This is an update to my earlier article "Bogus E-mail Warning Messages" that is available at http://blog.eogn.com/eastmans_online_genealogy/2008/12/bogus-e-mail-wa.html.
I found the following e-mail message in my "spam folder" today. First of all, I never heard of CommonWealth Bank and do not know where they are located. I am certain that I do not have an account there. Next, the message starts of with a greeting of "Dear customer" while I would have expected it to say "Dear Richard Eastman" or "Dear Mr. Eastman."
Finally, clicking on the link that is labeled "click here" took me to a web site that is NOT a part of Commonwealth Bank. It took me to a web address ending in ".ua" which means that the site is registered in the Ukraine although it might be physically located someplace else.
I also noticed there is no space between the period and "In order" and no space after "remain active" and no capital letter at the beginning of the sentence "please use the link bellow and verify your information." The word "bellow" was mis-spelled with an extra "L" in it. That's not proof of a scam but it made me suspicious. Banks usually have multiple employees carefully proofread their messages to customers before sending the messages. A missing space or improper punctuation or any mis-spellings is a sign of sloppy work.
Here is the message I received:
CommonWealth Bank
Dear customer,
Please note that your NetBank online banking account is about to expire.In order for it to remain active,please use the link bellow and verify your information.
Click here.
Thank you.
---[End of copy-and paste]---
If you receive any similar sort of message claiming to be from ANY bank or credit union or PayPal, immediately click on DELETE. It is bogus. The return address has been forged.
If you use a Windows system, I wouldn't even click on the link as the scammer site might download a virus or other malware to your system as soon as you arrive at the page. I used a Linux system which is much lower risk from viruses but certainly is still not 100% safe.
Well, Dick, I believe this one is a scam. Otherwise, some nice folk has started a nice checking account for you and I. Since I know it wasn't me who opened my account, and you don't recall opening yours, I with you that it looks scammy.
I just deleted mine alone with the three offers I got to be a part of someone's inheritance if I'd just cash a check for them in the US. I figure if they are going to be that rich, let them fly to the US and cash their own check. ;)
Thanks for making us aware of these. I have gotten several in the last few weeks from different banks.
Posted by: Teresa | December 16, 2008 at 09:48 PM
Well, the crooks have taken it to the next level....Forget the email spam but when I try to sign into my PayPal account (from ANY computer I get the foillowing message:
"Security Measures Help with this page
--------------------------------------------------------------------------------
We are currently performing regular maintenance of our security measures. Your account has been randomly selected for this maintenance, and you will now be taken through a series of identity verification pages.
Protecting the security of your PayPal account is our primary concern, and we apologize for any inconvenience this may cause.
Credit Card Information
Credit Card:
MasterCard (expires xxxxx, ends in XXxx) American Express (expires 12/2008, ends in XXxx)
Full Card Number:
Bank Account Information
Bank Account:
xxxxx (Checking) ends in XXxx
Full Account Number:"
(Note I have deleted with lover case "x" numbers that actually appeared in the response)
Thus it appears that these crooks have been able to capture my sign-in to PayPal (more sophisticated than a random e-mail) and hope that I will feed them my ID info. Using my business account I have made PayPal aware but no response to my message of 48 hours ago.
Bottom line....open no email when you can't identify the sender and send it to your spam/trash directory, use a good spyware program to cut down on even seeing these spams (IoBit.com's free program is good (and no I have Zero relationship with them...I even paid for the "Pro" version), and when in doubt say "NO", and be sure you have an automatic back-up program (Mozy.com has a good FREE program).
I only wish I was a better follower than an advisor as I have spent too may hours trying to re-create data, and I am just a home user that finally learned to follow my own recommendations.
(And of course keep reading, and tell your friends about Dick's newsletter (of which the paid version is cheap at twice the price, so I paid for it).
Posted by: Mike | December 17, 2008 at 02:56 AM
TOO, TOO FUNNY...........I tried to post a message about how to avoid spam/id theft and your software marked my comments as potential spam......
All good deeds have their punishment.... :-)
Talk about preaching to the choir.......... :-)
Posted by: Mike | December 17, 2008 at 03:03 AM
Dick, just for the record the "Commonwealth Bank" is one of the big four banks in Australia, originally owned by the government but privatised many years ago. I guess this make us for all the ones I get for the Bank of Canada and other North American banks.
It is certainly a scam but unfortunately people do get tricked by them, a small percentage of a large population of scam emails still makes it worth their while.
I once responded with bogus names and information to one of these and got lots of Bank of Canada messages as a result :-) I just let my mail filter program delete these and other spam these days.
Posted by: Graeme Simpson | December 17, 2008 at 05:16 AM
Hi Dick - this is a scam using the Australian Commonwealth Banking Corporation's naming conventions... we, in Australia, have been experiencing a very high proportion of Russian, Ukrainian and Nigerian scams using our national Banks' logos.
You are quite correct - there are misspellings and suspicious webpages and email links within these types of messages. I double check the veracity of the data by hovering my mouse cursor over the suspect links.
Australian banks regularly issue warnings of spammers and scammers using what looks to be actual bank information. The banks also regularly issue statements that the Australian Banks will not be sending out emails of any type. The preferred method of contact is via telephone.
Hope this helps you!
Megan in Sydney
Posted by: Megan | December 17, 2008 at 05:18 AM
I'm real fortunate that my security system allows me to select the top level email address codes (nationality where a message originates) that I don't want to receive. Let me see, do I have any reason for anyone to be sending me anything from the Ukraine? No, well let me check that one; and so on until only those countries where I get e-mail from will be allowed to pass.
Next, If I get one from a suspicious address I first block the sender, then block the entire domain, unless it is from some unsuspecting provider like msn, yahoo, etc. In that case I notify them of the abuse. That is done by sending the message (complete with headers) to abuse@whateverdomain.etc;
And, if it is trying to mimic one of my accounts I let them know immediately. They will ask to send the same thing the networks ask for - the message with headers.
In Windows you can forword a message withnout opening it. I don't know about the others.
I know these procedures take a little time but it does stop a lot of the junk from geting through.
Recently I had one that simply said "National Bank". Now I deal with two National Banks. So, I checked the return address and it wasn't for either of my banks. I sent an inquiry, addressed to both banks, asking if they sent the message. Each denied it was theirs. So it was junked and blocked.
But the banks did take further action to help protect their customers. The replies (and further automatic mailings) now have the name of the bank (i.e. First National Bank of Chicago) in the from field. The irony was that they both did it and they are no where near each other. My other two banks have also begun doing the same thing. Another thing the legitimate banks have been doing is to add the last four of the account number to the message (Your checking account ending in 1234.)
Posted by: Gerald Eberwein | December 17, 2008 at 08:39 AM
Dick, when I receive messages like this, I take a step more. My server has a link that allows me to view the source of the message, as I imagine most servers do. I open that and cut and paste the source information into an outgoing message and send it to abuse@whatever the real site would be (i.e. Commonwealth Bank, PayPal). You can get their contact address from the real entity's website usually. This allows their legitimate staff members to handle the abuse from their end.
Posted by: Joy Weaver | December 17, 2008 at 09:05 AM
With both eBay and PayPal, forward the questionable message to Spoof@ebay.com (or spoof@paypal.com)). That sends it to their security teams who will respond to you AND follow up on the message.
Posted by: Dennis | December 17, 2008 at 10:20 AM
If you receive a phishing message that is supposed to come from Pay Pal or eBay immediately forward the entire message to either "spoof at paypal dot com" or "spoof at ebay dot com" whichever one is appropriate. eBay/Pay Pal are very serious about shutting down people that use these tactics and work hard to get them shut down.
Posted by: Billie Walsh | December 17, 2008 at 11:11 AM
I noticed that I have started to receive mostly blank messages that tell me if I am having trouble reading the message to click on the link that's there. I don't think so.
Posted by: Bobbi | December 17, 2008 at 01:39 PM
That email that you recieved is a scam! I used to recieve these all the time at my old genealogy email address because I had put my genealogy email all over the web! I was receiving so much spam, that I finally just deleted the account and created a new genealogy address.
One of the things that will cut down on getting the spam is to post your email address as SoandSo AT blahblah DOT com. That way, people still understand your email address but spammers with special computers made to search you out, won't be able to find you.
Also - make sure you have good spam protection and NEVER click on a link if you don't recognize the sender. Never believe anyone offering to give you millions of dollars for giving them your social security number and bank account number.
Bottom line: If it sounds too good to be true, if you can't remember every making the account, and if the company asks you a security question that you didn't pick, then don't answer it. Don't respond. Just put it in your spam folder, block it, and if possible, report it to the email provider (hotmail, gmail, aol, yahoo, etc).
Posted by: Elyse | December 17, 2008 at 07:07 PM
I have received lots of similar mails recently supposedly from the following:
NatWest Bank
Halifax Bank
Abbey
Lloyds
Barclays
all scams and obviously deleted.
Posted by: Sandra J Smith | December 17, 2008 at 08:29 PM
Dick,
As someone else remarked, glad to see the other side of the Pacific gets ones related to our banks, as a balance for the bogus North American & UK bank messages we get.
But I am posting this because about an hour after reading your article I received what looks like a new form of scam, at least in my experience.
I received a phone call on my home phone from someone telling me he was from a Microsoft subsidiary called "support on click" (at least I think it was, the line was poor so I had difficulty understanding him). He advised they had a report my computer was running slowly and his job was to fix this, so he wanted me to start up my computer. He told me he was located in Sydney & gave me the return number for his company, but I don't think the first digits are a type allocated in Australia (012), I will check to-morrow. The call came at 6:15pm, ie after most businesses & all regulatory bodies were closed. I have checked with Microsoft, who advise they don't make such calls (how surprising!!). Also, I very rarely give my home phone number out over the Internet, except to personal acquaintances.
I hung up at that point, but I surmise if I had started my computer he would have asked me to start a remote maintenance session which would give him administrator access to my system, & possibly he would get me to do something that started this session without my realising what I was doing. I suspect he would then load a keystroke logger that would record the passwords etc next time I accessed my bank, & send them to him. This is just my assumptions, but it is a new scam to me.
Posted by: Cedric | December 18, 2008 at 09:23 AM
I use Kaspersky Anti Virus and it puts all these messages into spam.
Posted by: Donald Boyle | December 19, 2008 at 10:31 AM