3 Bank Phishing E-Mails in 4 Days
10Today marks the 3rd different bank info. phishing e-mail I’ve received in the last 4 days. Like ( I would assume ) all of us, I’ve gotten my share of the “Nigerian Scam E-Mails” before; but nothing ever like these 3. And worst of all - for some reason, and I am totally guessing here, they seem to be encrypted somehow so that I cannot forward them without getting an error message from AOL saying that it cannot be done due to an “error” with them. Needless to say, I have NO idea who Haby Haidara is. Since I can neither forward them to the banks in question - none of which I am now or have ever been a customer of - nor can I send them on to the appropriate government agencies, the very least I can do is share them with my fellow Mehricans. So here, for your financial protection … and reading amusement … are pictures of what I got. I hope my sharing here spreads like ripples, and protects at least one person out there from these low lifes.
http://imgur.com/7O46mDj
http://imgur.com/a/lAbZo
http://imgur.com/a/lepy2
- 12 comments, 21 replies
- Comment
I’m assuming the link that takes you to the bank’s website, doesn’t go to the bank.
Good to know.
Thanks for sharing!
i get those from SunTrust and Bank of America at least once a week. I don’t bank at either of those places, so it’s obvious phishing. I normally open the link through a proxy site and fill in all the information with names like “Avery Smallcock” or “Rhoda Weiner” and in the address, I input phrases like “Your mother sucks donkey dongs” or “Your desk chair is a Sybian”.
I’m sure they see it and move on to the next one, but to me, it’s a small victory.
Even if you get e-mail from (what looks like) your own bank, (or Social Security, or Medicare, or …) NEVER click the link in the e-mail. Open a new tab/window and sign into your account from there.
Oh, and : There’s a way on most e-mail servers to expand the header info. That will show you where the e-mail originated. If you print or forward a copy for your bank, it helps to have the expanded header, since that won’t always be available to the receiver otherwise.
Proposed incompetence remedy:don’t read email unless someone you have reason to acknowledge calls you to ask you why the fuck you haven’t responded to some useless email.
/giphy lazy
Replay often
@f00l anything Monty Python gets an auto-star in my book.
lol… I got that SunTrust one either yesterday or this morning.
It really serves little purpose to forward an email that isn’t from SunTrust Bank (or TD Bank or ?) to SunTrust Bank (or TD Bank or ?) so as to inform them that they didn’t send the email. Think about it: They already know they didn’t send it and there is absolutely nothing they can do to make the people who did send it stop sending such things. You’re just wasting their time but more to the point, you are wasting your time and may be marking yourself as a bad person.
What you want to do is either delete the message and move on (this wastes the minimal amount of your time) or else learn how to read email headers and then reach out to the abuse address at the domain that actually sent the email. (ProTip: the From and Reply-To headers have very little to do with where an email actually comes from, especially if it is not legit.) For example, if the email actually came from yahoo.com then send an email to abuse@yahoo.com, since it is one of yahoo’s users that sent it to you. But don’t merely forward it to abuse@yahoo.com because that strips off the headers they need and may get you marked as a bad person.
Realize tho, that yahoo (or whatever domain’s) user was very likely conned into giving up their credentials, either via a phish or a keylogger or some such and they aren’t even vaguely aware that they’ve been sending malware, spam and other crap to hundreds if not hundreds of thousands of other people.
BTW- AOL likely refused to accept the phishing emails from you because it knew they were phishing emails and their system was protecting itself and others from you. Again, think about it: how is AOL to know that you aren’t one of those people who gave away their credentials and the phishing emails aren’t actually coming from a bad person using your account? This is why you don’t
want to forward such emails to others.
TL;DR: for almost all people who don’t know how to do email and/or security for a living, the smartest thing to do with all malware including phishing email is to delete it. Certainly do not forward it anywhere because doing so can make you look like one of the bad people.
@baqui63 The point of forwarding them to the actual bank is to make sure they know there are phishing emails out there. This way they can warn their ‘less aware’ customers to be alert for these scams. It’s not about trying to find the actual perpetrators.
@cinoclav The banks already know. It honestly doesn’t help, and there are some phishing emails that recognize you’ve opened/read them. It just adds to the background noise.
@baqui63 is correct (above, in the tl;dr portion). Just delete it.
@cinoclav Trust me, they know. I’ve personally been getting spoofed email from SunTrust for years; also from Chase, BOA, 3rd 5th Bank (wtf kind of name is that anyway?) and dozens of others.
My users (among other things, I’m an email admin for a public college in NYC) have been getting them for eons as well. We’ve slowly been getting the users to understand that anything even vaguely threatening should never ever be trusted, but even extremely smart people don’t always have their brains engaged when reading email, especially when they are focused on other things, like getting a grant proposal out or meeting some other deadline.
The current annoying thing I’m dealing with is Office documents with macros that kick off installing ransomware. So far, no “company” data has been lost (we keep good backups of company data), though a couple of people have lost pix of their kids, pets and grandkids (unless they went off and paid the ransom, which would be totally their business).
I’m toying with disabling the ability to run ALL Office macros on campus (except for a few people who have been manually granted the ability). I’ve already started blocking all emails containing files (even zipped up) that have extensions like DOCM and XLSM (my users have to use password protected zips to get these files thru).
The one from Chase is brilliant. They can’t spell Access. LOL
@Kidsandliz Also, I have an AlerG to their AlerT.
@PocketBrain Oh, and "CHASE ONLINE_EMIL UPGRADE"
LOL!
Don’t fall for scam Emils.
I’ve been getting robocalls from “the IRS”. I’ve had to block two different numbers with the same scam. It made me think about scammers getting together and talking like fishermen. “I’ve been getting a lot of hits with this one lately. You should try it.”
@walarney
I’ve gotten a few voicemails from “the IRS who are sending the police to arrest me at this moment.”
I turned on call-blocking. My phone doesn’t ring - and calls can’t be answered - unless the calling # is on my contacts list. A legit call from a number I don’t know can’t still leave me a voicemail tho. I will return legit calls and add them to contacts.
I do this on Samsung. Surely most phones will do something like this?
@walarney for kicks I answered and stayed on the line thru their fraudulalent IRS script.
While anyone with their brain fully engaged on would not fall for it, they can be extremely clever and effective. I played along, even faking that I was going to the bank to withdraw $ for the wire. They even attempt to tie up both your mobile and landlines so you or someone else couldn’t check up on them.
I could go on. But I can totally see why some folks fall for it. Shameful and disgusting human waste that takes advantage of gullible people.
@RedOak They are aimed at senior citizens. My mother fell for one of those computer “you have a virus” scams and gave them $200 and access to her computer.
@sammydog01 the Ransomware shit and variants are nasty.
Either your PC gets infected, encrypting your data and popping up a helpful sounding “please call 800-… for help with your computer.”
Or, you get a cold call from someone sounding official, saying they’ve discovered your PC has been hacked and the hackers can see everything you do. “We can show you what they see on your PC. Simply go to this webpage.” So helpful.
$79/99/129 later and maybe you’ll have your data back. For a few weeks.
@RedOak I don’t even think it was ransom ware, it may have just been a pop-up. I told her to call her internet supplier and credit card company and they said the company was legit. Yeah, right. They started calling and asking for more money. She is with the Geek Squad now- at least she can drive over there and talk to someone in person. I hope they have a special hell for people that prey on seniors.
@sammydog01
Sympathies. I hope there’s a place near hell for Geek Squad. Perhaps it isn’t fair to generalize, but I’ve spent way too much time getting friends and colleagues out of Geek Squad hell. I blame their parent Best Buy mostly.
@RedOak My dad is retired and takes the calls just for fun. He likes to see how mad he can get them.
@RedOak Helping my 89 year old mom with her computer problems over the phone is indeed a toasty place. I have spent many hours there. Bless the Geek Squad.
@walarney what I didn’t say above about that for kicks IRS scam call - after they attempted to get me to go to the local Kroger to send them nearly $3,500 via Western Union - I finally said “come on, come clean, how many people does this work on?” He stayed in scam-script. I said “look I know exactly what you’re trying to do - at least I saved some sucker and tied you up for 10-15 minutes.” He broke script, laughed, and said, “I have a room full of 100 people making these calls and only when they get a solid lead do they transfer the call to me”!?!?!
@sammydog01 glad you’re happy with Geek Squad, may your success continue. I steer anyone asking clear of them.
They’ve also been intentionally sending “Phishing” emails at work lately. (For training purposes.) Kind of amusing. Having “phishtrain.org” in the link URL sort of gives them away.
@walarney
I hope you reply to those as a Nigerian Prince or government official in need of assistance, kind Sir.
@walarney Yeah, they do that here too.
The folks behind all those emails aren’t terribly bright, in any case. I manage a mailing list. The role account (for handling subscribing, and other emails) sometimes gets 100 of these types of emails in a day. Yeah, that’s what I said. ONE HUNDRED. Kind of funny, when they’re addressed to “Dear {list-owner}” (you didn’t think i was going to tell you what the list name was, did you?).
I get propositioned by hot russian babes, and I get scans sent from unattended devices, all looking innocent (unless you think an obfuscated zip file might have something bad in it).
Spammers. I hates 'em.
@Shrdlu
A friend of mine got a domain, early 90’s, just for family email. Never used for any commercial or public purpose.
He used to run his own server with qmail. When he finally moved it to a virtual server and off qmail, he accidentally misconfigured something, hadn’t configured spam filtering yet, and left a catchall account turned on. Turned out that catchall account was getting more than 70K spams emails per day, mostly alphabet soup addressing, mostly from South American and Russian ip’s.
I suppose the only thing that matters to the spammers is volume.
@f00l If sending spam and malware by email didn’t have a reasonably good ROI, the Bad People wouldn’t bother doing it.
They send it because it works. Eventually, that may change, but I have no expectation that it will. People are just too likely to fail at not falling for it.
The scumbags attempting to scam the Volkswagen TDI/Diesel buyback program aren’t too bright either. (They act like VW, buy your TDI at what appears to be a fair price, and then sell it to VW for the higher real buyback price, pocketing the difference.)
Their caller ID displays “Volkswagon”.
@0Wise1 Only so they can access it from their Palm Pilot.