Phishing & virus emails

[Niall]

I'm bored so I thought I'd mention this.

While I had my forums running for my CZ server, I had the usual irritation of bots signing up (or trying to as I had to auth all accounts). One thing I noticed lately is that the address that I blocked (on the forums) have now started attempting to send phishing and virus emails to me (after two months of sending viagra emails). Not only those, but I was quite surprised to see some genuine email addresses (not masked, the actual senders) being used were from large companies. Not the huge stores from high streets, but equally well known of the smaller bunch of retailers and online sellers.

I find it quite worrying that these companies trade on the net and clearly haven't got ample security, or even staff trained not to click on big flashing emails with "CLICK ME TO WIN" staring at them!

I've gone from receiving about 60 emails a day to around 4 as most are relying on you opening the email so they can track which email address opened what email. Block those from appearing in your mail in the first place and they'll never know you've seen the email at all (unless you're stupid enough to have auto confirmation of receipt of email turned on!). 

Infact, before I finish this post I'll check todays bunch.

Ah ha, a different sort of mail has started as of today. Most entertaining:

Alternative medicine for you!
Alternative health products@ (the at sign isn't a typo)
Your order pending (from Claudette M Eubanks - wow not suspicious at all!)
Our experts recommend...
4 mens health (like ANY company sends out emails that are not written correctly!)

Around and around we go. I wonder what tomorrow will bring.

[Rik]

I like the ones from banks, which ask me to confirm my logon details and to ignore the message if I'm not a customer. Yeah, right! 

[Niall]

I haven't had one of those for months. I think I only ever had 2 of them anyway.

You'd have to be an idiot to send someone those details anyway. That being said, a lot of people have done, or they wouldn't continue to do it.

[madasahatter]

You'd have to be an idiot to send someone those details anyway.

Unfortunately there are a lot of these "idiots" about...... 

[Rik]

I see, maybe, one a week, Niall. Never for a bank I'm a customer of, and for a variety of my email addresses, so no obvious source.

[Niall]

Heh, that was what amused me. The ones I did get were for banks I've never used.

Although that's not strictly true as the Natwest is under the Royal bank of Scotland umbrella and the email was for them, but I'm being pedantic now

[Rik]

Mind you, the way banks operate these days, it wouldn't surprise me if they didn't know whether or not I was a customer! Did you see the piece on Watchdog about them clearing cheques without checking the signature?

[madasahatter]

That happened to a mate of mine - (or rather his girlfriend in a way).

He sent a cheque off to pay a bill - nothing unusual there you might say. Except that he had written and signed a cheque from his girlfriends chequebook instead of his own. Now, his girlfriends bank account is with the same bank, but a totally seperate account, yet the company (who shall remain nameless because it was really not their fault) successfully presented the cheque for payment. It only came to light when she checked her account, saw this cheque had been cashed, didn't know what it was for, rang her bank, and realised what had happened!

In this case there was no real harm done, but both of them have now swapped banks - two seperate ones this time .

[Rik]

That was pretty much the story on Watchdog, only father and daughter in this case.

I'm not really surprised at it, but I wonder how you would prove it, given that banks don't return cheques anymore?

[Captain K]

The "best" phish I've seen was an email my wife received, purportedly from Paypal.  It was free from the usual gaffs, spelling and grammatical errors, and what's more, it wasn't one of those "Log in or else we'll close your account" messages.  It was simply a facsimile of the email Paypal sends you when someone's made a payment to you.  The subject was "Paypal - Payment Received", and the body of the text was simply an advice that somebody@wherever.com had made a payment of £47.35.  It didn't invite you to login, but it did contain a link at the bottom.

My wife is normally highly cautious about phishing emails, but even she was too taken by curiosity at who might have paid her £47.35, for a few moments, to think about the possibility of it being a phish.  She clocked it before she clicked the link, but being one of the most phish-savvy people I know, it scares her to think she even thought, however briefly, of clicking the link.

A clever one, and one to watch out for!

[Simon]

I constantly get emails from 'NatWest' at the moment, even though I'm not a customer.  They just get deleted with Mail Washer, so I don't even know what the content is, other than it being iffy.

[Lance]

I've never had one at all from any 'bank'. I feel quite left out!

[colirv]

I report phishing emails here.

[Lance]

Thanks for the link, Colin. 

[Gary]

There was a email doing the rounds last year supposedly from paypal which asked you to call a number as you account may have been used fraudulently. You were asked for proof of account and credit card information, it was not an official paypal number, and I don't have a paypal account so that was the clincher for me, but it was convincing and many people were caught by it. There is a on line test to see if you can spot phishing scams hosted by Sonicwall here it would be interesting to see how many people get them all right 

[madasahatter]

That was an interesting challenge.

I got 9 out of 10. Got one of the chase ones wrong

[Rik]

Got one of the chase ones wrong

Never stand still.

[madasahatter]

 

So that's where I've been going wrong all this time.

thanks Rik

[David]

Try this if you have one of these which could be genuine or you are unsure,hover your mouse over the bottom line and you will see the originating address(only if its fake) I have heard it works a treat and if just a few people get saved its worth it,a warning to anyone who thinks are tempted to reply and "have a go" a lot of these things eminate from really big time criminals and in some cases the have in retaliation bombarded the recipient with so much traffic it cause meltdown,just report them or delete.They are just a waste of time but I understand that people do fall for these scams.

Keep your hand on your happenny