APCUG Reports
January-March 2008

This article will show you several scams (“pfishing” attempts, etc.) that I have recently received by email, and how you can avoid being fooled when you get them.

It appears that CityBank sent me this email

Dear business customer of Citibank:

Citibank is committed to safeguarding customer information and combating fraud. We have implemented industry leading security initiatives, and our online banking services are protected by the strongest encryption methods and security protocols available. We continue to develop new solutions to provide our online banking services and their customers with confidence and security.

The added security measures require all CitiBusiness Online customers to complete on a regular basis CitiBusiness Form.

Please use the hyperlink below to access CitiBusiness Form:

http://citibusinessonline.da-us.citibank.com/cbusol/usermode/form.aspx?BCID=5023 385181062157503063608017060542244926096741987

Thank you for banking with us!

Citibank Customer Support

Look at the bottom of the image. The site it will actually go to is http://citibusinessonline.da-us.citibank.com.nyioe3r.hk

If I did not notice that and clicked anyway, I would get

That is because I have McAfee’s free Site Advisor installed. You may want to go to http://www.siteadvisor.com/ and get a free copy yourself.

I got a high priority email from Paypal informing me my account access has been restricted. Well I do have a paypal account, but again look at the bottom of this image.

If I had clicked the link I would have gone to http://210.60.90.187/dic_net/update/.cgi-bin/login.htm, and had my identity stolen. McAfee SiteAdvisor protected me this time also.

The next scam is a little different. I got a message informing me

JC PENNEY GiftCard Confirmation #156-95

To: singleton@cox.net #15695

To receive your gift, please click on or cut and paste:

http://www.outsparklingness.com/jcpenney/

I got a message from Citizens Bank

Dear business/corporate customer of Citizens Bank,

Caution: we continue to be informed that customers and non-customers are receiving fraudulent phishing emails requesting confidential information and credentials. As a reminder, the bank will NOT send customers unsecured email or other correspondence requesting that they confirm or provide Customer ID’s User ID’s, card numbers, social security number or PINs and passwords. As always, if you receive any unsolicited e-mails, phone calls, faxes or other suspicious attempts to gain personal or confidential information, please e-mail us at fraudprevention@cfgcustomers.com or call Cash Management Client Services at 1-877-550-5933, Monday to Friday, 7 a.m. to 6 p.m. ET. For Additional information please see the events page

For security measures, we require you to confirm your challenge questions:

http://citizensbankmoneymanagergps.com/securepage/challenge.aspx?session=8386862 970091193672509790582943508935310245897

I won’t bother with a screen capture this time, but clicking the link would have taken me to http://citizensbankmoneymanagergps.com.4rrt.co.ee, if McAfee SiteAdvisor had not stopped me. It did.

I got one from

Flagstar Bank has temporarily suspended your account.

Reason: Billing failure.

You are required to complete an account update form so we can unlock your account.

To start the update process click here.

Clicking there would have taken me to http://vs01.justedge.net/~worldofm/www.flagstarbanking2.com/index.php. This time both McAfee SiteAdvisor protected me and also Trend Micro (my PC-cillin virus protection program).

Dear US Bank Customer,

As the Internet and information technology enable us to expand our services, we are committed to maintaining the trust customers have placed in us for protecting the privacy and security of information we have about you. In order to protect your information against unauthorized access, identity theft and account fraud, our Technical Unit is carrying out a scheduled Online banking upgrade on our newly acquired secure and fast SSL servers.

To upgrade to the new security system, you must confirm your account information.

Click on Secure Upgrade to continue to the security process. All unconfirmed accounts would have problems using the online banking system and would have limited functions.

Both McAfee SiteAdvisor and Trend Micro saved me from going to http://www.nanotechnologyworld.co.uk/mambots/editors-xtd/www.usbank.com/usbank.h tml.

They are both very useful, but they don’t catch everything,

Dear MidAmerica Bank client,

You have received this email because you or someone had used your account from different locations. For security purpose, we are required to open an investigation into this matter.

In order to safeguard your account, we require that you confirm your banking details.

To help speed up to this process, please access the following link so we can complete the verification of your MidAmerica Bank Online Banking Account registration information.

http://www.midamericabank.com/my_accounts/default.asp really tried to take me to http://mail.longmerge.com/usage/midamericabank/my_accounts/default/index.php, and neither McAfee SiteAdvisor or Trend Micro caught it. There was not actually a page there, or Trend Micro might have caught it, but indicates that even with the best protection software, you need to still be careful.

I had a similar email from Regions Net Online Banking that supposedly wanted me to go to http://www.RegionsNet Online Banking.co.nz/signon?LOB=CONS&screenid = that really goes to http://otrabanda.org/images/zoom/region/login.php

Trend Micro caught it as a phishing site and Firefox identified it as a suspected web forgery.

A good rule to follow is be very suspicious if your bank, or PayPal, or EBay, or any other business sends you an email saying something is wrong and giving you a link to fix it. In general just delete the email. It probably is a scam. Especially if when you click on the link, you are asked to enter your password or other private data. Don’t do it!!!!! Call the company on the phone to check.