SYNTH ZONE
Visit The Bar For Casual Discussion
Topic Options
#96979 - 12/23/04 08:13 PM Christmas scams
travlin'easy Offline
Senior Member

Registered: 12/08/02
Posts: 15576
Loc: Forest Hill, MD USA
I just received this from my ISP and thought it was something that should be passed along. During the past few months, I believe I've seen nearly all of these scams in emails sent to me:

--------------------------------------------
SANS INSTITUTE OUCH REPORT FOR DECEMBER 2004
--------------------------------------------
The "OUCH Report" is a monthly security alert e-newsletter published by
the SANS Institute (www.sans.org) meant for redistribution to
non-technical customers and staff. The latest issue of OUCH is below. I
hope you find it informative.

A great deal of the report is devoted to current "Phishing" scams. For
more information about Phishing, see the description on the front page of
our Web site at http://www.bcpl.net .

****************************************************************
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 1, No. 12 December 2004
****************************************************************

Major threat this month:
Don't Get Hooked By Phishing Scams During the Shopping Season

Experts are warning that online shoppers need to be extra watchful for
phishing scams this holiday season. Online shopping is expected to surge
25 percent over last year and email phishing scams have rocketed by a
staggering 1,200 percent since last January.

Read the full story here: http://www.internetweek.com/showArticle.jhtml?articleID=53701025

************************

Take Note:
When you update your Windows computer, you usually must get both the
Windows updates and Microsoft Office updates. They are at different sites,
which are:

Windows Update: http://windowsupdate.microsoft.com

Office Update: http://office.microsoft.com/en-us/officeupdate/default.aspx
(or use the link to Office Update on the Windows update page)

Office Update often requires the user to have their original media CDs
available to perform updates. Microsoft's explanation for this is in the
Office Update FAQ (frequently asked questions) at http://office.microsoft.com/en-us/FX010402221033.aspx#6

Users taking advantage of Microsoft's automatic updating and patching of
Microsoft Windows may not be aware that Windows update does *not* also
automatically update Microsoft Office products. You have to do it
manually.

************************
What To Avoid This Month
************************

I. Email from people trying to get you to divulge private details.
They are usually trying to steal your identity (and your money).
I.1 Sovereign Bank - 'Sovereign Bank Unauthorized Account Access'
I.2 Paypal - 'Your Account Will Be Suspended'
I.3 Citibank - 'Citibank Alerting Service'
I.4 People's Bank - 'New Mail from People'
I.5 Suntrust Bank - 'Internet Banking with Bill Pay Fees Waived'
I.6 Citibank - 'Your online activity confirmation'
I.7 eBay - 'Account Suspension Notice - Section 9'
II. Virus and Hoax Alerts
II.1 Sophos: Training course emails are a scam
II.2 W32.Sober.I@mm
II.3 SymbOS.Skulls
II.4 Latest Mydoom Virus May Signal 'Zero Day' Attack
II.5 W32/Mydoom.ah@MM
III. Covert phishing scam lies in wait for its victims
IV. Important Phishing Information
IV.1 What To Do If You've Given Out Your Personal
Financial Information
IV.2 Identity Theft Help Sites
IV.3 Things you should do to protect yourself.
V. Alleged Phisher Arrested in Boston
VI. Many Users Replacing Internet Explorer
VII. Alliance Formed to Fight ID Theft, Phishing Schemes

**********************************
More Details About Things To Avoid
**********************************

I. Email from people trying to steal your identity (and your money)

I.1 Sovereign Bank - 'Sovereign Bank Unauthorized Account Access':

The Bait: An email sent to you stating that 'We recently reviewed your
account, and suspect that your Sovereign Internet Banking account may have
been accessed by an unauthorized third party...as a preventative measure,
we have temporarily limited access to sensitive account features...check
your account profile...To get started, please click the link below...'

What it tries to make you do: Divulge the victim's name and credit card
information, and sovereignbank.com username/password

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/11-02-04_Sovereign(sovereign_bank_unauthorized_account_access)/11-02-04_Sovereign(sovereign_bank_unauthorized_account_access).html

I.2 Paypal - 'Your Account Will Be Suspended'

The Bait: 'We recently noticed one or more attempts to log in to your
PayPal account from a foreign IP address.'

What it tries to make you do: Divulge your personal information such as
your name and credit card number and your paypal.com username/password.

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/11-09-04_Paypal(Your_Account_Will_Be_Suspended)/11-09-04_Paypal(Your_Account_Will_Be_Suspended).html

I.3 Citibank - 'Citibank Alerting Service'

The Bait: It arrives in the form of an email that requests "...We Were
unable to process the recent transactions on your account. To ensure that
your account is not suspended, please update your information by clicking
here..."

What it tries to make you do: Divulge your personal banking information
such as your debit card information, citibank.com username/password

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/11-10-04_Citibank/11-10-04_Citibank.html

I.4 People's Bank - 'New Mail from People'

The Bait: It arrives in an email asking that you confirm immediately with
your People's Bank account

What it tries to make you do: Divulge your debit card information.

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/11-15-04_Peoples_Bank/11-15-04_Peoples_Bank.html

I.5 Suntrust Bank - 'Internet Banking with Bill Pay Fees Waived'

The Bait: According to the email it will waive your monthly Bill Pay fees
on Internet Banking

What it tries to make you do: Divulge your credit/debit card information

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/11-16-04_Suntrust/11-16-04_Suntrust.html

I.6 Citibank - 'Your online activity confirmation'

The Bait: Sending you an email telling you that your Citibank account is
on a hold status for maintenance

What it tries to make you do: Divulge all your personal information such
as credit card information, SSN, citibank.com username/password, contact
information (name, address, etc.)

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/11-17-04_Citibank/11-17-04_Citibank.html

I.7 eBay - 'Account Suspension Notice - Section 9'

The Bait: Sending you an email telling you that your eBay account has been
suspended due to a violation of eBay's site policy

What it tries to make you do: Divulge your eBay username/password and
email address

Where you can see how it actually appears: http://www.antiphishing.org/phishing_archive/11-18-04_Ebay/11-18-04_Ebay.html

II. Virus/Hoax Alerts:

II.1 Sophos: Training course emails are a scam

The Bait: An offering for training for well-paid jobs in the financial
sector.

What it tries to make you do: Sign up for a training course that it claims
will lead to a job with the financial institution Credit Suisse.

Where you can learn more about this scam: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1022149,00.html?track=NL-358&ad=496431

II.2 W32.Sober.I@mm

The Bait: An unexpected email that arrives in your mailbox with various
subject lines such as 'hi there', 'Registration confirmation', etc.

What it tries to make you do: Open the attached file, and if you do, and
follow the instructions, it infects your machine with this virus.

Where you can read more on this story: http://www.symantec.com/avcenter/venc/data/w32.sober.i@mm.html

II.3 SymbOS.Skulls

The Bait: An extended theme for your cell phone

What it tries to make you do: Get you to download a new feature for your
phone and install it. The new "feature" replaces the Phone's system files.

Where you can read more on this story: http://securityresponse.symantec.com/avcenter/venc/data/symbos.skulls.html
or http://www.gcn.com/vol1_no1/security/27982-1.html

II.4 The latest version of the Mydoom virus suggests to security experts
that a much-anticipated "zero day" attack may have already arrived.

"Zero day" refers to an exploit, either a worm or a virus, that arrives on
the heels of, or even before, the public announcement of a vulnerability
in a computer system. This week's version of Mydoom appeared only two days
after a security flaw in Windows Internet Explorer was made public by two
hackers, according to experts.

Where you can read more on this story: http://enterprisesecurity.symantec.com/content.cfm?articleid=5054&PID=182998&EID=796

II.5 W32/Mydoom.ah@MM

The Bait: Receiving an unexpected email that states "Congratulations!
PayPal has successfully charged $175 to your credit card"

What it tries to make you do: It tries to make you click on a link
provided within email.

Where you can read more on this story: http://vil.nai.com/vil/content/v_129631.htm

III. Covert phishing scam lies in wait for its victims:

According to experts, this is a low risk for now, but this could be a sign
of worse things to come. Experts have detected a phishing scam that will
not require you to click on a link in the email in order to gather your
personal data while banking online.

It works by installing a diverter script on your browser so that when you
try to go to your bank's website, you are diverted to the phisher's fake
website which appears identical to your bank's.

Where you can read more on this story: http://software.silicon.com/security/0,39024655,39125549,00.htm

IV. Important Phishing Information:

IV.1 What To Do If You've Given Out Your Personal Information

If you have been tricked by a phishing method into giving out your
personal financial information, do not wait for things to happen or wait
for the problem to resolve itself. Take immediate action to protect your
identity and your money.

Click on the following link for advice on what to do if you are in this
situation:

http://www.antiphishing.org/consumer_recs2.html

IV.2 Identity Theft Help Sites

The following links are provided to assist you in case of Identity Theft.

http://www.consumer.gov/idtheft/
http://www.identity-theft-help.us/
http://www.identitytheft.org/
http://www.usdoj.gov/criminal/fraud/idtheft.html
http://www.ifccfbi.gov/index.asp
http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

Canadians will find the following site especially valuable: http://www.psepc.gc.ca/publications/policing/phishing_e.asp

IV.3 Things you should do to protect yourself:

Since most of the phishing emails come through spam, get a spam filtering
software program and install it on your computer.

If you suspect a phishing attempt, report it immediately to your bank.
Every bank web site has a link or a toll-free number to report scams.
Don't be embarrassed if you were tricked into divulging account
information. If you report it immediately, your account will be protected
until you receive a new PIN.

Change your password and PINs regularly. Banks advise that you use
separate PINs and passwords for different accounts. That way, if one gets
compromised, your entire financial life won't be revealed.

If you are a frequent user of eBay, download its Web browser toolbar, a
small program that runs with a user's Web browser. It flashes red when the
user visits a possible spoof site. The toolbar uses a database of spoof
site URLs submitted by customers, and is updated quite often.

Check your computer frequently for possible virus infection with an
anti-virus software program.

Regularly update your browser with patches.

And more ideas from InfoWorld http://www.infoworld.com/article/04/11/01/HNonlineidtheft_1.html

V. Boston police have arrested an alleged phishing scam artist.

Andrew Schwarmkoff has been arraigned on counts of fraud, larceny,
identity theft and receiving stolen goods. Schwarmkoff, who is alleged to
be a Russian mobster, was ordered held in lieu of US$100,000 bail.

Where you can read more on this story:
http://www.techweb.com/article/printableArticle.jhtml?articleID=52600627&site_section=700028 http://asia.cnet.com/news/security/printfriendly.htm?AT=39200964-39037064t-39000005c

VI. Many Users Replacing Internet Explorer

The Washington Post reports that after Microsoft cemented a monopoly of
the Web-browser market, it let Internet Explorer (IE) go stale, parceling
out ho-hum updates that neglected vulnerabilities routinely exploited by
hostile Web sites.

Then came FireFox, the latest in web browsers. Firefox blocks pop-up ads
automatically, does not use Active X (which has been known to cause
problems), and resists "phishing" scams, in which con artists lure users
into entering personal info on fake Web pages.

Where you can read more on this story: http://www.washingtonpost.com/wp-dyn/articles/A47146-2004Nov13.html?sub=new
(This site requires registration)

Editor's Note (Paller): FireFox, like IE, has security vulnerabilities.
Another IE alternative is the Opera browser (www.opera.com) which will
probably be found to have security flaws, as well.

VII. Alliance Formed to Fight ID Theft, Phishing Schemes

Five online security software and service providers have formed the
Anti-Fraud Alliance Group in order to help e-commerce and financial
services firms fight fraudulent online activities such as phishing and
identity theft.

Where you can read more on this story: http://enterprisesecurity.symantec.com/content.cfm?articleid=5077&PID=182998&EID=799

Copyright 2002-2004 The SANS Institute
_________________________
PSR-S950, TC Helicon Harmony-M, Digitech VR, Samson Q7, Sennheiser E855, Custom Console, and lots of other silly stuff!

K+E=W (Knowledge Plus Experience = Wisdom.)

Top
#96980 - 12/25/04 07:54 AM Re: Christmas scams
jnuy1010 Offline
Junior Member

Registered: 11/03/04
Posts: 21
Loc: Selangor, Malaysia
The above examples posted by Gary remind us about the danger of Email scams. One must always on the alert beforehand to avoid being victimized by such a forgery if we are dealing E-commerce (purchasing goods or banking online).

Top

Moderator:  Admin, Diki, Kerry 



Help keep Synth Zone Online