I received the following article from my IT department at work the other day and I thought I'd post it here, because I think it is really good information.
Something that I think is very important is the fact that the Phishers are able to spoof the address bar of your web browser. That means that even though your address bar says you are at "http://www.paulpehrson.com/scamwarning/" it doesn't mean that you are necessarily there. To be sure, you have to right click on the page, and then select the "Properties" or "View Page Info" option. That is the only way you can be sure you are really at the web page you think you are at. Also, if the URL you are at starts with "https://" you should always check to make sure that there is the lock icon in the status bar at the bottom of the browser window.
So, read the information below, and follow the links provided for more information about these scams.
****Copied from IT Website at work****
I. Email from people trying to get you to divulge private details.
They are usually trying to steal your identity (and your money).
I.1
Sovereign Bank - 'Sovereign Bank Unauthorized Account Access'
I.2
Paypal - 'Your Account Will Be Suspended'
I.3 Citibank - 'Citibank
Alerting Service'
I.4 People's Bank - 'New Mail from
People'
I.5 Suntrust Bank - 'Internet Banking with Bill Pay Fees
Waived'
I.6 Citibank - 'Your online activity confirmation'
I.7
eBay - 'Account Suspension Notice - Section 9'
II. Virus and Hoax
Alerts
II.1 Sophos: Training course emails are a
scam
II.2 W32.Sober.I@mm
II.3
SymbOS.Skulls
II.4 Latest Mydoom Virus May Signal 'Zero Day'
Attack
II.5 W32/Mydoom.ah@MM
III. Covert phishing scam lies in wait for its victims
IV. Important Phishing Information
IV.1 What To Do If You've Given
Out Your Personal Financial Information
IV.2 Identity Theft Help
Sites
IV.3 Things you should do to protect yourself.
V. Alleged Phisher Arrested in Boston
VI. Many Users Replacing Internet Explorer
VII. Alliance Formed to Fight ID Theft, Phishing Schemes
******************************
More Details About Things To Avoid
I. Email from people trying to steal your identity (and your money)
I.1 Sovereign Bank - 'Sovereign Bank Unauthorized Account
Access':
The Bait: An email sent to you stating that
'We recently reviewed
your account, and suspect
that your Sovereign Internet Banking
account may
have been accessed by an unauthorized third
party...as
a preventative measure, we have
temporarily limited access to
sensitive account
features...check your account profile...To get
started, please click the link below...'
What it tries to make
you do:
Divulge the victim's name and credit
card information, and
sovereignbank.com
username/password
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-02-04_Sovereign(sovereign_bank_unauthorized_account_access)/11-02-04_Sovereign(sovereign_bank_unauthorized_account_access).html
I.2 Paypal - 'Your Account Will Be Suspended'
The Bait: 'We recently noticed one or more attempts to log in to
your PayPal account from a foreign IP
address.'
What it tries to make you do: Divulge your personal
information
such as your name and credit card
number and your
paypal.com
username/password.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-09-04_Paypal(Your_Account_Will_Be_Suspended)/11-09-04_Paypal(Your_Account_Will_Be_Suspended).html
I.3 Citibank - 'Citibank Alerting Service'
The Bait: It arrives in the form of an email that requests "...We
Were unable to process the recent transactions on
your account.
To ensure that your account is not
suspended, please update your
information by
clicking here..."
What it tries to make you do: Divulge your
personal banking
information such as your debit card
information, citibank.com
username/password
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-10-04_Citibank/11-10-04_Citibank.html
I.4 People's Bank - 'New Mail from People'
The Bait: It arrives in an email asking that you confirm immediately
with your People's Bank account
What it
tries to make you do: Divulge your debit card information.
Where you
can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-15-04_Peoples_Bank/11-15-04_Peoples_Bank.html
I.5 Suntrust Bank - 'Internet Banking with Bill Pay Fees
Waived'
The Bait: According to the email it will waive your monthly
Bill
Pay fees on Internet Banking
What it
tries to make you do: Divulge your credit/debit card
information
Where you can see how it
actually appears:
http://www.antiphishing.org/phishing_archive/11-16-04_Suntrust/11-16-04_Suntrust.html
I.6 Citibank - 'Your online activity confirmation'
The Bait: Sending you an email telling you that your Citibank
account
is on a hold status for
maintenance
What it tries to make you do: Divulge all your personal
information
such as credit card information, SSN,
citibank.com
username/password, contact information
(name, address, etc.)
Where you can see how it actually
appears:
http://www.antiphishing.org/phishing_archive/11-17-04_Citibank/11-17-04_Citibank.html
I.7 eBay - 'Account Suspension Notice - Section 9'
The Bait: Sending you an email telling you that your eBay account
has
been suspended due to a violation of eBay's site
policy
What it tries to make you do: Divulge your eBay
username/password and
email address
Where
you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/11-18-04_Ebay/11-18-04_Ebay.html
******************************
II. Virus/Hoax Alerts:
II.1 Sophos: Training course emails are a scam
The Bait: An offering for training for well-paid jobs in the
financial sector.
What it tries to make
you do: Sign up for a training course
that it
claims will lead to a job with the financial
institution Credit Suisse.
Where you can learn more about this scam:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1022149,00.html?track=NL-358&ad=496431
II.2 W32.Sober.I@mm
The Bait: An unexpected email that arrives in your mailbox
with
various subject lines such as 'hi there',
'Registration
confirmation',
etc.
What it tries to make you
do: Open the attached file, and
if you do, and
follow the instructions, it infects your
machine
with this virus.
Where you can read more on this story:
http://www.symantec.com/avcenter/venc/data/w32.sober.i@mm.html
II.3 SymbOS.Skulls
The Bait: An extended theme for your cell phone
What it
tries to make you do: Get you to download a new feature
for your phone and install it. The new
"feature" replaces the
Phone's system
files.
Where you can read more on this story:
http://securityresponse.symantec.com/avcenter/venc/data/symbos.skulls.html
or http://www.gcn.com/vol1_no1/security/27982-1.html
II.4 The latest version of the Mydoom virus suggests to
security
experts that a much-anticipated "zero day"
attack may have already
arrived.
"Zero day" refers to an exploit, either a worm or a
virus, that
arrives on the heels of, or even before,
the public announcement
of a vulnerability in a
computer system. This week's version of
Mydoom
appeared only two days after a security flaw in Windows
Internet Explorer was made public by two hackers,
according to
experts.
Where you can read more on this story:
http://enterprisesecurity.symantec.com/content.cfm?articleid=5054&PID=182998&EID=796
II.5 W32/Mydoom.ah@MM
The Bait: Receiving an unexpected email that states "Congratulations!
PayPal
has successfully charged $175 to your
credit card"
What it tries to make you do: It tries to make you click
on a link
provided within email.
Where you
can read more on this story:
http://vil.nai.com/vil/content/v_129631.htm
******************************
III. Covert phishing scam lies in wait for
its victims:
According to experts, this is a low risk for now, but this could be
a
sign of worse things to come. Experts have detected a phishing
scam that will not require you to click on a link in the email
in order to gather your personal data while banking online.
It works by installing a diverter script on your browser so that
when you try to go to your bank's website, you are diverted to
the phisher's fake website which appears identical to your
bank's.
Where you can read more on this story:
http://software.silicon.com/security/0,39024655,39125549,00.htm
******************************
IV. Important Phishing
Information:
IV.1 What To Do If You've Given Out Your Personal Information
If you have been tricked by a phishing method into
giving out your
personal financial information, do
not wait for things to happen
or wait for the
problem to resolve itself. Take immediate action
to
protect your identity and your money.
Click on the following link for advice on what to do if you are
in
this situation.
http://www.antiphishing.org/consumer_recs2.html
IV.2 Identity Theft Help Sites
The following links are provided to assist you in case of
Identity
Theft.
* http://www.consumer.gov/idtheft/
* http://www.identity-theft-help.us/
* http://www.identitytheft.org/
* http://www.usdoj.gov/criminal/fraud/idtheft.html
* http://www.ifccfbi.gov/index.asp
* http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm
Canadians will find the following side especially
valuable:
* http://www.psepc.gc.ca/publications/policing/phishing_e.asp
IV.3 Things you should do to protect yourself:
- Since most of the phishing emails come through spam, get
a spam filtering software program and install it on
your computer.
- If you suspect a phishing attempt, report it immediately to
your bank. Every bank web site has a link or a
toll-free
number to report scams. Don't be
embarrassed if you were
tricked into divulging
account information. If you report
it immediately,
your account will be protected until you
receive a
new PIN.
- Change your password and PINs regularly. Banks advise that
you use separate PINs and passwords for different
accounts.
That way, if one gets compromised, your
entire financial life
won't be revealed.
- If you are a frequent user of eBay, download its Web
browser toolbar, a small program that runs with a
user's Web browser. It flashes red when the user
visits
a possible spoof site. The toolbar uses a
database of
spoof site URLs submitted by customers,
and is updated
quite often.
- Check your computer frequently for possible virus infection
with
an anti-virus software program.
- Regularly update your browser with patches.
- And more ideas from InfoWorld
http://www.infoworld.com/article/04/11/01/HNonlineidtheft_1.html
******************************
V. Boston police have arrested an alleged
phishing scam artist. Andrew
Schwarmkoff has been arraigned on
counts of fraud, larceny, identity
theft and receiving stolen
goods. Schwarmkoff, who is alleged to
be a Russian mobster, was
ordered held in lieu of US$100,000 bail.
Where you can read more on this story:
http://www.techweb.com/article/printableArticle.jhtml?articleID=52600627&site_section=700028
http://asia.cnet.com/news/security/printfriendly.htm?AT=39200964-39037064t-39000005c
******************************
VI. Many Users Replacing Internet
Explorer
The Washington Post reports that after Microsoft cemented a monopoly
of the Web-browser market, it let Internet Explorer (IE) go stale,
parceling out ho-hum updates that neglected vulnerabilities
routinely
exploited by hostile Web sites.
Then came FireFox, the latest in web browsers. Firefox blocks
pop-up
ads automatically, does not use Active X (which has been known
to
cause problems), and resists "phishing" scams, in which con
artists
lure users into entering personal info on fake Web pages.
Where you can read more on this story:
http://www.washingtonpost.com/wp-dyn/articles/A47146-2004Nov13.html?sub=new
(This site requires registration)
Editor's Note (Paller): FireFox, like IE, has security
vulnerabilities.
Another IE alternative is the Opera browser (www.opera.com) which will
probably be
found to have security flaws, as well.
******************************
VII. Alliance Formed to Fight ID Theft,
Phishing Schemes
Five online security software and service providers have formed
the
Anti-Fraud Alliance Group in order to help e-commerce and
financial
services firms fight fraudulent online activities such as
phishing
and identity theft.
Where you can read more on this story:
http://enterprisesecurity.symantec.com/content.cfm?articleid=5077&PID=182998&EID=799