One of the recent scams appears to be an HTML email message sent from CitiBank customer service to its “C2IT” account users. The fraudulent email has the title "Your account is on hold", and the body of the email states: "C2IT is currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and placed on Hold status. Protecting the security of your c2it account is our primary concern, and we apologize for any inconvenience this may cause. To restore your account to its regular status, you must confirm your email address by logging in to your c2it account using the form." The email asks the victim to fill out the linked form with his username, password, credit card numbers, social security number, date of birth, and mother’s maiden name. The request appears to be authentic, including CitiBank logos, but the email is in reality a scam, possibly intended to defraud the victim.
Another somewhat similar email scam started appearing in mid-April, and pretends to be from First Union Bank, with an address of bankaccount@firstunion.com. This email tells the victim that the bank needs to replace the users’ online banking user name and password. The email directs the victim to a website where he is asked to reenter his username and password. The website is not a First Union website, and it is possible that the scammer is attempting to harvest this information for fraudulent purposes. Accessing the listed website is hazardous in itself, even if no information is entered, as the website also installs a backdoor Trojan on the victim’s computer. The Trojan commonly referred to as the AMQ Trojan gives the scammer the ability to take control of the victim’s machine. With the Trojan installed, the scammer can freely access any information on the machine, stopping programs such as antivirus and firewall software, delete or modify files, steal usernames and passwords, and may create additional threats.
Still another similar scam email appeared in mid-May, apparently from Bank of America, with a title of “Security Server Update", and using an email address of (sic) custommersupport@bankofamerica.com. What quickly gives this email away as a scam or a fraud is the poor grammar and spelling in the email. The body of the message includes graphics copied from the BOA’s website, and reads: “Dear Valued Customer, Our new security system will help you to avoid frequently fraud transactions and to keep your deposited funds in safety. Due to technical update we recommend you to reactivate your account. Click on the link below to login and begin using your updated Bank of America account. To log into your account, please visit the Bank of America website at: https://www.bankofamerica.com/index.html. To review your statement, log into your Bank of America account and click the eStatements & eNotices button in the left navigation of your Account Summary page. Your new statement is listed in the left navigation of the page." Shortly after its discovery, the website listed was disabled by its ISP.
Also in May, many users of Ebay’s PayPal service received an authentic looking email supposedly from PayPal, with an address of paysecurity@paypal.com. The body of the message appeared to be a PayPal form, with the text “Dear PayPal Customer; This email is the notification of recent innovations taken by PayPal to detect inactive customers and non-functioning mailboxes. The inactive customers are subject to restriction and removal in the next 3 months. Please confirm your email address and credit card info number by logging in to your PayPal account by using the form below.” The scam asks the user to enter his email address, password, name, billing address, credit card number, expiration date, and PIN number. Rather then the information being sent to PayPal, which has repeatedly stated that it (the real PayPal) never asks for information via email, the information went to a British website, which was quickly shut down by authorities. It should be noted that with this information, a perpetrator could potentially empty the victim’s checking account, or charge the victim’s credit card to its limit.
The companies whose names were illicitly used to ensnare victims, all promptly notified the appropriate authorities, which are investigating these scams. All have repeatedly stated that they will never ask for personal information by email. It is good surfing practice never to respond to an email asking for sensitive data, even if it appears to be from a company where there has been a business relationship in the past.
A virus author is now using a similar illicit tactic. One of the newer prolific viruses, concealed in emails apparently sent by Microsoft, with a microsoft.com email address, can cause a lot of damage. Microsoft has repeatedly stated that they will never send unsolicited updates or patches to users by email.
As has been said her many times in past columns, there is no substitute for common sense when surfing, along with the use of updated antivirus software.
For more information on the Tulsa Computer Society click here