PC-Armor Computer Security News Blog

Notification, Lottery Winner, Response Needed, My Wish….

We get many email scams each week and the title of this blog has some of the more common subject titles for these types of emails.  Additionally, some other email “subjects” that should raise red flags include:

• Security Alert from the board of trustee
• RE: Hello
• I AM WAITING TO HEAR FROM YOU SOONEXT
• RE: CHANGE OF YOUR BANK A/C DETAILS/ REPLY ASAP!
• CONTACT MY SECREATARY
• FROM THE DESK MR MUHAMMED OMAR
• Strictly Confidential
• Your Winnings
• CONTACT ME URGENTLY
• From: Central Bank ATM CARD
• Dear e-mail owner
• RELEASE OF YOUR FUND VALUED 8.3M DOLLARS
• Your Payment
• CONTACT MR WILL FREEMAN
• IMMEDIATE DELIVARY OF YOUR FUNDS

These are just a handful of the many, many different email subjects lines associated with scams that have one purpose…to steal someone’s money and/or identity.  If you have ever read these types of scam emails, you have may noticed that many of them ask for the following types of information:

1) YOUR FULL NAME:
2) FULL ADDRESS OF YOUR CITY, STATE AND COUNTRY:
3) PHONE, FAX AND MOBILE:
4) COMPANY NAME, POSITION AND ADDRESS:
5) BANK INFORMATIONS:
a) BANK NAME:
b) BANK ADRESS:
c) ACCOUNT NUMBER:
d) SWIFT CODE/
e) ROUTING NUMBER:
6) PROFESSION,AGE AND MARITAL STATUS:
7) A COPY OF YOUR INT’L PASSPORT/DRIVERS LICENSE

As people become more savvy, the scammers have to come up with new ways to trick their victims; well, here is a new scam we received.  As you will see, it doesn’t follow the typical promise stating that someone left you millions of dollars or you just won a lottery somewhere; instead, the scammers are using a new angle, stating that FedEx has a package waiting for you and all you have to do is complete a form to receive the package.  Here is the scam:

From:     Add Contact
FedEx Online Management Team
“FedEx Online Management Team” <fedex012@msn.com>
Subject:     NOTIFICATION

Customer Service:Dear Customer,We have been waiting for you to contact us for your Package that is been registered with us for shipping to your residential location. We had thought that your sender gave you our contact details. It may interest you to know that a letter is also added to your package. However, we cannot quote it’s content to you via email for privacy reasons. We understand that the content of your package itself is a Bank Draft worth of $900,000.00 USD. As you know, FedEx do not ship money in CASH or in CHEQUES but Bank Drafts are shippable. The package is registered with us for mailing by your colleague as claimed, and your colleague explained that he is from the United States but he is here in Vietnam for a three(3) month Survey Project as he works with a construction firm in Vietnam Asia. We are sending you this email because your package is been registered on a Special Order. What you have to do now, is to contact our Delivery Department for immediate dispatchment of your package to your residencial address. Note that as soon as our Delivery Team confirms your informations, it will take only one working day (24Hrs) for your package to arrive it designated destination.For your information, the VAT & Shipping charges as well as Insurance fees have been paid by your colleague before your package was registered.Note that the payment that is made on the Insurance, Premium & Clearance Certificates, are to certify that the Bank Draft is not a Drug Affiliated Fund (DAF) neither is it funds to sponsor Terrorism in your country.

This will help you avoid any form of query from the Monetary Authority of your country. However, you will have to pay a sum of £100 which is equivalent to $199.432 USD to the FedEx Delivery Department being full payment for the Security Keeping Fee of the FedEx company as stated in our privacy terms & condition page. Also be informed that your colleague wished to pay for the Security Keeping charges, but we do not accept such payments considering the fact that all items & packages that is registered with us have a time limitation and we cannot accept payment without knowing when you will be picking up the package or even respond to us. So we cannot take the risk to have accepted such a payment incase of any possible demurrage. Kindly note that your colleague did not leave us with any further information. We hope that you respond to us as soon as possible because if you fail to respond until the expiry date of the foremost package, we may refer the package to the British Commission for Welfare as the package do not have a return address. Kindly contact the delivery department (FedEx Delivery Post) with the details given below:Contact Person: Mr. Chu Van Duong.Email: fedexdeliveriesvn@yahoo.com.vn
Kindly complete the below form and send it to the email address given above. This is mandatory to reconfirm your Postal address and telephone numbers.FULL NAMES:TELEPHONE:POSTAL ADDRESS:CITY:STATE:COUNTRY:As soon as your details are received, our delivery team will give you the neccessary payment procedure so that you can effect the payment for the Security Keeping Fees. As soon as they confirm your payment of £100 GBP which is equivalent to $199.432 USD, they shall immediately dispatch your package to the designated address. It usually takes 24 hours being an over night delivery service. Note that we were not instructed to email you,but due to the high priority of your package we had to inform you as your sender did not leave us with his phone number because he stated that he just arrived England and he wasnt on phone yet. We indeed personally sealed your Bank Draft and we found your email contact in the attached letter as the recipient of the foremost package. Ensure to contact the delivery department with the email addressand ensure to fill the above form as well to enable successful reconfirmation.All responses must be forwarded to: fedexdeliveriesvn@yahoo.com.vnYours Faithfully,Mrs. Margaret Blaire.FedEx Online Management Team.All rights reserved. © 1995-2008 FedEx.

Scammers rely on human greed to get some poor soul to take their bait.  If you think about this particular email…how many times has FedEx sent you an email requesting that you complete an online form to receive a package?  I would be will to bet the answer is “NEVER!”.  Also, check out the horrible grammar; how long would FedEx be in business if they sent such poorly written correspondence?

The point here is simple…any time you receive an unsolicited email and the sender is requesting information from you; delete it!  It’s evil!

Nigerian Scam

Greetings,

While checking the Email for “info@pc-armor.com” today, I came across what appears to be a Nigerian Scam.  Before I show you the body of the Email, I would like to quote a warning by the FTC that is posted on their website at:

http://www.ftc.gov/bcp/conline/pubs/alerts/nigeralrt.shtm

 “If you’re tempted to respond to an offer, the FTC suggests you stop and ask yourself two important questions: Why would a perfect stranger pick you — also a perfect stranger — to share a fortune with, and why would you share your personal or business information, including your bank account numbers or your company letterhead, with someone you don’t know? And the U.S. Department of State cautions against traveling to the destination mentioned in the letters. According to State Department reports, people who have responded to these “advance-fee” solicitations have been beaten, subjected to threats and extortion, and in some cases, murdered.

If you receive an offer via email from someone claiming to need your help getting money out of Nigeria — or any other country, for that matter — forward it to the FTC at spam@uce.gov.

If you have lost money to one of these schemes, call your local Secret Service field office. Local field offices are listed in the Blue Pages of your telephone directory.”

Or course, the FTC site has more information about such scams, but I wanted you to see the important questions to ask yourself and what to do if you receive anything like the following example, which would be to forward the entire email to “spam@uce.gov” and then delete the message.  Now, let’s see what the body of one of these emails might look like…

Dear friend,

I know this will come to you as a surprise because you dont know me. I am (named removed for your protection) I work in the Citibank International Plc as the Head Of the Packaging and Courrier service Dept. During the air-lift of some Royal Luggages to Middle east, I decided to include additional Luggages Containing $15M(Fiftheen Million US Dollars)Only for my own Benefit though it was Labelled Security “Equipment” for security reasons.

I am Obliged to contact you to assist me in getting this luggage cleared and delivered to you from the agent as I have agreed on the Following terms.
1) Relevant Documents to claim this luggage will be procured in your name to enable the agent clear and deliver it to your mailing address.
2) That you will be entitled to a share of 30% of the total Money.
3) That 10% of the total money will be set aside for any expenses.
4) That 60% of the money will be for me.

If this business Transaction/Terms is ok by you, do Furnish me with your full names,Mailing Address,Your Personal Telephone/Fax Numbers for Communication and Onward Transfer to the agent in Middle East. You can reach me at my private email address: (Email address removed for your protection)

Note that this Business Transaction is 100% risk free as all relevant documents to back up the claim of the luggage will be provide for you hence we advice you to keep the entire transaction close to yourself until you must have received the luggage,for security reasons.Other modalities will be discussed as soon as you get back to me. Use this code when replying: (Secret Code Removed for your protection)/CitiBank.

Yours Faithfully,
(named removed for your protection)
Courier Dept(Citibank Plc).
+(Probably a Fraudulent Telephone Number, Removed for your protection)

Not only does the Email ask for personal information, it has numerous spelling and grammatical errors; which are dead giveaways to fraudulent scams!  It is important to understand that NO LEGITIMATE BUSINESS WILL EVER ASK YOU TO DIVULGE ANY OF YOUR PERSONAL INFORMATION IN AN UNSOLICITED MANNER, and that includes Email, Regular Mail, by Telephone, or in person.  As long as you can remember that very simple concept, you will avoid becoming a victim of such scams, because you didn’t take the bait!  The best thing you can do if you ever receive scams such as this, would be to forward the entire email to “spam@uce.gov“, as well as the investigative department of the company the email is imitating.

Common Sense will go a long way in protecting your financial security and personal identity.

PC-Armor.com

Identify Phishing Sites

F-Secure.com has an informative article on their Blog from September 17, 2007 about identifying Phishing Sites that is worth reading.  You will find it at:

http://www.f-secure.com/weblog/archives/archive-092007.html#00001278

What’s nice about the article, which by the way, doesn’t have much text, but if you look at their comments and each screenshot for which the comment was intended; you will see the methodology they use to ultimately find a list of Phishing sites.

Check it out.

You Might want to think Twice before playing Online Poker…

F-Secure.com posted a blog today titled, “Trojans, Online Poker and Terrorism” and for those of you who enjoy playing online poker games; you may just want to read this article.  You can find it at: http://www.f-secure.com/weblog/

In a nutshell, the article points out that not only are you at risk from being infected by Trojans and other types of malware…you could be inadvertently funding terrorism if your identity has been stolen because of these infections.

Check it out, it’s worth reading.

“You’ve Been Approved…”

It’s amazing how many e-mails I receive each week telling me I’ve been approved for a loan! I of course, know better than to take the bait; but how many people do?

As I was discussing these e-mails with a good friend, who has been in the real estate lending business for over 30 years, he told me there was only one thing wrong with these e-mails. When I asked him what that was, he said, “lenders typically do not put approvals in writing”. Naturally, I asked why and he remarked, “because there are too many things that can come up and they usually do not want to commit in writing and later find out something surfaced that would have changed the approval.”

So for those of you who may have a legitimate loan in process and receive an e-mail stating you have been approved…you might want to think very carefully before opening the e-mail and definitely, DO NO CLICK ON ANY LINKS WITHIN THE E-MAIL!

Amazon Phishing Scam

Here is a new phishing scam…this time, the attackers are fraudulently scamming “Amazon.com”. For your reference, you will find a copy of the e-mail with footnotes and references at the bottom of the sample.

From: Amazon.com Security- Center.

Sent: Tuesday, May 29, 2007 9:33 AM

Subject: “Amazon.com”: Possibile[1] Account Theft !

Dear Customer,

-Due to recent account takeovers and unauthorized listings, Amazon.com is requesting a new account verification procedure. From time to time, randomly selected accounts (seller and/or buyer)are placed under an advanced updating process based on merchant accounts/bank relationsand[2] on-file credit cards. Amazon.com may also request in an email message scanned/faxed copies of one or more photo ID’s. Your account confirmation may go wrong if your credit card/bank account has expired, or if you have changed/replaced your credit card without letting us know about the change.

-Your account is not suspended, but if in 36 hours after you receive this message your account is not confirmed we reserve the right to terminate your Amazon subscription.

-If you received this notice and you are not an authorized Amazon account holder, please be aware that it is in violation of Amazon policy

to represent oneself as an Amazon user. Such action may also be in violation of local, national, and/or international law.

To confirm your identity with us please click here[3]

-We apologize in advance for any inconvenience this may cause you and we would like to thank you for your cooperation as we review this matter.

Respectfully,

Amazon.com, Inc.

Copyright 2007 Amazon.com, Inc. All rights reserved.

Amazon sent this e-mail to you because your Notification Preferences

indicate that you want to receive information about Special Events &

Promotions.[4]Amazon will request personal data (password, credit card/bank

numbers) only on our home site, wich[5] is securely incrypted[6] with SLL.

Now that you have seen a sample of the phishing scam, here is a break down of red flags within the e-mail:

[1] Spelling Error: Should be “Possible”

[2] Grammatical Errors: There is no space between “relations” & “and”

[3] If someone clicks this link, it will not take them to “Amazon.com”; instead, it will take them to http://www.amazon.com.somewhere.com/security.html.” I substituted “somewhere” for the actual address for your protection.  As you can see, the link points to “somewhere.com“, instead of “Amazon.com“.  A common ploy is to trick the user into thinking the link is legitimate by inserting the scammed domain name (www.amazon.com) ahead of the actual domain name (somewhere.com).

[4] There is no space after the period; technically, there should be two spaces after each period.

[5] Spelling Errors: Should be “which”

[6] Spelling error: Should be “encrypted”

Finally, Amazon.com explicitly states on their website that, “Amazon will never ask for…requests to verify or confirm your account information”. You will find this policy at:

http://www.amazon.com/gp/help/customer/display.html?nodeId=15835501

Whenever you receive any e-mail asking you to verify your account information from anyone, investigate the policy of the business that “apparently” sent the request. As with Amazon, most legitimate companies will have similar policies.

Protecting Consumer Information is Gaining New Attention

On February 9, the SANS NewsBites, Vol. 9, Num. 12, had a report titled, “Senators Introduce (Better) Data Privacy and Security Act” that discusses new legislation to protect citizen’s personal information.  This new legislation, introduced by US Senators Patrick Leahy and Bernie Sanders, would greatly increase the penalties imposed against perpetrators of identity theft and would require all entities storing personal data to disclose all data security breaches to the FBI and Secret Service within 14 days of the occurrence. 

Considering how long it took the TJX company to disclose their data breach that could potentially affect thousands of consumers, this is a step in the right direction.

You can read the article at:

http://www.sans.org/newsletters/newsbites/newsbites.php?vol=9&issue=12&portal=9ab53bf0d2f8003fabef03ba139f13c3

Read the “Opt Out” Notices from your Banks and Other Financial Institutions

Last night, CNN Special Investigations aired a very informative special report, “How to Rob a Bank”.  This report showed some very good examples of how consumers and businesses were victimized by Identity Theft and some protective measures everyone can and should implement to safeguard their personal information.  Continue reading Read the “Opt Out” Notices from your Banks and Other Financial Institutions…

Rising costs from Identity Theft may Ultimately hit the Victims in the Pocketbook Harder than ever before!

The latest SANS NewsBites article, Vol. 9 Num. 7, discusses how losses to banks arising from incidents related to identity theft are growing at an alarming rate of 400% per year and if this trend continues, the financial burden could ultimately fall on the shoulders of the victim.  This article can be found at http://www.sans.org/newsletters/?ref=1701#newsbites

The article also points out how important end-user education is to ward off potential threats in the work place.  We encourage you to read this informative newsletter, because it discusses some possibilities that may not be too far down the road.

Banks are Stepping up their Efforts of Protecting Your Identity

This evening, our local news had a piece of how banks are now doing away with requesting social security numbers as a means of identifying their customers and leaning towards inquiring with “unusual” questions to help ensure the person making charges on credit card accounts from their institution is the owner of those accounts.  Continue reading Banks are Stepping up their Efforts of Protecting Your Identity…