Category Archives: Phishing

Recovering Compromised Facebook Accounts

Posted by on 20 July, 2009 No comments

Accounts are often hacked, including Facebook accounts. Too many times people fall for scam emails telling them to (urgently) click on a link and type in their password. Too many times people don’t know how to tell the difference between the real Facebook login page and one made by a scammer (read here for some hints).

And when an account does become compromised and hacked, the scammers usually use it to send out spam. Then it can be difficult for people like you to get that account back.

Facebook has given this problem some thought and added a way to recover a compromised account. They will send you an email and ask you to verify your account. Then on their web site they’ll ask you some security questions and ask you to change your password.

There’s more info here.

St George Bank Phishing Email

Posted by on 2 June, 2009 1 comment

This one’s an old phishing email that never gives up, it’s still being sent in bulk to just about everyone.

St George is an Australian bank and this email’s designed to catch out their customers and to steal their online banking details.

Below is a copy of the email:

Restore your Internet Banking Access

As a result of too many incorrect attempts to access Internet Banking, your access to this service has been locked. We apologize for any inconvenience this may cause.

Please logon to your account and restore your access as soon as possible.

Internet Banking: Restore Access

trashLike all phishing attempts it’s designed to strike some fear and sense of urgency into account holders. Fear and urgency often cause people to make irrational decisions, and possibly to click on the link and quickly type in their banking details before realising they’re on a fake site.

Because this email’s been around for some time a lot of web browsers, email clients, and anti-virus products will block it. If it hasn’t been blocked on your system then you really need to upgrade your software.

PayPal Phishing Email

Posted by on 2 June, 2009 No comments

thumbs down A new phishing email designed to catch PayPal users. This one should be fairly easy to identify as a phishing attempt, the “story” in the email doesn’t make much sense at all. It just mentions PayPal and that you need to open an attachment.

Here’s the email:

For security reasons we have sent you this message as an attachment file. This measure has been adopted to prevent personal information theft and data loss. Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your PayPal account and choose the "Help" link in the footer of any page. To receive email notifications in plain text instead of HTML,update your preferences. 

PayPal Email ID PP694

If you see this just delete it. Don’t open the attachment and certainly don’t type your PayPal login details onto the web page it sends you to.

Citi Prepaid Services Phishing Attack

Posted by on 1 June, 2009 No comments

Citi Prepaid Services is a legitimate banking service. Recently some emails have been sent that look like they came from this service. Like most phishing attacks it contains an email that tries to scare you into clicking their link.

The link takes you to a web page that “looks like” Citi Prepaid Services, however it’s run by hackers and used to collect your login details (this is called phishing).

Below is the scam email:

Dear Ecount Citi Prepaid Services Member,

Due to concerns, for safety and integrity of the online banking community we have issues this warning message.

It has come to our attention that your account information needs to be updated due to inactive members, frauds and spoof reports. If you could take 5 – 10 minutes out of your online experience, and renew your records you will not run into future problems with the online service.

NOTE: THIS NOTIFICATION EXPIRES ON MAY 17, 2009.

Once you have updated your account records, your internet banking service will not be interrupted and will continue as normal.

Please click the link bellow and renew your account information

Scammers obviously have terrible English skills (though they’ve gotten better in the last couple of years). The email shown above has at least 2 grammatical errors and at least 1 spelling error. Maybe they should spend some of that stolen money to pay for better education.

Even if you’re not a customer of the service above, this serves as a reminder that scammers never give up sending out these phishing emails. Always be wary of emails that try to scare or shock you into clicking a link.

Instead of clicking on their link, open a new web browser and type in your bank’s web site. Trust your own memory (or better yet a bookmark) rather than an unsolicited email.

You can also use a good anti-virus package that scans web pages for scams such as this one. And modern web browsers such as Chrome can also filter out some scams as well, so keep upgrading your browsers.

TwitterCut is a Scam

Posted by on 29 May, 2009 1 comment

There’s a message being sent on Twitter that tells people they can add 1000 followers in one go. The message has a link to a website called twittercut [dot] com.

Don’t click on this site, it asks you for your Twitter account name and password. If you were to hand over your Twitter account details it then sends the same message from your account.

Always be very careful when handing over your account details to unknown web sites.

Facebook “151” Phishing Attack

Posted by on 15 May, 2009 No comments

There’s a new phishing attack on Facebook (phishing is when people try to trick you into providing your personal details). It begins with a message that simply says:

Hello

If you click on it, it links to a site called 151-im. Don’t click on this message. It takes you to a copy of Facebook, asks you for your Facebook username and password, then steals that information.

Facebook’s response to this was:

"This is a phishing attack. We’re well aware of it and are already blocking links to these new phishing sites from being shared on Facebook. We’re also cleaning up phony messages and Wall posts and resetting the passwords of affected users…”

Fake KMart Survey

Posted by on 6 May, 2009 No comments

There’s a web page made to look like it’s from KMart (a retail store). It has a survey and it promises to give you $150 credit if you fill out the survey.

Like most scams, there’s an incentive to catch your attention – in this case it’s a $150 credit. This kind of scam is called phishing.

The fake survey asks a set of questions, then asks for your full name, credit card number and PIN. Never give this out in a survey!

After you enter all your details, it takes you to the real KMart’s web page so that you don’t suspect anything. Then criminals will use your credit card details to make expensive purchases.

How to identify the fake survey:

  • An email is sent to you with the subject "You have been selected"
  • The link in the email doesn’t point to KMart, it points to a web site with the word epiqteen in the URL
  • The body of the email is:

You have been selected to access the Kmart Holiday Survey and win a $150.00 gift certificate.
Please click here and complete the form to claim your prize. Thank you.

To prevent these attacks:

  • Use one of the "other" web browsers, such as FireFox, Opera and Chrome. These have better technology at detecting phishing sites.
  • Install a good anti-virus package, one that scans web sites as well as files. This a paid service and you usually get a good up-to-date list of phishing sites, and it works automatically in the background. The small cost is a great investment for your security.
  • Be very cautious of generous offers (I don’t think many companies can afford to give $150 to all their customers right now).
  • When you see a suspicious email, copy and paste its contents into Google. Then read through the results to determine if it’s a scam. E.g., Google indexes all of Fraudo’s pages, so any scams I write about here will show up on a Google search.
  • Never give out your credit card details in surveys.
  • Read the URL carefully. The URL is the address shown at the top of your web browser. If it’s not the exact name of a legitimate company then be suspicious.

Confirmation of Ticket Purchase

Posted by on 30 March, 2009 No comments

There’s some spam pretending to be from Delta Airlines. It tries to trick readers into opening the attached file, making readers believe that the ticket has been paid in full and that it’s ready to be used by the reader. The attachment is a trojan that gives people complete access to the PC and tries to download more malware every time you reboot.

Below is an extract from the fake email:

Thanks for the purchase!

Booking number:

You will find attached to this letter PASSENGER ITINERARY RECEIPT of your electronic ticket.

It verifies that you paid the ticket in full and confirms your right for air travel and luggage transportation by the indicated flight Delta Air Lines.

…and on and on…

If you see this email delete it, don’t open the attachment.

Locked Visa Accounts

Posted by on 20 February, 2009 7 comments

If you get an email telling you that your credit card is locked and that you need to click on the link to unlock it, treat it as a scam. It’s an example of email scams where they start with a story that sounds urgent (your credit card is locked), and that you need to click on the link right now (before you have time to think or research the email).

What usually happens is the link they give you is fake. It might look like a real company’s link, but if you hover your mouse pointer over the link you’ll be able to see where it really points to. And usually it’s a scammer’s web site in places like China or Russia.

Then when you get to that page, it’s been designed to look just like a real company’s site, and it prompts you to enter all your personal details including passwords. This information goes straight to the scammer who set up the fake site. He then sells it on a black market. Then someone buys your account details and uses it to commit fraud. It’s a large complex network that steals billions of dollars a year.

Below is an email claiming to be from Visa. When you receive emails like this, copy and paste it into Google, then Google will show you web sites like FraudO telling you if they’re scams.

Your Visa card is temporarily locked and the last transaction is on hold. Please understand we work to ensure your account safety. To restore your card and regain access you are required to register your Visa card in the Verified by Visa program, its a free, simple-to-use service that confirms your identity with an extra password when you make an online transaction.

It’s easy and only takes a few moments to activate your card. You can do it by clicking on the link below that will take you to Visa secure website.

[link removed - it looks like a Visa web site]

This is an outbound message only. Please do not reply to this email. If you have any questions, please refer to our Frequently Asked Questions (FAQ), or contact us. You will receive a response within 2 business days.

Thank you for using Visa Cards.

If in doubt just call your credit card company on the phone. They’ll reply immediately, not in 2 days, and you can be sure you’re speaking to a legitimate company.

Thanks to Erik for sending this one in. If you find other scams or fraud attempts you can send them in using our contact form.