New Scam – Better Business Bureau

The Better Business Bureau have been targeted as the latest providers of a “trusted source” for email phishing attempts. Not that the BBB are actually doing something wrong, but have been targeted by the spammers as a face for their campaign due to their trustworthiness, and in this case, the concern that happens when you get an email from them saying something is wrong.

With this latest email (I received 2 today, even though I am not in the US) they use the threat of a complaint against your company to get you to click on a link in the email.

Here is a copy of the email

RE: Case # 18558568
2011/12/20

Hello,

The Better Business Bureau has been filed the above-referenced complaint from one of your clients on the subject of their dealings with you.
The detailed information about the consumer’s concern is presented in enclosed document.
Please give attention to this matter and let us know about your opinion.
We encourage you to open the ATTACHED REPORT to reply this complaint.

We look forward to your prompt response.

Sincerely yours,

Louis Gerald

Dispute Counselor
Better Business Bureau

So again, it is a case of being careful when something like this appears in your mailbox. Don’t panic and click the link to see what the issue is, if in doubt hover over the link and it will tell you in the status bar of your email program the real link that it will take you to.

If it looks in any way suspicious, leave it alone.

ANZ Bank Phishing Target Again

These phishing attempts are usually found by my virus scanner, but this one got through.

Anz Bank

We’d like to inform you that your Secure Messages Center has 1 new message.

Please login to your Online Banking and visit the Secure Message Center section in order to
read the message.

Log On to Online Banking.

(The Message Center contains only important information about your account and online banking.)

Copyright Australia and New Zealand Banking Group Limited ABN 11 005 357 522, 1996-2011.
ANZ’s colour blue is a trade mark of ANZ.

 

The log on link goes to http:// nogueirametalurgica . com . br/www . anz . com/index . php

This is a typical ploy where they hide the link to a hacked website. Here they have placed a site that looks the same as the target (This time ANZ) and hope that you do not look at the link that appears in the URL section of your browser.

Whenever you get a dodgy email, you can often just hover over the link in the email, and the email program will show you the link that you will be taken to.

If it is anything like this, then stay away

Lottery Winning Scam – Phishing Again

The anglers are at it again, phishing for your personal details.

I got two emails this morning, both titled “Royal win!” to two different addresses. Aren’t I lucky to win two 1st category prizes. Especially when I didn’t enter!

PDF’s are attached that ask for personally identifiable information, such as Passport, Drivers License or other ID.

Together this, with the other standard info such as contact info, can be all that is required for identity theft.

Don’t fall for these kinds of scams. Any time someone is asking for information that can be used for identification such as middle name, passport or date of birth, be very careful you know who you are giving it to.

These guys are using the lure of winning money to entice people to hand over these details.

Don’t be fooled.

Below is the email contents, there are also two pdf’s attached, a claim application form and a terms and conditions document.

Continue reading

Igrin Email Scam

Local NZ ISP Igrin is the latest to be targetted for a phishing scam.

This one is quite crude as even the links look nothing like Igrin links

This message is from the webmail IT service, you are to provide to us the below information to re-validate your account due to spam.

What was the problem?

On November 27th, our servers were subjected to a malicious attack, which affected certain components of the operating system on some of our servers. Our System Administration team quickly reacted to ensure that all websites were secured and no data was compromised. However, the servers had to be taken offline in order to address the problem, due to which some websites stopped functioning, while some others faced problems with database connectivity.

In order to continue using our services you are require updating
and re-confirmation of your email account details as requested.
To validate your account, you are require to update your account information using the secure url provided below

http://www.pacnet-servers.co.cc/igrin/login.php.htm

Failure to do this will immediately render your account deactivated
from our database and service will not be interrupted as important
messages may as well be lost due to your declining to re-confirmed
to us your account details.

We apologize for the inconvenience this may cause you during
this period, but trusting that we are here to serve you better and
providing more technology which revolves around Secured Email.

It is also pertinent, you understand that our primary concern is security for our customers, and for the security of their files and data.
CONFIRMATION COaDE: /93-1A388-480

IT Support Team

Don’t fall for this one. Igrin has a generic “We don’t ask for your login and password” message on it’s home page, I wonder if they have sent anythign out? I wonder what their policy on protecting their clients is?

If there is anyone from Igrin out there, can you let us know?

What’s Hiding Behind That Shortened URL

TinyURL.com, bit.ly and the new su.pr from Stumbleupon are all tools you can use for shortening URL’s, especially useful for Twitter and other micro blogging sites due to their limitation on each message.

However, I had never thought of the possible implications of shortened URL’s, primarily the ability to hide any references to bad sites hosting malware, phishing scams etc.

I found this in my server logs when someone used longURL.org to expand one of my shortened URL’s for a recent post, most likely found on my Twitter account or Digg as these are common places to find shortened URL’s.

It really made me think about how blindly we click on shortened URL’s expecting them to go to where the description says they will.

Have you had any bad experiences with shortened URL’s taking you places you hadnt expect? Is this a huge problem waiting to happen?

Latest Email Scam – Trying another Tack

I have just started receiving a new wave of scam emails, these look like phishing ones (where the perpetrators try to mimic a reputable website, to encourage the public to enter personal details etc ), but the twist is that they are now changing from fear related (ie for your security, or there was a problem style) to reward related.

Here is the email I just got, I have removed the link, but left the link text:

Subject: Complete our quiz for a chance at 500$
From: quiz@commbank.com.au

Complete our quiz for a chance at 500$

We will randomly draw 50 winners from those that respond with all correct responses and deposit $500 in the customer's account.
You may only enter once and must be a member to enter. 

Please follow the link below to proceed: 

<a class="moz-txt-link-freetext">http://www.commbank.commbankcau.com/quiz/</a>

Winners will be notified by phone and/or mail. 

You must complete this quiz within 24 hours to win. 

Sincerely,
Commonwealth Bank

Notice that the domain of the email quiz@commbank.com.au
, and the domain name of the link www.commbank.commbankcau.com
are different

These are all attempts to trick people into clicking the link and handing over their details.

Once again, any emails coming from your, or another bank or financial institution like Paypal should be treated with caution. As a rule, do not follow any links in these kinds of emails. Go to your Bookmarks, or search in Google for the text of the email to see if you can find any mention of scam related issues.

Let me know if you have seen something similar, or other tactics these people are trying to use to trick us.