone can put anything in the sender’s phone number. Just like with email.

Delete the SMS, no harm done at this point. And if you tell your friends and family about it (maybe show them the SMS before you delete it), you’ll be raising awareness of the scam. This is the best way to fight back, reduce the chance of others falling for it.

If you receive a similar SMS (with different wording) you can share it here in the comments.

SMS Photo Scam

Below is an SMS scam. It’s personalised, which means the person running the scam has a list of names and phone numbers. The idea is that you’re being tricked into clicking the link, which takes you to a website. In some cases the website is a fake store telling you you have $500 credit. It then asks you to download an app. You should never install apps on your phone from random scammers.

If you see this SMS delete it. It’s a scam.

The sender’s phone number is most probably fake, which isn’t hard to do with SMS messages. The link shown at the end will probably be different each time. The country code shown in this SMS (+855) is from Cambodia.

smsscam1

The message says:

Chris, you received (1) new photo message: http://sn.im/<characters removed>

The sender’s phone number here is:

+855 1207355146

 

Notice to appear in court

The following email is part of a scam, it includes an attachment that most likely contains a virus, you should not open. Delete the email if you see it.

Notice to Appear in Court,

This is to advise that you are required to attend
the court of Los Angeles in January 8, 2014 for the hearing of your case.

Please, kindly prepare and bring the documents related to this case to Court on the date mentioned above.
Attendance is compulsory.

The copy of the court notice is attached to this letter, please, download and read it thoroughly.

WILKINS ALSTON
Clerk to the Court.

Fake Skype Email

This email claims to be from Skype, offering a new version to download. It’s fake, the link has nothing to do with Skype.

Remember, Skype does not email you and me with links to download. Skype will update itself.

NEW VERSION OF SKYPE 2011 IS RELEASED

Dear Skype Users,

To start New Year 2011 with new features, options and improvements, we’ve just released the new version of Skype Software.

<link removed for security reasons>

New in this version :

* Up to 5-way group video call.
* Redesigned calling experience.
* Improved video snapshots gallery.
* Improved browser plugins performance on some websites.
* Reduced false positives on browser plugin phone number recognition.
* New presence icons.
* Improved handling of calling attempts made when the user has run out of credit.
* Improved access to sharing functionality  

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Skype better all the time !

Talk soon,

The people at Skype

====================== PROTECT YOUR PASSWORD ===========================
Skype or Skype Staff will NEVER ask you for your password via email. The only place you are asked for your password is when you sign in to the Skype application or our website.

If you see the above email, delete it or mark it as spam.

Fake Acrobat Reader 2011 Emails

The following email claims to be from Adobe and suggests to install a new version of Adobe Acrobat Reader. It’s fake. Adobe does not email people asking them to download and install new versions.

The email says:

ADOBE ACROBAT READER 2011 UPDATE NOTIFICATION

This is to remind that a new version of Adobe Acrobat Reader 2011 with enhanced features for viewing, creating, editing, printing and internet-sharing PDF documents has been released.

To check and download the latest version , go to :

<link removed for security reasons>

Start downloading the update right now and let us know what you think about it.

We’re working on making Adobe Acrobat Reader better all the time !

Thanks and best regards,

Adobe Support

© 2011 Adobe Systems Incorporated. All rights reserved.
Adobe Systems Incorporated |343 Preston Street | Ottawa | ON | K1S 1N4 | Canada |

Remember, if you see this email just delete it, or mark it as spam.

Update: There’s now another version of this email, it too is a scam. The email looks like:

Adobe is pleased to announce that a new version of Acrobat PDF Reader was released today with new features, options and improvements.
<link removed for security>
What’s new in this version :
* Read, search, and share PDF files. * Convert to PDF. * Export and edit PDF files * Add rich media to PDF files * Combine files from multiple applications * Increase productivity and process consistency * Streamline document reviews * Collect data with fillable PDF forms * Protect PDF files and content * Comply with PDF and accessibility standards
To get more and upgrade to this version, go to  :
<link removed for security>
Start downloading the update right now and let us know what you think about it.
We’re working on making Adobe Acrobat Reader better all the time !
Talk soon,
The people at Adobe
Copyright © 2011 Adobe Systems Incorporated. All rights reserved.

Phishing emails from Skype

Phishing emails are emails that appear to be from a legitimate company and ask you for your username and password. It’s a simple trick to get your account details.

Recently (22 April 2010) several phishing emails were sent “appearing” to be sent from Skype. The emails have a link to a web page asking you for your Skype username and password. These details are then collected by hackers and used for malicious purposes.

The general rule is, if you receive any emails from legitimate companies asking you to log onto your accout, don’t click on the links. Open a new browser and go to the company’s web site yourself. This way you can be sure you’re on the real web page, and not be tricked into going to a fake copy of the page.

Fake CUA Email

The following email is a phishing scam. It tries to trick people into handing over some account details. The usual trick for phishing scams is to make the email sound important, and there’s a link in the email to make it easier to get to the scammer’s web site.

The phishing email says:

Dear member:

We have recently updated our Online system to include new layer secure authentication. This is intended to provide you with the best security possible when accessing your account.
You will need to update your account in order to continue using your card.

CUA Update

Your ticket code is L690545X.
We apologize for any inconvenience this may cause and appreciate your patience and understanding.
Member ID 690545

The domain name they use is cua-members-australia (.com). After doing some simple research, CUA is a credit union in Australia. Their real address is www.cua.com.au so the one provided is obviously fake, even though it might sound real. Further research shows that the fake address was registered in USA (even though these details could also be fake).

Below is a screenshot of the phishing scam site:

cua

They get straight to business asking for a card number and a PIN. Very private information that no one should ask you.

Fake ATO Emails

More fake ATO emails are being sent in Australia. If you receive an email about your “taxe refund” keep in mind that it’s a scam. The real ATO would never misspell tax.

Clicking on the link in the email takes the reader to an exact copy of the real ATO website. The address is clearly wrong,

  • Fake address: www.a-imbn . org
  • Real address: ato.gov.au  (all Australian government web sites must end with .gov.au)

If you’re in Australia please let others know of this scam.

TwitterBuilding

Twitterbuilding (dot com) is a web site that promises a few Twitter features. It’s a fake site. It steals people’s Twitter account details. Do not use the Twitterbuilding site.

twitterbuilding.com - fake site