Scam Detectives » Phishing

Littlewoods Phishing email

admin — Tue, 04 Jan 2011 14:11:29 +0000

We received an unusual email today which is a twist on the usual “there’s a problem with your bank account” phishing attack.

This one targets online shopping accounts and will try and trick you into logging on to a fake web shop so the fraudsters can buy goods on your credit card.

The link in the email leads to a very plausible copy of the Littlewoods website:

The usual rule applies:

NEVER click on a link in an email that asks you to log into ANY online account, be it Twitter, Facebook, your bank or an online shop

Happy New Year, and let’s make 2011 a ripoff free year!

“GooglePhishing” – Beware spoof “adwords” emails

admin — Mon, 22 Nov 2010 16:00:16 +0000

This has just arrived in our mailbox at Scam Detectives HQ:

Dear AdWords Advertiser,

For quality services and running your ads without any problems (Innactive account meaning Pausing your Ads) check your AdWords account regularly.

Check your AdWords account now. [link removed]

2010. Google is a trademark of Google Inc. All other company and product names may be trademarks of the respective companies with which they are associated. 1600 Amphitheatre Parkway Mountain View, CA 94043

Email Preferences: We sent you this email because you have indicated that you are willing to receive AdWords account performance suggestions. If you do not wish to receive emails of this nature in the future, please visit your account’s Communications Preferences page (https://adwords.google.com/select/EditCommunicationsPreferences – AdWordslogin required). Remove the check beside ‘Customized help and performance suggestions,’ and click ‘Save Changes.

Kudos to Firefox phishing and malware filter which immediately picked this up as a fake site. Entering your details into the site will result in the theft of your credit card details (and probably the hijacking of your adwords account too).

We repeat our usual advice – NEVER click on links in emails that purport to come from any organisation with whom you have a financial relationship.

A “Giant leap backwards” in online security from MBNA

admin — Tue, 16 Nov 2010 14:34:39 +0000

Credit card issuer MBNA has today sent out emails to it’s customers launching it’s improved Card Services website.

We’re all for financial institutions keeping their clients up to date and encouraging them to use online services for convenience. That’s what the Internet is there for.

HOWEVER, the email flies in the face of the bank’s own security advice. On MBNA’s “Online Account Security” page users are advised:

When logging on to banking and membership websites, ensure that you type in the web address rather than by clicking on a link-especially in emails.

This is good advice and something that we fully endorse at Scam Detectives. So why does today’s email from the bank contain not one, not two, but three links encouraging users to log in to their account directly from the email?

A “Giant leap backwards”

The entire banking community, as well as online security websites like Scam Detectives, spend a lot of time, money and effort advising Internet users not to click on links in emails to log into their online accounts. Ever.

The reason for this is to help you to avoid “Phishing” scams, where scammers set up websites that look exactly like your bank or credit card issuer’s website to trick you into entering your security details and logging into their fake site so they can then gain access to your real account and steal your money.

In our opinion, this email campaign from MBNA represents a giant leap backwards in online security and we urge the bank to contact every customer that has been sent this email to apologise and reinforce the following advice:

NEVER click on links in emails that ask you to log into your online accounts.

Editor’s note:
When we first saw this email, we were convinced it was an elaborate phishing exercise as we were sure that MBNA wouldn’t be so careless as to include “log in” links in their email. However, a few simple checks showed that it was in fact genuine:
1) The email is hosted at customerservice.mbna.co.uk (a genuine MBNA domain)
2) The “Log In” links point to the genuine MBNA website

We have approached both MBNA and UK Payments Administration for comment and will update this post with their response.

Scam Detectives – Facebook friend to the stars?

admin — Tue, 08 Jun 2010 14:29:23 +0000

Move over Brad – Angelina wants to be my friend….

Wow! Hollywood star and Mrs Brad Pitt Angelina Jolie wants to be my friend on Facebook!
For those who can’t see the image, the text reads:

Hi,
The following person invited you to be their friend on Facebook:
Angelina Jolie
Invite sent:
Tue, 8 Jun 2010 17:15:33 +0200

Facebook is a great place to keep in touch with friends, post photos, videos and create events. But first you need to join! Sign up today to create a profile and connect with the people you know.
Thanks,
The Facebook Team

Now, I’d love to think that Angelina really wanted to connect with me on Facebook, (although Mrs C probably wouldn’t be too happy about it…) but let’s face it, why would she?

The link at the bottom, which ostensibly directs you to Facebook, actually leads to an online pharmacy selling Viagra and other “enhancing” medications, along with a nasty bit of malware that would allow hackers to take control of your PC and harvest your personal details.

Remember:

Facebook friend requests show up on your profile. If you receive an email including a friend request, then log in to Facebook.com and accept it that way. DO NOT click on the link in the email.

If you don’t already have a profile on Facebook (Hi Mom!) and a friend invites you to join, go to Facebook.com and create your account. DO NOT click on the link in the email.

If a major Hollywood celebrity wants to be your friend on Facebook (and you don’t usually bask in the company of the stars) then the chances are it’s a fake profile or a phishing attempt. DO NOT click on the link in the email.

And finally

Just for good measure – DO NOT click on the link in the email.

Beware “Tabnapping” – a new kind of Phishing scam

admin — Tue, 25 May 2010 11:39:47 +0000

User Interface specialist and creative lead on Mozilla’s Firefox browser Aza Raskin has outlined a brand new variant on “phishing” attacks which he has christened “Tabnapping”.

Traditionally, “Phishing” has relied upon convincing users to click on a link in an email to take them to a fake website such as their bank, credit card issuer or email account. Once the user logs in to the fake site, their details are transmitted to the fraudster and the account is immediately compromised. Public awareness of “phishing” emails is now relatively high and most people know not to click on links in emails appearing to come from such organisations.

“Tabnapping” relies on the user believing that it is impossible for the content of a tab to change while you’re not looking. You may click on a link in Twitter, Facebook or a “sponsored link” in Google which will load a genuine webpage that delivers the content it promises. If you then click away from that site, leaving it open in a “tab” whilst viewing another website, the content of the original tab will change to a fake log-in page impersonating one of the websites you visit most often, be that Facebook, Gmail, Hotmail or your online banking account. You then scan back through your tabs and believe you’ve left the site open and have been logged out, so you log back in again.

“memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.” said Raskin, explaining how the scam works

A New Type of Phishing Attack from Aza Raskin on Vimeo.

The biggest danger of this type of attack is that it can be targetted to the websites you actually visit, or even to the ones where a current login is open. Traditional “Phishing” emails often stumble at the first hurdle by impersonating organisations or banks that you’ve never had dealings with, so you instantly know that if you don’t bank with HSBC for example, it’s a scam. A “Tabnapping” website will allow scammers to specifically target your account by harvesting your browser history to check that you actually visit the site it will impersonate.

So, how can we avoid this type of “phishing” attack?

Whenever you log in to a website, regardless of whether you already have a tab open check the URL in the address bar to make sure you’re still on the genuine website. Check especially for the Https:// at the beginning and the secure padlock in the status bar. If the URL doesn’t look right, or there’s no padlock, close the tab, open a new one and enter the URL again.

Better still, make it a policy not to leave websites that require secure logins open in tabs. That way, you’ll know if a site that requires you to log in appears in a tab, you haven’t left it there and you’ve been “Tabnapped”

Very convincing phishing email – Alliance & Leicester

admin — Fri, 07 May 2010 13:10:46 +0000

Phishing emails are usually easily spotted by virtue of poor spelling or grammar along with an obviously fake URL (web address) appearing in the status bar when you hover over the link. This effort has neither. The grammar and spelling are much better than we usually see, and the link (http://www.mybank.alliance-leicester.co.uk.*********.net/index.aspct=mybankhnlogin/index.php) appears at first glance to be an official Alliance & Leicester web address. (*’s mask a string of numbers)

Full text for screen readers: At Alliance & Leicester, we want you to be confident that banking online with us is safe and secure. For us, this means employing the latest technology and multiple layers of security to safeguard your personal details.

Our Technical Services Department are carrying out a planned software upgrade for the maximim convenience of the users of online services of the Alliance & Leicester internet banking.

Please click on reference below to upgrade your account access as soon as possible.

http://www.mybank.alliance-leicester.co.uk/index.asp ? mybanklogin?

Best Regards.
Alliance & Leicester Security Department Team.

We do not advocate clicking on links in phishing emails but as we have VERY strong security at Scam Detectives HQ we decided to explore this one further. What we found was a convincing copy of the Alliance & Leicester online banking login page asking for an 8 digit “customer number”. When we entered a random number we were presented with this screen (click for full view):

Anyone who’s ever seen a phishing login page will notice the difference here. Rather than simply asking for your login details, this webpage also asks for your debit card number and CVC code to “verify” your identity. This would not only allow the scammers to access your online banking, change your statement address and steal your identity, but also to spend your money online or over the phone using your debit card and clearing out your bank account with little chance of being caught.

Advice on avoiding Phishing scams:

* NEVER click on links in emails that appear to be from your bank, credit card issuer or payment service provider even out of curiosity
* DELETE the email immediately as it may contain malware
* DO NOT be tempted to reply to the email telling the scammer what you think of them – you’ll only receive more spam later
* IF IN DOUBT call the number printed on your statement to speak with your bank’s customer service department

Identity theft “rose by 20% in 2009″

admin — Tue, 04 May 2010 13:08:00 +0000

According to UK credit reference agency Experian, cases of identity theft rocketed by 20% in 2009 with advisors helping 5,000 victims over the course of the year, a fifth more than in 2008.

What’s Identity Theft?

Identity Theft is the practice of assuming someone else’s identity to apply for financial products including loans, credit cards, hire purchase agreements, mobile phones and other forms of credit. In extreme cases, scammers can also apply for passports, driving licenses and other official documents to effectively “become” you and apply for housing, benefits and even jobs.

If it happens to you, you could find it difficult to obtain credit, bank accounts or mortgages until it’s sorted out, and even find yourself liable for credit agreements you never applied for.

Who’s at risk?

Analysts at Experian said that their data showed that whilst wealthy people continued to be at the greatest risk of having their identity stolen, with company directors and business owners most likely to be victims, there was a growing trend among fraudsters to target mass-market victims, with criminals carrying out a high volume of low-value frauds on people whose identities were easier to steal, rather than focusing on high net worth individuals. As a result, it said young couples, single parents and people who lived in shared rented accommodation were now also at a high risk of being victims of fraud.

How does it happen?

Criminals commit identity theft by stealing your personal information. This can be done by taking documents from your rubbish or by making contact with you and pretending to be from a legitimate organisation such as your bank or credit card issuer. It can also be done online, through “phishing” attacks which trick you into revealing your login details for your bank account, then redirecting your statements to a new address.

How can you protect yourself?

Keep your personal documents safe – Use a lockable cabinet or safe to store your passport, driving license and birth certificate and don’t throw away credit card or bank statements, receipts or letters. If you need to dispose of them, use a shredder to ensure that the information can’t be read.

Keep an eye on your finances – Check statements as soon as they arrive and report any suspicious transactions to your bank or credit card issuer straight away

Keep your details safe – NEVER give your personal information to anybody who calls you, even if they say they’re from your bank or credit card supplier. If someone calls you, ask for their name and extension number then call the organisation back using the number printed on your bank statement.

Check your credit report regularly – Checking your own credit report doesn’t affect your credit rating and will alert you to any credit accounts taken out in your name. Experian offer a service called “Credit Expert” which allows you to receive email alerts as soon as your credit history changes.You can get a FREE 30 day trial of Credit Expert here.

===============================================================================
Blog Disclosure Scam Detectives will receive a small commission from Experian for every free trial taken up through this post. These commissions will be used to help fund our work providing scam warnings and advice to Internet users and “Scam Detectives Live!” presentations to schools and community groups.

Another Twitter Phishing email

admin — Fri, 23 Apr 2010 10:29:47 +0000

We received an email at Scam-Detectives HQ this morning from “Twitter Support”, telling us that we have 3 unread messages and urging us to click on a link to retrieve them.

Twitter does not send out emails advising of unread messages, it’s a phishing attempt to get you to enter your password on a fake Twitter login page.

Regular readers will remember that we told you a while ago that hacked Twitter accounts can fetch up to $1,000 (£650) so you need to be on your guard against this type of phishing attack.

NEVER click on links in emails that purport to be from social networks, banks or other websites where access is protected by login details. Go directly to the site in question and log in from there.

Is this you?? No – It’s a Twitter Phishing Scam!

admin — Thu, 25 Feb 2010 11:42:47 +0000

Twitter users have been hit by yet another phishing scam. Messages such as “Lol. this is me??”, “lol, this is funny.”,”Lol. this you??” and “ha ha, u look funny on here”. have been appearing on Twitter profiles and in emails all over the world.

The link contained in the message leads to a fake Twitter login page, which, when you login, transmits your username and password to the scammer, who can then

Bearing in mind that many people also use the same passwords for other online services such as Facebook, Hotmail and even their online banking/credit card servicing accounts, you could also find that your total online world is compromised.

Remember:

NEVER enter your login details on a page that you’ve reached via an email link or DM

DO NOT use the same password for every web service that you use

NEVER reveal your username and password to anyone

TAKE CARE that any applications that you authorise to access your Twitter account is genuine

If you think that your Twitter account has been compromised, Visit the Twitter Support page on compromised accounts here

===============================================================================
We now have a great range of PC and Home Security products available in the Scam Detectives Security Supplies online store (powered by Amazon).

SMS Phishing – Coming to the UK?

admin — Thu, 28 Jan 2010 17:12:08 +0000

As you know, what happens in the US never takes long to hit the UK.

Unfortunately, the same can be said of scams, so we should expect this to arrive on our shores soon.

We’ve received a report of a new twist on the Phishing scam where a US resident had a text message by mobile phone saying that their bank account had been frozen and giving them a phone number to call. This connected to an automated system which asked for personal details such as bank account number, password and social security number.

Detective Barry Wohl of the Arizona PD said “This is a scam, it’s going on at the present time, and there have been numerous victims. These cases are usually out of the country or come up with bogus addresses. We advise residents not to provide any personal information over the phone, especially Social Security information.”

He also said that whilst this was the first report received by the police, several internet users had reported similar incidents online.

Do not respond to a text message that purports to come from your bank. Call the customer service number on your statement and speak to an advisor. They will tell you if a problem exists. If you receive an SMS of this nature, contact your local police and they will investigate the source of the text message.

Follow our advice on avoiding phishing scams:

1) Do not visit websites linked to from emails purporting to be from your bank
2) Do not give your details to anyone over the phone if they call you purporting to be from your bank
3) Do not call any number provided to you by anyone purporting to be from your bank. Always call the customer service number printed on your statement.

We now have a great range of PC and Home Security products available in the Scam Detectives Security Supplies online store (powered by Amazon).