Guide to identity theft prevention
May 25, 2007
Here are some useful tips provided by Equitable PCI Bank to help you prevent identity theft when doing online banking.
Electronic Banking Consumer Protection Tips
from Equitable PCI Bank
Another fake e-gold email
March 17, 2007
Be warned of the following email purportedly from e-gold. It is a phishing email, one designed to steal your personal data to be used for identity theft.
Do not click the link in the email. It goes NOT to e-gold’s official site (www.e-gold.com) but to a fake site (loooooooooong URL!):
http://lwww.e-gold.com.acc.secure.
accsent.activationacc.
egoldupdateservice.3ahd.net/
5ae52d14451gf45gfffgf54gf1h4524
5412ds45 sd21dsike539e6saas56df
54hg5f4h45ds5445cv5m54zxc45e
4545jh4h87fg8872s356475s78fs8
fs8jfhfd54.html
How a phishing e-gold site works is described in the Beware of the fake e-gold site article.
More examples of fake e-gold emails can be found in the Fake E-gold Emails thread in the forum.
How you can protect yourself from phishing can be described in the Fight the Phishing Sites article.
Full text of the fake e-gold email after the jump.
BPI warns users against phishing emails
February 4, 2007
The Bank of the Philippine Islands (BPI) recently issued a warning to users of BPIExpressOnline, its online banking facility, against phishing emails. Phishing — pronounced “fishing” as in “fishing for information” — is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, and account login information.
How to check whether an email is a phishing email or not and how to protect oneself from phishing is discussed in the What is Phishing? article.
Fight the phishing sites!
January 2, 2007
Here’s one more reason why you should install or update protection softwares in your PC.
Today I received an email supposedly from PayPal regarding my unauthorized activity claim (full copy of the email at the end of this article). Now, I did file an unauthorized activity claim in PayPal several weeks ago so I thought this was a valid response from PayPal.
Of course, I am aware what phishing is and how to protect oneself from phishing sites so before clicking the link in the email, I tried this basic test to check if it was a spoof mail: I hovered my cursor above the link and, true enough, it was not a valid PayPal link.
Nevertheless, I still went to the phishing site (WARNING - This is a Phishing site: http://diaresch.sites.netavous.net/) just to check how it looks like. Voila! both browsers I was using — Mozilla Firefox and Internet Explorer — warned me against accessing the site.
Here’s a screenshot of what I saw upon accessing the phishing site via Mozilla Firefox.
The entire site faded to black and a very conspicuous warning appeared at the top of the page. It read:
Web Forgery
This page is very likely to have been designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other fraud.
It gave me options to “get out” of the site or “ignore the warning” to continue and also to “report the site to Google”. Of course, that was not a tough choice for me, I opted to get out of the site.
Tips to avoid scams on eBay
November 26, 2006
Consider the following stats related to eBay-related scams, as reported by Javelin Strategy & Research:
- Nearly 100 people in eBay become victims of identity fraud every five minutes;
- Total losses amount to $600,000;
- Around 11% of members fall for a typical spoof or phishing scam.
An article published on the December 2006 issue of Entrepreneur magazine gives the following tips to protect oneself online when buying or selling goods on eBay.
Don’t be fooled by spoof PayPal mails
November 2, 2006
Forwarded this PayPal phishing email to spoof@paypal.com and got a reply several hours later:
Thank you for contacting PayPal about a fraudulent (spoof) email or Web
site. We appreciate you bringing this suspicious email to our
attention.We can confirm that the email you received was not sent by PayPal. Any
website which may be linked to this email is not authorized or used by
PayPal.Our fraud prevention team is working to disable any website linked to
this email. In the meantime, please do not enter any information into
this website. If you have already done so, you should immediately log
into your PayPal account and change your password, as well as your
security questions and answers. We also recommend that you contact your
bank and credit card company immediately.
Reporting unauthorized PayPal transactions
In the same email, PayPal also gave a step-by-step guide to report unauthorized transactions in one’s account.
If you are able to log into your PayPal account:
- Log in to your account at https://www.paypal.com
- Select the “Resolution Center” subtab.
- Click “Open a dispute.”
- Select “Unauthorized transaction,” then click “Continue.”
- Enter or select the transaction ID for the transaction you would like to dispute, then click “Continue.”
- Complete the report for Unauthorized Use on a PayPal Account, then click “Continue.”
- Confirm that the claim is correct, then click “Submit.”
If you cannot log in to your account:
- Go to https://www.paypal.com
- Click on the “Security Center” link located at the bottom of any page.
- Under the “Report a Problem” column, click on “Unauthorized Transaction.”
- Click “Continue” under “Unable to log in?”
- Confirm that the transaction in question is unauthorized then click “Continue.”
- Complete the report for Unauthorized Use on a PayPal Account, then click “Preview.”
- Confirm that the claim is correct, then click “Submit.”
- Confirm your account ownership by entering the financial information requested, then click “Continue.”
Ways to fight spoof emails
Here are PayPal’s tips on how to fight fraudulent emails.
- Report it. Forward the entire email - including the header information - or the site’s URL to spoof@paypal.com We investigate every spoof reported. Please note that the automatic response you get from us may not address you by name.
- Use Account Guard on the eBay toolbar. If you use Internet Explorer, download the eBay toolbar. Account Guard helps ensure you are on PayPal or eBay.
- Use the SafetyBar. Email security provider Cloudmark has engineered a toolbar for Microsoft Outlook you can use to report spoof emails. Should you receive a spoof, click the SafetyBar’s “Block Fraud” button to automatically report it to us.
Fake PayPal email
November 1, 2006
Now that you have a PayPal account, you should be wary of emails you receive supposedly from PayPal. Although the emails might have a header and logo similar to that of PayPal, most of these are actually phishing mails intent on stealing your personal information.
More information about phishing, how to check if an email is fake, and ways to protect yourself from phishing can be found in the What is Phishing? article. A sample phishing website is explained in the “Beware of the fake egold website!” article.
Yesterday we received an email purportedly from PayPal asking us to login to the site to update our personal records. Failure to do so, the email says, will result in account suspension. Here’s a screenshot of the email.
What is Phishing?
October 8, 2006
Ever received an email from eBay asking you to verify your account? Or from e-Gold warning you to login to your account otherwise it will be suspended? Or from Yahoo Mail asking reactivation because your account has been hacked?
If you dismissed the email and simply deleted it, good for you. But if you opened it, clicked and accessed the link, and tried to login to the website, congratulations, you have just become a victim of a phishing attempt.
Phishing (pronounced “fishing” as in “fishing for information”) is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. The phishing email usually looks like an official letter from a trusted source, such as a bank, credit card company, payment processor, or online merchant. Phishing emails normally direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
How a phishing website works is explained in the “Beware of the fake egold website!” article. Sample phishing emails are in the following threads in the forum:
Do they really think we’re that stupid?
September 17, 2006
Got this email today. It’s obviously a scam targeting the greediest of all greedy ginks.
Does “Cheryl” really think we’d believe that she can double our money if we sent her $30? That e-Bullion has a flaw in the system that will let you “rob” them? And that, uh-huh, you can get away with it?
Sure, there are thousands (probably millions) who’d fall for this, but don’t be one of them!
What is DDoS?
July 31, 2005
The aim of a Distributed Denial of Service (DDoS) attack is to paralyse online systems. Using a ‘trojan,’ the attacker is able to recruit unprotected hosts and build a network of compromised machines - often referred to as ‘zombies’ or ‘botnets’ - which can then be used to flood the “victim’s” website with requests for information. Read more
