The Northern Kentucky Chamber of Commerce lost $163K in an email phishing scheme. The chamber got an e-mail from someone claiming to be with Fifth Third Bank. The message even had Fifth Third’s logo, copyright and a Web link. But looks can be deceiving. The chamber unknowingly released key information to a phishing crook who scored a $163,000 catch. Although the chamber has recovered about $65,000 so far, the agency is changing procedure and has called in the FBI in to investigate.

It wasn’t enough for hackers who hit AT&T’s DSL equipment sales Web site to simply make off with some customer information; they’ve been using those stolen names, e-mail addresses, and credit card numbers to launch especially convincing phishing attacks against those victims. The phishing site set up by the hackers incorporates this stolen customer data in an effort to convince AT&T customers to divulge additional sensitive information, including Social Security numbers. AT&T has already alerted 19,000 customers of the potential phishing attack. The phishing scam was setup like this: Attackers sent AT&T customers e-mails advising them that their recent credit card transaction at the SBC DSL store was rejected because of incomplete information on their account. Customers were then directed to the bogus Sbcdslstore.org URL  (the actual URL is sbcdslstore.com) to update their account information, including birth date and Social Security number. AT&T states explicitly on its AT&T Yahoo help page that the company does not request credit card, Social Security number, or other sensitive personal information through e-mail. The phishing scam adds insult to injury for AT&T customers, particularly because the stolen data used to personalize the phish made the e-mail seem fairly convincing. All users are to distrust and beware of any emails from any companies asking for personal data.

Security firm Sophos is warning PC users of a Trojan horse that has been spammed out, claiming to be a notification that an Apple iPod has been shipped to them, and their account has been charged almost $500. The emails claim that the music player is being shipped via FedEx and that a payment of $479.95 has been received from the recipient’s e-gold account. Attached to the emails is a file called OrderInf.zip, which unpacks to OrderInfo.exe. Executing this file infects the user’s computer with the Dowdec-A Trojan horse that attempts to download further malicious code from the internet. Below is a copy of the email message.  

Dear ,
Please read the following message carefully. We notify that your order was approved and shipped to you via FedEx 2Day Service, track 792531968828.
The amount of $479.95 USD was recieved from your e-gold account.
The details of transaction and specification of chosen product we send you in self-extracting compressed-zip file.
Read it carefully to make sure that there’s no mistakes in characteristics of chosen product.
We appreciate your choice!
According to the rules, refund must be based on your original method of payment. Any requests to refund using e-gold are not accepted, if the payment method was credit card. IPod For Your, Yahoo Shopping

Online threats have grown and spread into many different things over the years. Who remembers the time when the biggest internet concern was a virus that sent itself to everyone in someone’s address book? It’s sad to say that we wish that is our only concern now. Now cybercriminals don’t just mess up your computer, they mess up your life. They can pilfer confidential information, steal identities, and even pose as legitimate entities. Much of the increase can be attributed to a practice known as “phishing,” which finds crooks stealing consumers’ personal identity data and financial account credentials through “spoofed” e-mails that lead users to counterfeit websites.  Once there, recipients are tricked into divulging financial data such as credit card numbers, account usernames, passwords, and Social Security numbers. In a recent trends report, The Anti-Phishing Working Group received 12,883 reports in March 2005 rose to 18,480 unique phishing reports were received in March 2006. To ward off online threats, conduct regular reviews of your credit card and bank statements. Investing in up-to-date antivirus protection, spam blockers, and firewalls is another strategy.

Never a day goes by that I don’t receive my daily paypal phishing email.  The best part about this is that I get these sent to email addresses that I don’t even have associated with my Paypal account.  Check out this one:

_______________________________________________

PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs
some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal’s User Agreement access to your account will be limited This is a fraud prevention measure meant to ensure that your account is not compromised.

In order to secure your account we may require some specific information from you. We encourage you to log in by clicking on the link below and complete the requested form as soon as possible. 
[url]https://www.paypal.com/cgi-bin/webscr?cmd=_login-run[/url] (If you did a view source of this in your email program, you would see that the link goes to: [url]http://0xCb0×83.0×80.0×63/recom/recom_pp.html[/url])  Ignoring our request, for an extended period of time, may result in account limitations or may result in eventual account closure.

Thank you for your prompt attention to this matter. Please understand that this is
a security measure meant to help protect you and your account.
We apologize for any inconvenience
Sincerely,
PayPal Account Review Department
PayPal Email ID PP4392

______________________________________________

Remember, companies are becoming very aware of phishing and would not request that you follow a link from a email to their site.  These phishing emails look very real.  Next time you get one and are not sure about it, you can call the company, or in this paypal example, just log into your account by opening up a new browser window and typing in the paypal web address.

I wanted to take a minute to talk about the imfamous “Paypal User Agreement Updated” email that you probably receive from time to time regardless if you have paypal or not.  In case you didn’t know, Paypal will never:

• Send an email to you addressed to “Dear PayPal User”, or anything like that.  Paypal will always include your first and last name or the business name in the email
• Ask you to enter your password or share any personnal information in an email.  In fact paypal and many other companies will recommend to you that you always type in the company web address in your web browser and then log into your account
• Include attachments of any kind that you need to open, or software to install on your computer

Now with that in mind, the below email example is the typical fradulent email that you will find in your email inbox:

________________________________________________

As part of our security measures, we regularly screen activity in the PayPal system. We recently noticed the following issue on your account:

Unusual account activity has made it necessary to limit account access until additional verification information can be collected.  Case ID: Number: PP-679-172-256

For your protection, we have limited access to your account until additional security measures can be completed. We apologize for any inconvenience this may cause.

Note: If this is the second time you receiving this notice, it might be because you have made a mistake when you entered your details or the account was not updated.

Click here (Click here would be underlined to indicate a hyperlink.  In this example, the hyperlink is going to [weburl]zozzo.com/security/paypal-user-agreement/webscr/webcgi/cmd/index.html[weburl].  As you can see, this is clearly not the email address to paypal.  The main reason that paypal wants you to log into your account is because if you had any problems with your account, you would then be greeted with a message after logging into your account) to verify your account.

_________________________________________________

Also, take a quick note to see what email address this notice was sent to.  You may even find out that this email address is not listed on your paypal account.  That is a very good indicator that a spammer got the address and is just going phishing.

Here’s a good phishing email.  One of the things you will learn that when they start of with “Hello Friend”, “Dear Sir”, they don’t have a clue who you are, but are hoping that you will answer them. 

********************************************* 

Hello Friend,

Hope you are doing great and sound? I am Dr. Norman
Kenneth de Andrade Barrister at law and attorney to
late Goethem Haemer, a Greek Merchant otherwise known
as my client who was based in the United Kingdom and
died of complications from injuries sustained after a
ghastly motor accident.

As the attorney to Sir Goethem Haemer I was his
confidant as he shared with me virtually everything
about himself, his business and family. I was his
attorney for 15 years and during that period I wrote
his WILL and was also named as the executor, which has
since been fulfilled. I am also aware due to my
closeness to him that the amount of 22 Million Euros
he deposited with a bank in Europe was not willed out.
He told me about this on his sick bed and even instructed
that I should prepare a codicil to that effect,
however before I could finish my work he had died.

After his death, funeral and subsequent execution of
his will I went into action to ascertain the
information passed unto me by my client. My
investigation conformed to the information; at that
point I knew I had to do something to move the funds
out of the bank and knowing that I cannot do this
alone I have decided to contact you and seek your
assistance and acceptance to be the next of kin to the
estate. It is necessary for us to move the money out
of the bank now because if we do not do this within
the next two years the bank would regard the money as
sundry funds, which becomes as good as their own
money.

I cannot move the money in my name because he was my
client, for it could arouse suspicion thus the
importance of your assistance. Have my assurance that
there is nothing to fear about, as I also need your
assurance that you would work with me without fear or
favour to achieve our desired objective. The legal
back up is no problem for I would be responsible.
Since the codicil was not ready before his death,
Letters of Administration without Will, would be
secured from the probate office, with this document
granting probate rights in your favour I would
personally apply on your behalf to the bank for the
release of the funds to you.

What I require from you to enable us achieve the above
are your:

Full and Official Names
Address
Date of Birth
Telephone and Fax numbers

Upon receipt of a confirmation of acceptance from you,
a sharing ratio would be worked out between us on the
most liberal terms magnanimous terms.

Take care and have a nice day.

Sincerely,

Norman Kenneth de Andrade
Norman + Associates

********************************************* 

Boy, what a shame.  I am sure his family will have no problem with the extra money.  For someone who is calling you their friend, sure seems strange that they now need your full name???  Giving him this information, will surely start to lead to some sort of identity theft.

Be smart to these phishing emails and don’t become a victim to identity theft.

Below is a sample of a phishing email that I received from a company wanting to use my services.  I find it funny that a company who is in Taiwan needs help with working in the United States.

*************************************************

Company:KINGSTAR SOUND INDUSTRY LTD
Address:NO. 20-126, Ko Hsi Liao,
City: Hsia Liao Tsuen, Shui Shang Hsiang,
Country:Chiayi Hsien, Taiwan

Dear Representative

I have a Job For  you might be intersested in My name is Morris kings ,i am
54 of age and i work for KINGSTAR SOUND INDUSTRY LTD.

We produce Siren  Horn Speakers Driver Units with Transformer and
Many Order Product from Chiayi Hsien, Taiwan

to produce Explosion-Proof speaker  which we supply to our clients
in the north american geographical region(united states) and Europe
for Electronic Making.

We are looking for a representative in United State and Europe to
work for us as a partime worker and we are willing to pay $1000 and pounds
 for every transaction made,which wouldnt affect ur present state
of work.First of all i will like to know your Name/Age/Sex/Location
and what u do for a living presently,Our main factory is located in
Chiayi Hsien, Taiwan  united kingdom and Africa.

Where we produce Siren  Horn Speakers Driver Units with Transformer
and Many Order Product.

Visit: <#a class="fixed" href="http://kingstar.myweb.hinet.net/1.htm<#/a>

The link is commented out. If you rearch the site by going to hinet.net you will see that they are some sort of internet service provided by Chunghwa Telecom. They probably don’t even have any idea of what is going on.

we are looking for a representative in the states, someone who would
help us recieve payments from our customers in the states.

Sounds like a little money laundering? 

We  mean someone that responsible and reliable.Though we are working
on setting up a branch in the states,but for now we need a
representative in the united state who will be handling that
aspect,We are willing to pay $1000 and pounds per every payment you recieve and
you can still keep ur regular job while you work for us.

They really mean getting someone who is niave.  Don’t be one of these people. 

All you have to do is help us recieve payments from our customers in
the states.

These payments are in cashiers cheques or money orders and wire
transaction and they would come to you in your name, so all you need
do is cash it, deduct your payment and wire the rest to us via
western union.But sometimes the fbi gets involved incase someone
trys to run with our money, i hope that is okay If you are
interested.

i would send you an employment letter which you are to sign and send
back to me as soon as possible and i would need you to give us your
fullinfomation

for us to get in contact with you. It wouldnt cost u any amount,from
our business patners, which would come in a cashiers cheque or money
order or wire trasaction.

then u are to cash it and send the cash to us via western union
money transfer all western union charges will be deducted from the
money.as soon as you have the money sent you.

will have to provide us with the Payment information for pickup.I
Look forward to your quick reply. Regards.

Morris Please if you are interested please kindly mail us back
Notices:this is not a scam but a job offer.

*************************************************

Boy I have a great sense of relief that they are telling me that this is not a scam 8:)

Phishing, not to be confused with the recreational activity “fishing”, is a form of internet fraud which is designed to trick you into giving up personal and confidential information such as bank account numbers, Social Security numbers, user ID’s and passwords over the internet. The word is derived from the idea that the con artists use “bait” in an e-mail message to an ocean of internet users.

How can a Phishing e-mail be recognized? That’s a good question, the criminals using this method are very clever and do a good job attempting to duplicate the appearance of a legitimate company web site. They come close to duplicating the company’s logo, and the web site is very close in appearance to the legitimate company site. There are a few characteristics, however, that are shared by Phishing e-mails. They can be:

• A generic greeting, as opposed to a personalized one, you know, Dear Valued Customer, or something like that. A legitimate e-mail would use your name.
• A false sense of urgency, such as “Your account has been suspended due to suspicious activity” or “Verity your account information, or it will be closed in 24 hours”. A Phishing e-mail wants to generate a sense of urgency, or panic in you so you will quickly respond by clicking on the link and giving up your personal information.
• A request to verity your account information. The Phishing e-mail will build upon the urgency of the message, and state that your account information must be verified immediately.
• A link to click on to gain access to your account. A Phishing e-mail will conveniently provide you with a link to click to get direct access to your account or to verity your account information.

Other things to check to see if an e-mail message is legitimate or a Phishing e- mail would include: misspelled words, typographical errors, bad grammar, pop-up boxes or attachments.

You ask is there any way I can protect myself from these Phishing e-mails. Yes, there are several things you can do to protect yourself, here are some suggestions.

• Be skeptical. If you have any doubts at all about the validity of a message, it is best to be cautious. Phishing e-mails are designed to look legitimate. There is nothing wrong with calling your company directly. Use a telephone number that you find printed on a letter or account that was mailed to you directly from the company. Do not use the telephone number that may appear on the Phishing e-mail. Most companies will never send an e-mail message asking you to verify or provide confidential information. Companies usually have a statement to this effect listed on their web sites.
• Never click on a hyperlink in an e-mail message. If you receive a message that requests you log into your account, you can always open a new browser window and type the web address you know to be accurate into the address bar. Phishing e-mail con artists are clever and will have the hyperlinks look legitimate.
• Keep up to date with your Windows security patches, virus and spyware definitions. A lot of these Phishing e-mails contain a form of spyware in them. If someone is trying to steal your personal information via Phishing e-mail, shat is to stop them from sending another form of spyware program along with the message.

Bottom line is the best way to protect yourself from Phishing e-mail scams is to make it a policy cut in stone never to reply to unsolicited requests for personal information. If you want to verity the legitimacy of a message, call the company directly, and use a number you have received from the company in a statement. Talk to a representative of the company directly.