PDA

View Full Version : Amazon users beware: email scam!



gzhpcu
2006-Apr-10, 04:09 PM
I just got this email:

http://img124.imageshack.us/img124/9464/fraud8zg.jpg

checked the Amazon site and it says:

Amazon Security (http://www.amazon.com/exec/obidos/tg/browse/-/15835501/ref=hp_hp_rs_2_5/102-2744383-2670503)


So be careful! Don't respond. This applies to lots of other similar topics, such as PayPal etc.

Sammy
2006-Apr-10, 04:29 PM
There is one simple practice which will ensure that you will not get "phished.'

NEVER go to a supposedly secure site by clicking on a link embedded in an email. If you need to check, navigate to you account or institution home page by using bookmarks or typing in the addreress.

The Shade
2006-Apr-10, 05:06 PM
Last year, there was one for Ebay. It was a "verification" email. You just cliked the link and were brough to a site where you had to fill out a form conforming your ebay paypal account. The "site" even had an ebay logo/link that actually took you to the actual ebay site, which made it look even more "real".

ToSeek
2006-Apr-10, 05:22 PM
I get a couple of these a week, purportedly from Ebay or Paypal or Chase or some random bank or credit union. As Sammy says, if you think one of these messages is conceivably genuine, go directly to the website by entering the URL yourself - don't use the URL provided in the email (though generally if you do open up the provided URL, a close look will reveal that it's not the right one).

Swift
2006-Apr-10, 06:56 PM
I get them pretty frequently too, though probably a little less than 1 per week. PayPal is probably the most common, though bank ones too. Some of them momentarily get me fooled.

ToSeek
2006-Apr-10, 07:34 PM
I'm bemused by the ones I get for banks I don't even have accounts with. Talk about shots in the dark!

Moose
2006-Apr-10, 08:26 PM
There's a new type of spam "requesting information" on an item you supposedly have up for sale. (These were remarkably easy to detect because I don't actually sell anything on ebay.)

I haven't actually followed a link, wasn't all that curious, but I'm getting the impression it's for an item being offered by the scammer/spammer. And that offer's probably a ripoff too.

ToSeek
2006-Apr-10, 09:20 PM
There's a new type of spam "requesting information" on an item you supposedly have up for sale. (These were remarkably easy to detect because I don't actually sell anything on ebay.)

I haven't actually followed a link, wasn't all that curious, but I'm getting the impression it's for an item being offered by the scammer/spammer. And that offer's probably a ripoff too.

More likely, if you go to the link, it asks you to log in with your EBay account and password, so they get those.

jt-3d
2006-Apr-10, 09:41 PM
I get a couple of these a month and I usually click the link and look the page over. Know thy enemy and all that. The address bar is an image pasted over the real one and it never lines up. It's quite pathetic.
I usually enter a name and password that starts with 'You are a...' or some other form of slander. I'm much too lazy to come up with bogus card numbers and all though but I like to think the name and password stuff gets logged somewhere and they will see it.

Moose
2006-Apr-10, 10:12 PM
More likely, if you go to the link, it asks you to log in with your EBay account and password, so they get those.

ToSeek, JT: Good points. I hadn't thought of that.

Doe, John
2006-Apr-10, 11:31 PM
I get a couple of these a month and I usually click the link and look the page over. Know thy enemy and all that. The address bar is an image pasted over the real one and it never lines up. It's quite pathetic.
I usually enter a name and password that starts with 'You are a...' or some other form of slander. I'm much too lazy to come up with bogus card numbers and all though but I like to think the name and password stuff gets logged somewhere and they will see it.

That's not necessarily a good idea. Some of the more sophisticated scammers will download a trojan from the website when access. Best to just delete the email.

jt-3d
2006-Apr-11, 12:59 AM
Yeah, I know but I have AVG running and I concider it worth it to get to call them names.

zebo-the-fat
2006-Apr-11, 07:16 AM
I got caught by an ebay scam, I clicked on a link in an email, (yes I know it was stupid!), within minutes my account showed hundreds of items for sale in my name. I was "selling" cameras, hi-fi, videos etc. within half an hour it would have cost me over a thousand pounds in charges alone!
I contacted ebay using the link on their website and had a "conversation" on line using a chat room type interface, the ebay operator then phoned me direct to confirm who I was and then managed to get the items removed, he then went through the process of changing passwords and paypal details etc.
The people at ebay were superb, (thanks guys!) but I wonder what would have happened if I hadn't checked my account after clicking the link!

Sticks
2006-Apr-11, 08:16 AM
We recently had a "bill" from O2 mobile sent to the church account. It was frustrating trying to contact O2 as you needed to have an O2 account before contacting them :wall:

When I finally found a number that did not demand I type in my mobile account in, I was informed that it was a scam e-mail and that the link it sent you to put a nasty on your machine.

O2 had to work with the ISPs to get that site taken down.

So do not even click on the phishing links just to see how good it is, the scam writes have now taken into account that some will twig what it is.

Lianachan
2006-Apr-11, 08:42 AM
I always just delete those emails, but another useful tip is to hover your mouse pointer over the URL and check where the link goes - you can see it in the bottom left of IE (presumably other browsers do something similar too).

Try it with this: www.obvious-scam.com (http://www.google.com)

astromark
2006-Apr-11, 08:45 AM
No bank will ever ask you to verify your details by using the link provided. So do not do it.
You can not win a lottery or lotto in a foreign country if you did not buy or enter one.
You are not the only person in the world with your name. You have not got a relative with millions you have never herd of. You will not receive a cent.

The point is. . . Nothing is free. nothing. especially money.

and one more point. If you are approached while using a ATM. Do not let any one help you. If you think they are looking over your shoulder, they probably are. Do not enter your pin. If the part of the machine where your card goes looks wrong, leave.

Sticks
2006-Apr-11, 10:34 AM
Did anyone in the UK catch the PM programme, (a news and current affairs programme), on Monday 10 April on BBC Radio 4, . Apparently the Programme's e-mail address got notification that it had won the lotto in either Norway or the Netherlands.

It was hilarious, especially for thos of us plagued by these e-mails :D

I wonder if they will follow this up :think:

Sammy
2006-Apr-11, 02:25 PM
I got caught by an ebay scam, I clicked on a link in an email, (yes I know it was stupid!), within minutes my account showed hundreds of items for sale in my name. I was "selling" cameras, hi-fi, videos etc. within half an hour it would have cost me over a thousand pounds in charges alone!
I contacted ebay using the link on their website and had a "conversation" on line using a chat room type interface, the ebay operator then phoned me direct to confirm who I was and then managed to get the items removed, he then went through the process of changing passwords and paypal details etc.
The people at ebay were superb, (thanks guys!) but I wonder what would have happened if I hadn't checked my account after clicking the link!

One other hint about eBay. Most of you ar e probably too smart to do this, but when I first set up an eBay account in 1999, I used my email address as my account name. Bad! It became the source of much spam/scam email. I wised up and changed it two years ago, and got a new email address last year when DSL finally became available.

(edited to fix typo)

ktesibios
2006-Apr-11, 02:32 PM
I always just delete those emails, but another useful tip is to hover your mouse pointer over the URL and check where the link goes - you can see it in the bottom left of IE (presumably other browsers do something similar too).

Try it with this: www.obvious-scam.com (http://www.google.com)

The "view source" option on most browsers is also a handy way to find out where a link actually goes. An ASCII code table is a useful thing for this; ripoffs commonly try to obfuscate the address of their phony page by using the numeric ASCII codes, e.g, "&#114&#111&#98&#121&#111&#117&#98&#108&#105&#110&#100&#46&#99&#111&#109" .

The email headers are usually a dead giveaway. If the "From:" field says "perfectlyrespectablefinancialinstitution.com" but the "Received" fields indicate that the email originated at an IP in Lower Slobbovia, it's a scam.

It's worth taking a minute to check the real Web site of the company whose name is being used as phishbait. Companies who are often used in this way, like Ebay, Paypal or Chase, will often have a "report abuse" or "report phishing" link that gives instructions for forwarding the scam email to their security people.

Gillianren
2006-Apr-11, 07:16 PM
I'm bemused by the ones I get for banks I don't even have accounts with. Talk about shots in the dark!

They're all banks I don't have accounts with, largely because there's yet to be a phishing scam for pretty much any credit union, at least that I've seen.

Moose
2006-Apr-11, 07:38 PM
It's even funnier for me, 'cause I get a bunch of Citibank and Chase phishing spams, and those banks don't even operate in Canada. (My address ends in .ca, so you'd think they'd be easy for the spammer to filter out, tip off fewer authorities.)

quickjaguare
2006-Apr-11, 08:01 PM
There is one simple practice which will ensure that you will not get "phished.'

NEVER go to a supposedly secure site by clicking on a link embedded in an email. If you need to check, navigate to you account or institution home page by using bookmarks or typing in the addreress.


no freakin du man if you do that you are sure to get all that frudulent stuff i mean thats a noooo brainer.:wall:

ToSeek
2006-Apr-11, 08:48 PM
They're all banks I don't have accounts with, largely because there's yet to be a phishing scam for pretty much any credit union, at least that I've seen.

There have been a couple pretending to be from the NCUA (the federal agency that insures credit unions), as well as some of the larger credit unions. None I belong to, as yet, though. (I think we currently have accounts at four different credit unions.)

Halcyon Dayz
2006-Apr-12, 12:23 AM
I have been getting e-mails without an actual message.
No text, just the header. From people I don't know.

Threw them all away, but I wonder what that is about. :think:

Doe, John
2006-Apr-12, 12:29 AM
One thing I like about my ISP is that it provides a web-based e-mail service so I can delete any emails I don't trust before downloading them to my computer. Also screens my mail and puts suspect mail in a seperate folder which is automatically cleared every week or so.

ktesibios
2006-Apr-12, 02:15 AM
I have been getting e-mails without an actual message.
No text, just the header. From people I don't know.

Threw them all away, but I wonder what that is about. :think:

My ISP permits each customer to have up to 5 different email addresses. I have two; one of them has never been used to send email to anyone except my primary ISP email and the address has never been posted anywhere on the 'net nor given to anyone (I originally set it up just to test the process and have kept it as a sort of "spare").

It gets as much spam as my primary ISP address. This leads me to suspect that the makers of spamming software and compilers of email lists for spammers are using a sort of "dictionary attack": sending mail to every possible username at a given domain.

Perhaps the blank emails are simply incompetent spammers, and perhaps they're tests- the compiler of a spam list sends out blank emails to a lot of possible usernames; those that don't bounce stay on the list as presumably valid. If the blank emails have a valid return address (this would be a throwaway account) that would support this hypothesis; if they don't it would falsify it. Next time I get one of those emails I'll have to try sending something to the return address from a throwaway account of my own and see if it bounces.

What I find hard to understand is why I find phishing emails in my Hotmail junk mail folder fairly regularly, but have never seen one on one of my ISP accounts. The ISP accounts get plenty of penny-stock-touting, replica-Rolex and "online pharmacy" spams, but never a phish or similar fraud.

gzhpcu
2006-Apr-12, 03:14 PM
Also an easy way I find whenever a questionable email shows up which might be a scam is to just to enter the message text header into Google and you will promptly find out. Helped me with an eBay scam I got today concerning "Upaid items". Found out to forward the scam email to spoof@ebay.com for investigation. They immediately confirmed that the email was not from eBay and would be investigated.