Phishing, Carding, and Spoofing Scams

Scams where people pose as banks or businesses to steal your personal information.

Strange eBay Spoof

This spoof, hosted on the server for Concordia University in Irvine, Southern California, sent you to an eBay look-alike page, but did not accept fake usernames … maybe it checks the validity of the username on the real eBay?

More PayPal, Amazon, eBay, and Bank Phishing

HEre are more examples of phishing, where fake emails pretend to be banks or PayPal to get all your login, credit card, and bank information …

Especially Clever Phishing

The email stuck out like a sore thumb, but somehow I gravitated toward seeing if the scam site was still up.

Dear PayPal Member,

PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

Recently, our Account Review Team identified some unusual activity in your account. In accordance with PayPal’s User Agreement and to ensure that your account has not been compromised, access to your account was flagged. Your account will remain flagged until this issue has been resolved. This is a fraud prevention measure meant to ensure that your account is not compromised.

In order to secure your account and quickly restore full access, we may require some specific information from you for the following reason:

Our system requires further account verification.

Case ID Number: PP-056-245-481 We encourage you to log in and restore full access as soon as possible. Should your account remain flagged for an extended period of time, it may result in further limitations on the use of your account or may result in eventual account closure.

————————————————————-

Please click on the link below to log in and restore full access to your account.

Click here to activate your account
————————————————————-

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience.

Sincerely,

PayPal Account Review Department

PayPal Email ID PP562

When I went to the site, I noticed the status bar showed a non-PayPal site as expected after an auto-forward, but look at the address line …

Identity Theft

This was sent to me by my primary attorney in an email, passed along through cyberspace, but helpful information regardless of source:

—————————–

ATTORNEY'S ADVICE — NO CHARGE

Read this and make a copy for your files in case you need to refer to it someday. Maybe we should all take some of his advice! A corporate attorney sent the following out to the employees in his company.

1. The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks.

2. Do not sign the back of your credit cards. Instead, put “PHOTO ID REQUIRED”.

3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the “For” line. Instead, just put the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.

4. Put your work phone # on your checks instead of your home phone. If you have a PO Box, use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. (DUH!) You can add it if it is necessary. But if you have it printed, anyone can get it.

5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. We've all heard horror stories about fraud that's committed on us in stealing a name, address, Social Security number, credit cards.

Unfortunately, I, an attorney, have firsthand knowledge because my wallet was stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from DMV to change my driving record information online, and more. But here's some critical information to limit the damage in case this happens to you or someone you know:

1. We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them.

2. File a police report immediately in the jurisdiction where your credit cards, etc., were stolen. This proves to credit providers you were diligent, and this is a first step toward an investigation (if there ever is one).

But here's what is perhaps most important of all: (I never even thought to do this.)

3. Call the 3 national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. I had never heard of doing that until advised by a bank that called to tell me an application for credit was made over the Internet in my name. The alert means any company that checks your credit knows your information was stolen, and they have to contact you by phone to authorize new credit.

By the time I was advised to do this, almost two weeks after the theft, all the damage had been done. There are records of all the credit checks initiated by the thieves' purchases, none of which I knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw my wallet away This weekend (someone turned it in). It seems to have stopped them dead in their tracks.

Now, here are the numbers you always need to contact about your wallet, etc., has been stolen:

1.) Equifax: 1-800-525-6285

2.) Experian (formerly TRW): 1-888-397-3742

3.) Trans Union: 1-800-680-7289

4.) Social Security Administration (fraud line): 1-800-269-0271

Phishing, Carding, and Spoofing Scams

All about Phishing (also known as Carding and Spoofing) …

Phishing For Suckers: Don’t let your customers fall for the latest in e-mail scams
VarBusiness, January 2004

Identity Theft Scam Examples

ONLY IN SCAMS does an email ask you to confirm account information for a bank or other account. Pretending to link to eBay or Citibank or wherever and having fake look-alike pages (that are sometimes pretty damn convincing) should always raise a flag.

If a legitamate company wants you to review your information, they will SHOW YOU your “current” information, proving they already have it, and will only ask you to log in the usual way at the site you usually go to. NO EXCEPTIONS.

Don't believe me? Next time you get such an email, put in a fake account username, password whatever, and it wont even notice …