Previous article

APCUG Web Site

APCUG Reports
January-March 2009

Next article

Index for this issue
Default font size
Large font size
Very Large

Scam Alert
by Don Singleton

Dear PayPal ® customer,

We recently reviewed your account, and we suspect an unauthorized transaction on your account.

Protecting your account is our primary concern. As a preventive measure we have temporary limited your access to sensitive information.

Paypal features.To ensure that your account is not compromised, simply hit “Resolution Center” to confirm your identity as member of Paypal.

Login to your Paypal with your Paypal username and password. Confirm your identity as a card member of Paypal.

Please confirm account information by clicking here Resolution Center and complete the “Steps to Remove Limitations.”

Trend Micro caught this pfishing attempt

As did Firefox

If I had foolishly ignored their warnings I would have seen

And very quickly the credit card hooked to my Paypal account would have been drained.

Your Online Banking has been blocked

During our regular update and verification of the Bank of America Online Banking Service, we could not verify your current information. Either your information has been changed or incomplete. As a result your access to use our services has been limited. Please update your information.

To restore your online banking access, kindly update your information. You can update your online banking details by following the link below

Click here to update your account.

Thank you for banking with Bank of America, the industry leader in safe and secure online banking

Sincerely,
Bank of America Customer Service

----------------------------------- *Important*

Because E-Mail Is Not A Secure Form Of Communication, This E-Mail Box Is Not Equipped To Handle Replies.

But you think it is a secure enough form that I am supposed to trust you to give me a link???

If you are a Bank of America customer

You sent me an email about my account, and you don’t even know whether I am a customer? It happens I am, but I am smart enough not to fall for this pfishing attempt.

and have sensitive account-related questions, please call the phone number provided on your account statement or the appropriate phone number indicated in the following “Contact Us” link so we can properly verify your identity. For all other questions or comments, please use the Web forms available via Contact Us. We respect your privacy, and you can rest assured that we protect your information, including your email address, and will never sell or share it with marketers outside Bank of America.

To find out more, please read our Privacy Policy. Bank of America E-mail, 6th Floor, 101 North Tryon Street, Charlotte, NC 28255-0001

The “Click Here” would have taken me to http://www.aerotic.de/secure/bofa/update/

McAfee SiteAdvisor warned me

If you do not have McAfee SiteAdvisor, you might want to go to http://www.siteadvisor.com/ and download a free copy.

Bank of America Alert: Protection I.A.C.

The “Verification Link” was http://aircritic.com/www/verifyiac.php which interestingly is a server owned by Global Net Access in Atlanta Georgia. I informed Global Net Access that their server was being used this way.

Trend Micro and McAfee Site Advisor warned me it was a pfishing attempt.

Possible SPAM verification paypal

I don’t speak French, but I got

Confirmez votre adresse email !

Bonjour Monsieur

Pour finaliser votre compte PayPal Business, vous devez cliquer sur le lien ci-dessous et saisir votre mot de passe sur la page suivante afin de confirmer votre adresse email.

Cliquez ici pour activer votre compte

The link they provided would have taken me to http://srvpaypal.1stfreehosting.com/paypal.fr/update/cgi-bin/fr/security/cmd/customers/index.htm and Trend Micro and McAfee Site Advisor warned me it was a pfishing attempt.

Account Security Measures

Dear valued Bank of America® member,

Due to a recent high number of fraudulent transactions, we have issued the following security requirements.

It has come to our attention that 98% of all fraudulent transactions are caused by fraudsters using stolen account information to purchase or sell non existant items. Thus we require our members to enroll in our SiteKey security upgrade, as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. After you submit the requested information, we will create a unique algorithm based on your personal computer, allowing us to recognize you in any future online banking sessions and thus immediately spotting any unauthorized access. By passing back and forth secret information that only you and Bank Of America know, you can feel even more secure with your online banking experience. We recognize you and you recognize us. If you could please take 5-10 minutes out of your online experience and enroll in the SiteKey security upgrade, you will not run into any future problems with the Bank Of America online banking service. However, failure to meet our security requirements will res ult in your account suspension.

We are requesting this information to verify and protect your identity. Federal regulations require all financial institutions to obtain, verify, and record identification from all persons opening new accounts or obtaining ongoing payment services. This is in order to prevent the use of the U.S. banking system in terrorist and other illegal activity. For these reasons, Bank Of America will utilize services provided by various credit reporting agencies to verify the information you submit to us.

Once you have enrolled in our SiteKey security upgrade your pending Bank Of America account transactions will not be interrupted and will continue as normal.

Please enroll in our SiteKey security upgrade by clicking here.

Thank you for your time.

Regards,
Security Department.
Bank Of America

The link they provided would have taken me to http://madrid10.worldbone.de/bankofamerica.com/

Trend Micro and McAfee SiteAdvisor warned me about this pfishing attempt.

WebNews / Cox.Net Web Email Account Update!!!

Dear Cox.Net Email Account Owner,

This message is from Cox.Net messaging center to all Cox.Net email account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused Cox.Net email account to create more space for new accounts.

To prevent your account from closing you will have to update it below so that we will know that it’s a present used account.

To complete your Cox.Net Webmail account, you must reply to this email immediately and enter your

Username :( )

Password :( )

Email Address :( )

Email Password: ( )

Contact address: ( )

You can also confirm your email address by logging into your Webmail

http://webmail.cox.net/

Failure to do this will immediately render your email address deactivated from our database.

Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently.

Thank you for using Cox.Net Webmail Gateway

Warning Code:VX2G99AAJ

Thanks,

Welcome to Cox.Net WebMail

Cox.Net Webmail Support

Interestingly http://webmail.cox.net/ is their real web address. What they are counting on is that rather than clicking on it I will just reply to the email. If we look at the header of the email we see

Return-Path:

Received: from eastrmimpi03.cox.net ([68.1.16.121])

....

Received: from defstand.gov.in ([203.197.234.12])

....

Reply-To: message89@gmail.com

....

Return-Path: sounds like it will go back to them, but look further, and Reply-To: message89@gmail.com is where the reply really will go. Interestingly we also see that it came from defstand.gov.in, which would be a government server in India. It must be just a mail server, because there is no website at http://defstand.gov.in/.

Dear Old Friend,

It is my pleasure to reach you after our unsuccessful attempt on our business transaction. Well, I just want to use this medium to thank you very much for your earlier assistance to help me in receiving the funds.I am obliged to inform you that I have succeeded in receiving the funds with the help of a new partner from South America Mr. Alfredo Gomez Castillo.

Everything was perfectly done because we strike a deal with one of the Lady Accountant who works with the Federal Ministry of Finance (FMF), and she rendered a tremendous help to us. My new partner initiated this idea and everything worked out successfully.

In appreciation of your earlier assistance to me in receiving the funds, I have decided to compensate you with the sum of $2,500,000.00(Two Million Five Hundred Thousand United States Dollars) in a Cashier’s draft.This is from my own share. I did this simply to show appreciation to you for your kind support and assistance even though we couldn’t succeed due to some unforseen circumstances. Presently, I am in South Korea for investment with my own share under the advice of my partner.

In the light of the above, you are therefore to contact my personal account keeper in the BANK in Cotonou Benin Republic. His name is CHARLES OBI and do send him your bank information’s to enable him transfer the draft to you through bank to bank transfer with the BANK in BENIN, E-mail address charlesobi11@hotmail.fr

Below are what you are to send to him to enable him send the cheque to you without delay :

YOUR PERSONAL DATA

YOUR FULL NAME:_________

YOUR ADDRESS____________

YOUR TELEPHONE _________

YOUR AGE.________________

YOUR IDENTITY CARD______

YOUR OCCUPATION________

YOUR COUNTRY____________

YOUR BANK NAME__________

YOUR BANK ADDRESS_______

YOUR ACCOUNT NAME______

YOUR ACCOUNT NUMBER___

YOUR SWIFT CODE_________

FAX NO.___________________

EMAIL ____________________

SIGN______________________

With my best regards,
Pastor Raymond Bello

Gee, and old friend, that I do not know, is willing to give me $2,500,000.00, even though I did not help him. And all I have to do is give him my bank information. And strangly my good friend does not know my name, much less my address, telephone number, age, etc. I think I need to find some better friends.

The VemmaBuilder Team emailed me Lucky You, Don, 302 People Added To Your SuccessLine!

We’ve got news that should excite you! The following 302 people have joined your SuccessLine as new Pre-Enrollees:.... Just as rousing, some of our Paid VemmaBuilder Members are working to make YOU money this very minute, by adding more Pre-Enrollees to your SuccessLine! To see how many people are already placed below you, click on this link: http://www.vemabuilder.com/genealogy/B62 Your ID # is 9854906 Your Password is 59050

Upgrading to Paid Member now has 2 key benefits: 1) It secures your place in the SuccessLine and GUARANTEES you a bonus the first time a person below you in the SuccessLine upgrades to Member from Pre-Enrollee, and 2) You jump over people above you in the SuccessLine whose indecision keeps them from becoming Paid Members during the present 7-day cycle. If they upgrade later on, they’ll be a permanent part of YOUR organization.

Want more information on the SuccessLine? To learn how it works, how our proven concepts and formula for success can work for you, or to find answers to other frequently asked questions, just go to http://www.vemabuilder.com and click on “VemmaBuilder Members and Pre-enrollees”. Then, put your ID # and Password in the appropriate boxes.

Ready to upgrade to Paid Member? Click on the link below, and simply choose the patent-pending VEMMA Nutrition Program. Then order your VemmaBuilder website.

http://www.vemabuilder.com/upgrade/9854906/B62

To Your Success!

-Your VemmaBuilder Support Team

--- You are receiving this email, because you signed up for a free test drive of the VemmaBuilder system. To stop future emails, please use the link below: http://www.vemabuilder.com/goodbye/9854906/5P9FB62

Let’s look at the inconsistencies.

(1) They say I signed up for a free test drive of the VemmaBuilder system (a lie), and then they give me a way to get out (required by the CAN-SPAM Act which affects Commercial Emailers)

(2) Somehow as a non paid member I have been assigned 302 downline members (like being in an MLM (multilevel marketing system) and having a downine created for me, by Paid Members, without any effort on my part, but

(3) I need to rush to upgrade to being a paid member before one of the 302 Pre-Enrollees I have been given is stupid enough to join, and thus leaves my list of 302 downline members.

What does VemmaBuilder do (other than sell websites)? I don’t have the slightest idea. If I go to http://www.vemabuilder.com it just asks me to login. Most MLMs at least have websites that give some idea what their product is. Doing a google search I see several other MLMs saying don’t waste time with VemmaBuilder (Stop Buying VemmaBuilder Leads. Your Wasting Money! and If you’re looking for info on Vemma, you’ll love this FREE CD), and implying I can do better wasting time with them. I think I will avoid wasting time with any of them.

Information Regarding Your account:

Dear PayPal Member:

Attention! Your PayPal account has been limited!

As part of our security measures, we regularly screen activity in the PayPal system.We recently contacted you after noticing an issue on your account.We requested information from you for the following reason:

Our system detected unusual charges to a credit card linked to your PayPal account.

Reference Number: PP-259-187-991

This is the Last reminder to log in to PayPal as soon as possible. Once you log in, you will be provided with steps to restore your account access.

Once you log in, you will be provided with steps to restore your account access. We appreciate your understanding as we work to ensure account safety.

Click here to activate your account

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologise for any inconvenience..

Sincerely,
PayPal Account Review Department

If I clicked on the link it would take me to http://paypal.turnkeywebsitebusiness.com. Trend Micro and McAfee Site Advisor warned me it was an attempt to steal my information.