OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 1, No. 9.
September 8, 2004
Major threat this month: Phishing attacks that seem to come from
Citibank, Paypal, Citizens Bank and US Bank
Phishing attacks have been doubling every month. In a phishing attack,
the thieves pretend to be sending you to a reputable site like Citibank
and ask for your private data, so they can steal your money or your
identity. Recent research reports that one in twenty people are fooled
by these types of attacks, which is why the thieves keep at it.
One of
our goals is to make sure you don't get caught in the scams.
Also this month, graphical spam is increasing. Spammers send you a
picture of the offer instead of the text of the offer, so that your
company or internet provider's spam blockers are powerless to stop
them
even if they use very bad language.
The attacks discussed here are the tip of the iceberg.
To be safe:
1. DON'T open email attachments from anyone unless you
know the
sender and you were expecting
the attachment.
2. DON'T click on links in emails or web sites unless
you can
guarantee the email came from
someone who is not trying to fool
you and that the web site is actually
the site you think it is.
3. DON'T disclose private information unless you initiated
the need
to do so.
************************
What To Avoid This Month
I. Emails from people trying to get you to divulge private details.
These are often trying to steal your identity (and your money)
I.1 Maintenance Update (from Citibank)
I.2 PayPal account limited
I.3 Citizens Bank Fraud Verification Process
I.4 Citibank with various subjects and possibly a time
stamp
I.5 Attn: Citibank Update
I.6 "notice: US Bank"
II. Opening attachments that have interesting subjects and provocative
text in the body of the email. Several viruses (Beagle, MyDoom,
Netsky)
are still spreading rapidly because they fool you into thinking they
come from a friend and have data you want to see. Remember: do not
open
unexpected attachments without checking with the sender to be sure
the
attachment is safe. If you break this rule, you will hurt a lot of
other
people - people you know - because your infected computer will send
viruses to people in your address book.
******************************
More Details About The Phishing Attacks
I. Emails from people trying to steal your identity (and your money)
I.1 Maintenance Update (from Citibank)
The bait:
An email that looks as if it comes from Citibank
saying the
company "could not verify your current information,"
and
asking you to update it.
What it tries to make you do:
Click on a link and tell them your credit Card information,
social security number, date of birth and mother's
maiden name.
Where you can see how it actually appears:
I.2 PayPal account limited
The bait:
An email that looks as if it comes from PayPal and
says,
"We suspect that your PayPal account may have been
accessed by an
unauthorized third party."
What it tries to make you do:
Click on a link and tell them your email and your
PayPal password.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/09-01-04_Paypal_(PayPal_account_Limited).html
I.3 Citizens Bank Fraud Verification Process
The bait:
An email that looks as if it comes from Citizens
Bank saying they
suspect your account may have been accessed by an
unauthorized
third party.
What it tries to make you do:
Click on a link and tell them your ATM or debit
card number
and password.
Where you can see how it actually appears:
I.4. Citibank with various subjects and possibly a time stamp
The bait:
An email that looks as if it comes from Citibank
saying, they
are updating their software and asking you to click
on what looks
like a real Citibank url.
What it tries to make you do:
Click anywhere on the image (the entire scam is
a single image)
and then provide a wealth of very private information
ranging
from your ATM card and PIN to your mother's maiden
name.
Where you can see how it actually appears:
I.5. Attn: Citibank Update
The bait:
"Click here" link in an email that seems to come
from Citibank
saying that they noticed one or more attempt to
log into your
account from a foreign IP address.
What it tries to make you do:
Click on a link and tell them your ATM card number
and PIN and
username and password.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/08-26-04_Citibank_(Attn_Citibank_Update).html
I.6 "notice: US Bank"
The bait:
An email that seems to come from US Bank asking
you to login.
What it tries to make you do:
When you click on the login button, it asks for
your ATM Card
number and PIN.
Where you can see how it actually appears:
http://www.antiphishing.org/phishing_archive/08-25-04_US_Bank_(Notice_Us__BANK).html
==end==