Have You Received / Experienced Any Phishing Mails or Scams ?

[ani_meher 42]

The phishing scams are hitting the email scenario quite hard now a days. I received an email from someone claiming to be from E-bay! It's very obvious that it was a very poor attempt. If you have received any such mails, do post them here.

Here's the 'Warning' from ebay!

[Dilbert 0]

Is there something fishy with the message??? Please enlighten me, I am not sure about the fishy part of this mail... Seems to me like a harmless reminder... Whaddaya say???

[ani_meher 42]

From http://www.fraudwatchinternational.com

________________________________________________________________________

The term 'Phishing' (pronounced 'fishing') is a slang IT word, made up by replacing the letter 'f' with 'ph.' Phishing, is exactly that, fishing for information - usually personal information such as credit card, bank account or social security numbers.

Scammers 'Phish' for your personal information in a variety of ways, but most commonly through fraudulent emails claiming to be from your bank or another institution that already has your personal details, asking you to confirm these details.

Once scammers have 'phished' out your information, they could use it in a number of ways. Your credit card could be used for unauthorized purchases, or your bank account could be cleared out, or they may simply gather the information for an identity theft scam, or sell your information to identity theft rings.

Phishing emails are commonly used in association with a fake web site that looks very similar to a real website from the relevant institution. See below for some examples of these type of emails and web sites.

Some examples:

PayPal Phishing Email

Which then takes you to a fake site:

Here is another example Phishing email - Westpac Bank Account Internet Verification.

Here is another example Phishing email - eBay Account Verification Email.

And here is another example of a fake site, used to 'phish' personal information. - eBay

______________________________________________________________________

So, now on, if you get any mail from your bank or any finance related company asking you your personal information to be sent by clicking on it, DO NOT belive it.

If you have such examples, do post it here, so that others may know this.

[Dilbert 0]

Oh my my.. holy zombies and rusted buffaloes....!!!!

Thanks a ton man. I gotta be careful in future.

[AmanJ 1]

even i received the same 'ebay' mail couple of days back, and i deleted it the minute i recived. the strangest thing about the mail was one could'nt actually click on the link in the email

[ashoksoft 83]

hey animeher ... that was great info ... but hth did u manage to take a printscreen spread over several scrolls ? can u please lemme know ?

cheers

Ashok

[raccoon 53]

Have been getting loads of these kinda mails since the dawn of phishing! Ebay, banks, Paypal, et all! Cant post them here since I hit all of them with my trusty "Del" key! ...Else would have had a huge collection to post here by now!

In fact not just phishing, my comp fends off all kinds of attacks everyday - phishing, loads of spam, mail viruses, spy/ad ware, network attacks, etc, etc. The internet is getting to be a more dangerous jungle everyday!

[TCP/IP 0]

I used to get them few years ago. My domain based email is not getting any spam at all:)

[TCP/IP 0]

hey animeher ... that was great info ... but hth did u manage to take a printscreen spread over several scrolls ? can u please lemme know ?

cheers

Ashok

40191[/snapback]

Perhaps by taking multiple screenshots and joining them in an image editing program.

[ani_meher 42]

hey animeher ... that was great info ... but hth did u manage to take a printscreen spread over several scrolls ? can u please lemme know ?

cheers

Ashok

40191[/snapback]

Actually the pics are not by me. It is taken from the site mentioned on top in that post. but it is not difficult also. I remember there are some screen capture softwares that have such settings, such as capturing the whole webpage etc.

About the inability to click the email id in the ebay mail, we cannot click the link, because it is mailed as a picture! but somehow, in gmail, we are unable to save that picture. The right click menu just doesn't show 'Save picture' etc command! I had to forward it to my other mail so that I can open it as picture.

One nice thing, gmail displayed a warning on top of this message, that the message didn't look authentic, and warned me about submitting any personal data. However, seeing me forwarding the spam mail, gmail must have thought that this guy is a spammer himself!

[anujit 0]

Most browsers Firefox, Opera, Netscape and now even IE (through a MSN toolbar plugin) have anti-phishing technology built in. So even if you open one of those mail and and click on a phoney link it will redirect you to the actual site. I've tried this for a number of phishing emails. It does work. However it wont work 100% of the time. So it's always best to type addresses in the address field and be aware of colour indicators (everyone misses the lil yellow padlock) that warn of phishing sites!

[anujit 0]

Ashok:

He's probably using a screen capture utility called SNAGIT.

Duh. Its right there! For a hacker not that observant.....

hey animeher ... that was great info ... but hth did u manage to take a printscreen spread over several scrolls ? can u please lemme know ?

cheers

Ashok

40191[/snapback]

[ashoksoft 83]

Thanks for that info Anujit ... and for heavens sake ... I STOPPED HACKING ! I just reverse engineer (call that cracking ... i do not really care)

Cheers

Ashok

[ssr 10]

Recently i recieved a mail from HDFC(?) bank telling me abt a new facility of transfering money from HDFC to any bank in india.

But when i loged in to HDFC bank i was not abe to see any facility like that and many of my friends who were having acc in HDFC did not recieved the mail.

There was a link in the mail when clicked it opened a page which had a form which was asking UID IPIN and other destination acc details.

Anyone else recieved simialr mail ?

I was not able to veryfy that mail properly since immediatly i deleted that mail.

Edited September 8, 2005 by ss_rakesh

[Puneet 0]

Yes. I did. Its not phishing but a mailer for genuine service started by HDFC bank. The service existed in ICICI Bank, Standard Chartered and Citi bank since long, and it was now high time that HDFC bank too provided the inter-bank electronic money transfer. You can read more about the service at: http://www.hdfcbank.com/campaign/eft/eft.html The service is in association with billdesk.com

[theking 35]

Times of India:-

Phishing for money: Scamsters clone ICICI Bank site

By Anita Bhoir/TNN

Mumbai: Scamsters seem to be giving bankers a tough time. After the benami account scam, banks now have to deal with a new kind of cyber crime called phishing. For the uninitiated, phishing is a fraudulent way of acquiring credit card, personal identification numbers and banking passwords using the internet and email by masquerading as a trusted source.

ICICI Bank, the largest private sector bank, filed a complaint with the Bandra Kurla Complex (BKC) police station on February 7 after its customers complained about being asked to validate or confirm their account details through a seemingly innocuous e-mail ID (icici@icicibank.com). When the cyber crime cell began investigating the case, they found that a scamster had managed to get hold of customer details and used it to purchase goods on the internet.

The ICICI Bank website had also been cloned. At the cloned site, www.iciciibank.net, you could buy virtually everything, from travel to financial services, gifts & computers; it also offered a free online gambling and education facility. “We are still investigating the matter,” said a senior cyber crime official.

“Within two hours of the crime, our crisis management team blocked the clone website,” said an ICICI Bank spokesperson. ICICI Bank claims it has already informed the RBI about the net fraud.

The bank claims it has sent out mailers to those customers who had received the fraudulent emails alerting them not to update sensitive account information like their debit card numbers, credit card numbers, user IDs, and passwords by clicking on an email link or by visiting a website. They also informed bank customers that they could continue to transact with ICICI Bank via the authentic website, www.icicibank.com.

After word got around in banking circles, HDFC Bank took pre-emptive action. On February 8, it sent mailers to all its customers alerting them about the dangers of phishing.

HOW TO DEAL WITH PHISHING

If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either

Use anti-virus software and a firewall

Don’t email personal or financial information

Review credit card and bank account statements as soon as you receive them to check for unauthorised charges

Be cautious about opening any attachment or downloading files that come appended with emails from sources you don’t trust

[Rohit Rocker 0]

Arrey, our dear Nokia Ind fellow is also doing the same work Posing as a Nokia site and luring the customers. The only difference is that he is not sending e mails. May be that will start too.

[Arun 795]

Be cybersafe when banking online

- Rediff.com

Jayshree Mulherkar | February 16, 2006

Along with the convenience of Internet banking, phone banking and ATMs, come some risks.

Though banks take pains to ensure that online transactions are secure, you need to be responsible and vigilant while using any of these services.

Many frauds occur because of careless users rather than careless banks.

Here are some ways in which you can protect yourself while banking online:

Choose the right place

The best place to check your online accounts is from your personal computer at home.

Avoid accessing your online banking accounts from shared computers, like those in cyber cafés. Also avoid locations that offer online connections through wireless networks (Wi-Fi), where privacy and security are minimal.

If you do have to check from a cyber café or even in your office, follow these precautions.

Once you log on, don't wander off from your desk to have a cup of coffee or attend a meeting.

Never leave your PC unattended after keying in information while transacting on a web site.

Always log out and shut the browser when you leave.

Remember, log out and close the browser to ensure that your secure session is terminated. Never exit simply by closing the browser.

Do not select the option on the browser that stores or retains user name and password.

Get a smart password

A password is the latchkey to your online account, enabling you and only you to carry out transactions.

Don't reveal it to anyone.

Use an alphanumeric password – one that combines numbers, alphabets and other characters -- like !, @, #, $, %, ^, &,* (, ) -- to make it difficult for hackers.

Use passwords that can't be easily guessed -- for example, don't use your date of birth, address, telephone number, spouse or kid's name.

Keep changing passwords at frequent intervals.

Memorise your passwords and don't ever write it down and stuff it in your wallet! If you lose your wallet or it gets stolen, you could be in a soup.

Some banks have separate passwords for viewing your accounts and for carrying out transactions. Keep both of them safe.

Other banks have a feature whereby you need another password for high value deals. So, if the money that you want transferred to another account exceeds a particular sum, you will need to enter a specific password to validate the transaction.

If you have several bank accounts, avoid using the same online banking password for all.

Get onto the right web site

When logging on to your bank's web site, don't use the embedded links in any e-mail to get to any web page. Type the link address (URL) in your web browser.

Never enter your user ID or password or such sensitive information without ascertaining that you are on the right web site.

Many banks have a 'last logged in' panel on their web sites. Always check the panel whenever you log in. If you notice irregularities (like you are logging in after two days, but the panel says you logged in that morning!), report the matter at once to the bank and change your password immediately.

Frequently check the balance in your account so that if you discover a transaction you haven't made, or if you have made a mistake, you can get it rectified immediately.

Notify your bank as soon as you discover something unusual.

Banks also ensure a certain amount of security by putting a daily limit on transactions. For example, ICICI Bank restricts online transactions to Rs 1,00,000 a day. And if transactions involving huge sums are done frequently, you may be asked to visit the bank for signature verification.

Is your computer safe ?

Ensure that your web browser supports 128-bit encryption. In fact, most banks won't let you access your online accounts if your browser does not support it.

It's also a good idea to install a firewall on the machine you're using to make online transactions.

There are many free personal firewalls online such as Zone Alarm. A firewall is like an electronic fence around your computer; it prevents crooks from accessing the information you have on it. It also gives you a warning when someone is trying to get into your computer.

Also ensure that the latest anti-virus and anti-spyware software is installed on your PC.

Don't open, run, install or use programs or files obtained from a person or organisation you do not know or from someone who is not a reputed vendor.

In case you find all of this too tedious and bothersome, remember, it is always better to be safe than sorry.

[KingofKalyan 0]

Today I got this Mail.............

EL COMBO LOTERIA ESPAÑA

INTERNATIONAL LOTTERY

PROMOTIONAL PROGRAMS

Avda. PIO XII 4-24 C.P. 280011 Madrid Spain.

Dear sir/madam,

We are pleased to notify you officially of the result of el combo Lottery Winners International program held on the 11th February 2006 as part of our promotional program for the year 2006. Your name attached to ticket number 04195806 with reference number 066-049-204-87563 drew winning numbers 2-0-9-0-7-6+01 and credited to batch number 044-13823705-064, which consequently won in the 2nd category. Via our electronic ticket as stated above. You have therefore been approved for a pay out of €223,638.00 (Two Hundred and twenty three Thousand six hundred and thirty eight Euros).

To begin your lottery claim, contact your international claims agent MR.FRANCO GOMEZ (FOREIGN OPERATIONS DIRECTOR) of NACHER GLOBAL SEGUROS .TEL:00 34 654 903 687, Email: francogomez@ozu.es with the filled payment form below for due processing and remittance of your prize money to you through your choice payment option. All prize money must be claimed not later than 20 March 2006. After this date, all funds will be returned as unclaimed to the Ministry.

PAYMENT PROCESSING FORM

1.FULL NAMES: _________________________________________________________________

2.ADDRESS:____________________________________________________________________

ZIP CODE:__________________STATE:________________COUNTRY:____________________

3. SEX: _______ 4.AGE:_______5.MARITAL STATUS:_________6.OCCUPATION:___________

8.TELE:____________________ Fax:___________________ Email:_______________________

9. BATCH NUMBER: ____________________ REF NUMBER: ____________________________

11. NEXT OF KIN: ____________________________________TEL:________________________

PAYMENT OPTIONS:

A. BANK TRANSFER________ B. ENDORSED CHECK__________ C. CASH PICK UP_________

IF FUND IS TO BE REMITE THROUGH BANK TRANSFER, WINNER SHOULD ADD BANK DATAS.

BANK NAME: _____________________________________________________________________

ADDRESS: _______________________________________________________________________

ACCOUNT NO.:_______________________________ SWIFT CODE: ________________________

Our winners are assured of the utmost standards of confidentiality and press anonymity. You are further advised to maintain the strictest level of confidentiality until the end of proceedings to circumvent problems associated with double claims. Be informed that your agent has 6% of the Award prize money as their commission after you have received your money. Original copies of your lottery receipt and coupon remains with your agent. Your winning amount is insured in your name and will be released for payment by the ministry after data’s verification and clarification. Government taxes/commission of the winning amount CAN NOT be deducted from the winning amount because of the INSURANCE BOND covering the winning amount. Congratulation once again from all staff and board members.

Sincerely,

Fernado Antanio

Promotion Director

[Arun 795]

ummm yeah, there are a lot of phishing emails floating around, find many such reported ones here: http://www.antiphishing.org/phishing_archive.html

[KingofKalyan 0]

ummm yeah, there are a lot of phishing emails floating around, find many such reported ones here: http://www.antiphishing.org/phishing_archive.html

thanks for the site.. I already reported them my mail

[shali 0]

Hi ppl,

I am starting this thread to warn ppl about Scammers lurking on ebay.

I was going to be duped by one such buyer. Forums like this help get ppls attention to the truth.

Please post ur Experiences and Suggestion.

<< topic merged >>

Edited March 8, 2006 by Arun

[anujit 0]

Also its a good idea to use web phishing detectors such as Firefox, AOL, Yahoo toolbars etc.

And have a good anti-spam filtering tool for your pop3/imap email. I use Zone Alarm. Its pretty good.

But most importantly - STOP BEING GREEDY. No you wont get rich quick. You're just a loser like everybody else!

Edited March 8, 2006 by anujit

[Arun 795]

For ebay scams, never pay anyone through Western Union Money Transfer. Paisa Pay is most preferred and for costly items, its better to collect the item directly from the buyer by cash. Also, look for the seller's previous feedback and positive/negative points recorded.

@shaligram: how did you figure out that the seller was a fraud, in the end ?

[shali 0]

Hi Everyone,

Let Me tell you the Checklist for identifying a scamster.

1> He will a new member of Ebay.

2> His residential address on Ebay will be Arbit.

3> He will Be ready to pay any amout of money.

4> He will always want the delivery for someone in Nigeria.

5> He will ask u to Deliver it via DHL or Fedex etc.

6> He will agree to pay the Delivery costs.

7> He will tell u that he will Pay u via WESTERN UNION MONEY TRANSFER.

Please Dont send ur goods as the goods as well as the Trasportation expenses will be lost for ever

For ebay scams, never pay anyone through Western Union Money Transfer. Paisa Pay is most preferred and for costly items, its better to collect the item directly from the buyer by cash. Also, look for the seller's previous feedback and positive/negative points recorded.

@shaligram: how did you figure out that the seller was a fraud, in the end ?

Well firstly Paisa Pay has its problems, many people complain that sometimes ur the money goes frm ur bank account but due to some connection problem it does not show up on paisa pay.

As for me i was about to send the goods to one such buyer, but thank god that i tried to search google for western union and my eyes fell on one such topic.

i checked the email id and then realised that the email was not sent from Western union money transfer.

i will post the email for reference, it happened twice. so beware.