NSR - Online Fraud... please read

mmglobal · #1 (**permalink**) 06-03-2007, 01:31 PM

I just got an email that is the most convincing phishing attack that I've seen.

Phishing : A phishing attack is an online fraud technique which involves sending official-looking email messages with return addresses, links and branding that all appear to come from legitimate banks, retailers, credit card companies, etc. Such emails typically contain a hyperlink to a spoof website and mislead account holders to enter customer names and security details on the pretence that security details must be updated or changed. Once you give them your information it can be used on legitimate sites to take your money.

The offending email looks like it came from PayPal. It says:

PayPal is constantly working to ensure security by regularly screening the accounts in our system. We recently reviewed your account, and we need more information to help us provide you with secure service. Until we can collect this information, your access to sensitive account features will be limited. We would like to restore your access as soon as possible, and we apologize for the inconvenience.

--------------------------------------------------------------------------------
Why is my account access limited?

Your account access has been limited for the following reason(s):

June 03, 2007: It has come to our attention that your PayPal billing information are out of date. This require you to update your billing information as soon as possible.
This billing update is also a new PayPal security statement which goes according to the established norms on our terms of service (TOS) to reduce the instance of fraud on our website.

Please update your records on or before June 03, 2007. A failure to update your records may result on a suspension of your account.

To update your PayPal records click on this link (link didn't make it in the cut and paste)

This new security statement will helps us continue to offer PayPal as a secure and cost-effective payment service. We appreciate your cooperation and assistance.

Sincerely,
The PayPal Team

(Your case ID for this reason is PP-227-460-629.)

--------------------------------------------------------------------------------

Copyright © 1999-2007 PayPal. All rights reserved.

--------------------------------------------------------------------------------

The format of the email looks perfect. Even the link to click looks like a PayPal link... but it's not....

http://www.paypal.com.login.1c611cd....run/webscr.htm

This looks like it goes to PayPal.com, but really this is 1c611cd.com. That domain does not inspire much confidence if I'm going to go somewhere and log in with my PayPal info....

Please do not click on a link an log into a banking system as a response to an email or a website unless you are absolutely sure!!!!

I know too many people who've lost thousands this way.

Mark

Maria · #2 (**permalink**) 06-03-2007, 08:38 PM

Long ago I discontinued a PayPal account but then about a year later started receiving something like this. I am always extremely wary of anything asking for updated personal information such as SS number.

Thanks for this heads up.. what I received looked exactly like a PayPal website. Also had received a banking one that was not kosher~ scary stuff!!! BEWARE! or rather Be Aware!

dshobbies · #3 (**permalink**) 06-04-2007, 05:34 AM

Mark,

I've gotten this particular email many times, as well as others from banks, including ones I've never used. A little known but sometimes very effective way to tell if your link is secure...
ALL secure links or website addresses begin not with http: but with https:, the s meaning secure. If you'll note, your link did not contain that all important S.

See, all those years of watching those damned discovery channels paid off.

Dale

Maria · #4 (**permalink**) 06-07-2007, 05:34 PM

Dale,
thanks for this info! Very helpful!

mmglobal · #5 (**permalink**) 06-15-2007, 04:19 AM

Reply from Paypal:

Quote:

From: spoof@paypal.com [mailto:spoof@paypal.com]
Sent: Sunday, June 03, 2007 7:00 AM
To: Mark S. Mintzer
Subject: RE: Q510 - Thank you for your email to PayPal (KMM83204336V79225L0KM) :kf1

Dear Mark S. Mintzer,

Thank you for taking the time to contact spoof@paypal.com. The email you reported was not sent by PayPal and is a phishing (fraudulent) email.

-------------------
What to do Next
--------------------
Delete the phishing email. If you've already responded to the email, please log in to your PayPal account and perform some important safety measures.

1. Go to your Profile and change your password and security questions.

2. Review the payments listed on your Account Overview.

If you notice a payment that you don't recognize, visit the PayPal Security Center to file a claim. We'll promptly investigate any suspicious transactions and you won't be held liable for unauthorized payments sent from your account.

-------------------------------------
Visit the PayPal Security Center
-------------------------------------
In the new PayPal Security Center you'll find fraud-fighting tips, tools, and technology.

You'll learn:
* Ways to stay safe online
* How to spot fake emails
* What to do if you suspect unauthorized activity in your account

You'll also find tools to help protect against identity theft:
* Equifax credit alerts: Receive notifications about activity on your credit accounts
* eBay Toolbar: Download a toolbar that warns you when youre on a potentially fraudulent web site

-------------------------------------
Safeguard Your Account
-------------------------------------
Phishing emails often try to get your attention by telling you that there's a problem with your account.

One way to figure out if an email is really from PayPal is to open a new browser and log in to your PayPal account. Any important information about your account will be displayed once you are logged in.

------------
Thank You
-------------
By alerting us to this phishing email, you're taking an active role in keeping the PayPal community safe. Users like you are our greatest partners in combating spoof.

We'll use the information you provided to work with law enforcement to shut down the fraudulent website.

Sincerely,

PayPal

************************************************** **********************
Remember, PayPal will never ask you for your password in an e-mail.
There are no exceptions to this policy. If someone claiming to be from
PayPal asks you for your password in response to an e-mail, you should
refuse to provide it and contact us. To contact PayPal, go to the PayPal
Help Center and click the "Contact Us" link.

************************************************** **********************
This
email is sent to you by the contracting entity to your User Agreement,
either PayPal Inc or PayPal (Europe) Limited. PayPal (Europe) Limited is
authorized and regulated by the Financial Services Authority in the UK
as an electronic money institution.

************************************************** *********************

mmglobal · #6 (**permalink**) 06-15-2007, 04:22 AM

Websites that begin with https use a security encryption system that insures that data is transmitted in an encrypted format. That way, someone cannot monitor the netork (wireless or wired) and read account names/numbers/passwords or other data "in the clear".

mmglobal · #7 (**permalink**) 06-15-2007, 03:38 PM

I never got to finish the last post....

Websites that begin with https use a security encryption system that insures that data is transmitted in an encrypted format. That way, someone cannot monitor the netork (wireless or wired) and read account names/numbers/passwords or other data "in the clear".

Setting up a website using https tells your computer and the server to encrypt / decrypt the message so nobody can read it.

Security certificates can be an additional help. The owner of a website registers a security certificate. When you go to the website, the certificate is checked to see if it's there... current... etc...

Getting an error related to a security certificate is not an indication that the site is not legit.... however if you are dealing with your bank, stock broker, etc.... I would not trust a site without a security valid security certificate.

Conversely, not getting an error related to the security certificate of an https site does not mean that it's legit. It just means that the owner of the site invested just over $100 to get the certificate.

Mark

Maria · #8 (**permalink**) 06-15-2007, 04:41 PM

There is so much to learn...

ans · #9 (**permalink**) 09-17-2007, 06:56 AM

I just re-read this stuff b/c I was phised by Amazon.com and I thought I was cautious. I've seen lotsa fake PayPal ones but this one looked like an excellent replica too.

Yap, fell for it but nothing was compromised and am getting new cards immediately.

Beware!

mmglobal · #10 (**permalink**) 08-28-2008, 09:40 PM

Very convincing one today....

From: US Airways [mailto:wwwtke@borntosend.com]
Sent: Thursday, August 28, 2008 10:13 AM
To: mark
Subject: Your Online Flight Ticket N 46900

Dear Sirs,
Thank you for using our new service "Buy airplane ticket Online" on our website.
Your account has been created:

Your login: email address was here
Your password: pass08VF

Your credit card has been charged for $693.49.
We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket.
To use your ticket, simply print it on a color printed, and you are set to take off for the journey!

Kind regards,
US Airways

___________________________________________

This came with an attached zip file that I did not open. I was tempted to check with credit card companies to make sure I had not been charged. Then I noticed return address obviously has nothing to do with US Airways.

I have recently flown US AIR, so it was hard to ignore it. However... I just deleted it.

Mark

dshobbies · #11 (**permalink**) 08-29-2008, 12:02 AM

A good idea when you suspect a fraudulent email is instead of clicking on the link, type in the email address of the company as you know it and log in as you usually would. If a message is real, before viewing your account, a message will appear giving you all necessary info.

Also instead of just deleting fraudulent emails, I delete it permanently by holding down the shift key while deleting... in outlook.

mmglobal · #12 (**permalink**) 08-29-2008, 04:55 PM

You have to be careful.... some times the link will appear to be a link to the legit website. In internet explorer (depending on your settings) when you hover over the link, you see the actual link address on the lower left of your screen. You can also right click on the link and select properties to get the real link address.

Often I see a link like:

HTML Code:

www.billing.paypal.com.email-notify.ru/0982349872.html

It looks like a link to paypal, but it's linking to a website called email-notify.ru

This is nasty stuff and a lot of people are getting ripped off. I still don't understand why the powers that be cannot shut the spammers and online fraud people down. The cost to the world's economy is enormous.

mmglobal · #13 (**permalink**) 09-04-2008, 04:52 PM

They will graciously provide you with software that will allow you to keep all of your passwords safely. Don't be a victim of this kind of scam!!! You can be sure that their software will look very professional and give you a vault to keep your passwords in. You can also be sure that it will phone home with your usernames and passwords.

Attention all Customers RBC Bank USA!
Each person at the RBC online banking has his or her private RBC ID and password.

- Do not give your RBC NetID and password to anyone else, even if they are close friends or members of your family!
- Do not let others use your account, even if you log them in!

Be sure your computer is up-to-date with security patches, anti-virus, and anti-spyware protection.
Download our latest Password Protection Internet Software to make your online business totally secured.

Install RBCBankx.cert now (This is a VERY long link that resolves out to kiokpeabc.com)

With best regards, Bruce Haney.
RBC USA Bank Support Department.