‘Your eBay Account Has Been Suspended’
April 22, 2008
A few minutes ago, I cleaned up my inbox and found the following warning email from “eBay” threatening me that my “eBay account has been suspended.”
New scam using fake Paypal email
February 7, 2008
A Pinoy Money Talk (PMT) member emailed me yesterday to ask whether a Paypal transaction she is planning to enter into is a scam or not.
Apparently, some guy supposedly from the UK contacted her asking help to transfer Paypal funds. The guy claims he plans to visit the Philippines and needs help moving funds to the country.
This should already raise a red flag. Never, ever agree to such transactions because you may unwittingly be a conspirator to money laundering. A suspiciously large amount being withdrawn to a Philippine bank account raises the bank’s alarm and if you could not properly explain how you got the amount and why you are transferring money, you may be charged under the country’s Anti-Money Laundering Law.
Phishing email, fake website: e-buiilon.com
February 7, 2008
In the tradition of fake Paypal, eGold, E*Trade, Gmail, and YouTube emails designed to steal your personal information, here comes another phishing email that attempts to deceive you into logging to a fake website so it can hack your e-Bullion funds.
The well-designed email comes complete with the logo of online currency e-Bullion.com and a header image that ironically announces, “Eliminate Risks & Fraud.”
Bonjour! C’est un PayPal phishing l’email
September 28, 2007
Pardon my French (literally), but a few minutes ago I received an interesting email supposedly from PayPal France.
The polyglot that I am (not!), I had to get help from a Language Translation site in order to decipher the message and, as expected, it is just one of those many PayPal phishing emails.
Phishing is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. Phishing emails are normally used to direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
The French PayPal email I got was no different from other spoof emails. All bore the warning that my PayPal account has been restricted and I need to access a certain website in order to lift the restriction.
Now the rule when receiving emails like these that ask you to login to a certain site: if the website’s URL does not appear to be the official URL of your bank, credit card company, or payment processor, don’t go there and don’t log in!
Yahoo! Messenger scammer, hacker on the loose
September 27, 2007
Beware of scammers who use Yahoo! Messenger (YM) to lure victims to invest in a fake prepaid load business. If the potential victim decides not to join the “venture,” the scammer then attempts to hack that person’s Yahoo account.
Here’s how the modus operandi works.
Another Gmail phishing email
September 20, 2007
Just a few minutes ago, we received the following “Security Alert” email purportedly from Gmail:
from: Gmail Team <mail-noreply@google.com>
date: Sep 20, 2007 1:44 PM
subject: Security AlertYour account has been randomly flagged in our system as a part of our routine security measures. This is a must to ensure that only you have acces and use of your Google account and to ensure a safe Gmail experience. We require all flagged accounts to verify their information on file with us.
This is the right link for edit account page
After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account. Please note that if you don’t verify your ownership of account in 2 x 24 hours we will block/ susspend your Google account.Thanks,
The Gmail Team
The text “edit account” in the second paragraph contains a link that redirects to the following site: < http://www.uk-google.com/account > (Screenshot of the website below.)
This site is a PHISHING website. Phishing is a type of deception designed to steal one’s personal data such as credit card numbers, passwords, account login information, etc. The phishing email usually looks like an official letter from a trusted source, such as a bank, credit card company, payment processor, or online merchant. Phishing emails normally direct recipients to a fraudulent website where they are asked to provide personal information. This information is then used for identity theft.
Although the header included a line saying the mail was sent by the “Gmail Team,” the server that actually sent the mail was “crater.myserverhosts.com” — definitely not a Gmail or Google server.
Note as well the typographical and grammatical errors in the email (acces, 2 x 24 hours, susspend). If that guy was indeed working in Google, he should be fired for sending a crappy, unprofessional email like that.
More info on how to detect phishing emails in the article What is Phishing?
Fake YouTube videos being used to spread malware
August 26, 2007
If you received an email from someone you do not know with a link to a YouTube video, don't click the link. It might be a download link for a trojan or worm that can harm your PC or trigger a case of identity theft.
Today I received an email from a certain natblaze@jwmolding.com inviting me to watch a particular YouTube video. The supposed video, however, is not on YouTube but on a different site — http://89.179.33.84/ — and visiting it automatically prompts you to download an .exe file. (WARNING: Do not visit the site if you do not want your PC to be compromised.)
The .exe file is most probably a malicious software (malware) such as trojan or worm.
A Trojan is a program that installs backdoor programs in a person's computer that allows unauthorized remote access to the victim's machine. A Worm, on the other hand, is a self-replicating program that sends copies of itself to other computer terminals without the need for any user intervention. These malicious softwares are normally used to steal passwords of the victim which are used for identity theft.
(Text of the email with the link and screenshot of the malware download page after the jump.)
E*Trade email phishing alert
August 20, 2007
Today I received another phishing email – emails that look like an official letter from a trusted bank, credit card company, or payment processor but is actually a type of deception designed to steal one’s personal data.
The email intends to trick E*Trade Financial (www.etrade.com) users into providing their personal information which will be used for identity theft.
Don’t fall for these fake emails! Find out how you can protect yourself by reading the following articles:
- How to detect phishing emails: What is phishing?
- How phishing websites work: Beware of the fake egold website!
- How to protect oneself against phishers: Fight the phishing sites!
- Sample phishing emails: E-gold PayPal Yahoo Gmail
Copy of the E*Trade phishing email after the jump.
Guide to identity theft prevention
May 25, 2007
Here are some useful tips provided by Equitable PCI Bank to help you prevent identity theft when doing online banking.
Electronic Banking Consumer Protection Tips
from Equitable PCI Bank
Another fake e-gold email
March 17, 2007
Be warned of the following email purportedly from e-gold. It is a phishing email, one designed to steal your personal data to be used for identity theft.
Do not click the link in the email. It goes NOT to e-gold’s official site (www.e-gold.com) but to a fake site (loooooooooong URL!):
http://lwww.e-gold.com.acc.secure.
accsent.activationacc.
egoldupdateservice.3ahd.net/
5ae52d14451gf45gfffgf54gf1h4524
5412ds45 sd21dsike539e6saas56df
54hg5f4h45ds5445cv5m54zxc45e
4545jh4h87fg8872s356475s78fs8
fs8jfhfd54.html
How a phishing e-gold site works is described in the Beware of the fake e-gold site article.
More examples of fake e-gold emails can be found in the Fake E-gold Emails thread in the forum.
How you can protect yourself from phishing can be described in the Fight the Phishing Sites article.
Full text of the fake e-gold email after the jump.
