Paypal phishing scammers seemed to be getting more and more stupid...

-----Original Message-----
From: Security Center [mailto:jjjndd@yahoo.com]
Sent: Tuesday, April 29, 2008 9:13 PM
Subject: Account Security Warning

Dear valued PayPal member,

It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.
However, failure to update your records will result in account suspension. Please update your records on or before May 1, 2008.
Once you have updated your account records, your PayPal session will not be interrupted and will continue as normal.

To update your PayPal records click on the following link:
http://mail.credinka.net/icons/online/userss/secure/

Thank you,
-----End Message-----

You can also update your PayPal records at hotScams.com... lol

There is a recent mail from this email address "customercaredata00@gmail.com" trying to phish gmail account password.

Do not fall for this stupid scam.

There are many variations of the "e-card scams", which tries to get you to click on a link to a site with only an IP address like the one below.

The variations include recovery of "membership" info from sites which you did not join.

-----Original Message-----
From: User sbhlwwelpvc [mailto:sbhlwwelpvc@WPIS-64-140-240-22.worldpath.net] On Behalf Of Online Gamers
Sent: Wednesday, August 22, 2007
Subject: Your Member Info

Greetings,

Are you ready to have fun at Online Gamers.

Membership Number: 256575129641
Your Temp. Login ID: user1679
Temorary Password: au866

This Login Info will expire in 24 hours. Please Change it.

This link will allow you to securely change your login info: Online Gamers <http://68.84.189.4/>

Welcome,
New Member Services
Online Gamers

Attach is a phishing scam targeting customers of Merrill Lynch Business Center

Mouseover the link, the URL is:
http://www.wcma.businesscenter.ml.corp336.com.cn/
The correct link is http://www.business.ml.com/

The above link has been closed down by http://www.com.cn/, a chinese website.

What is the deal with those email spam selling pharmaceutical products? We never buy from them, so we are not quite aware what is in the scam. However, we thank this phishing email for the information (in Red) below. Note: The link below goes to a phishing site that has been taken down.

-----Attached-----

The United States National Medical Association

Do you buy pharmaceuticals online? The US NMA was specifically established to protect the consumer. Our experts check every online shop for bogus medicines. The blacklist of unreliable or simply fraud shops is updated every week. We strongly recommend to visit our site before buying any medical products online. visit us Our site http://www.us-nma.com/ The common ways of online cheating are: - delivery of low quality or fraud products. - an enormous delay (up to 2-3 months) in delivery of products. - shops obtain all the credit cards numbers and other credit information and then simply send nothing. - shops sell unlicensed products they know nothing or very little about. - shops themselves don't have a license to sell the pharmaceuticals. Please check our blacklist of unreliable and fraud shops before buying any medical products online!!! Protect your family and yourself. http://www.us-nma.com/

With all due respect and care. The US NMA.

This is a warning about a BancorpSouth phishing email with the following link:

BancorpSouth Online Services

The actual link used in the email is http://www.bxs.com294.cn/login.htm
This appears to be a China domain name, http://www.com294.cn
(call the China police!!!)

The bank's official website is at http://www.bancorpsouth.com.

As everybody has warned: Never click the link on the email. If you own an account with BancorpSouth, always type this correctly into your browser:

www.bancorpsouth.com

tada... you are... safe.

We have started to identify some common words used in such simple scam, esp. the use of the word "Security Measure" in the subject followed by a funny looking link.

> From: info@amazon-service.com
> Subject: [ Notification ] - Security Measure
> Date: Tue, 31 Jul 2007
> To:
>
> Dear Amazon® member,
>
>
> We are contacting you to inform you that our Account Review Team identified some unusual activity in your account. In accordance with Amazon's User Agreement and to ensure that your account has not been compromised, access to your account was limited. Your account access will remain limited until this issue has been resolved. To secure your account and quickly restore full access, we may require some additional information from you for the following reason: We have been notified that a card associated with your account has been reported as lost or stolen, or that there were additional problems with your card.
> This process is mandatory, and if not completed within the nearest time your account or credit card may be subject for temporary suspension.
> To securely confirm your Amazon information please click on the link bellow:
>
>
> http://amazon.comIgp.yourstore.home.ref.opnav.ysd.biz.tc/main.html
>
>
> We encourage you to log in and perform the steps necessary to restore your account access as soon as possible.

An old-fashioned scam mail attempts to convince you that your IP address is sending out emails due to worms. That applies if your ISP uses static IP address. The mail will then include a "patch" where you can click/download and install on your PC to prevent remove the worm.

Experienced guys will simply delete such a mail. But if you are not sure and you received the same mail, note that the patch is in fact a trojan or malware (i.e. virus).

The following mail looks like it is from eBay.com. In fact, the scammer robs all the pictures from the original eBay site, accept for one major link.

Mouse-over the "Respond Now" button, it leads to this URL:

http://58.185.59.188/.signin.ebay.com/SingInUssingISSAPIfromeBayVerifyaccountfromISPnotSSLactiveMethodePostnatunerHuas.html

Is the above a link to eBay site? No, its linked to the scammer site at http://58.185.59.188/

That is where you will login and send your credit card information to the scammers... and they will have a wonderful time shopping at your expense.

Warning! We have been receiving reports about spam mails saying that you have received free web cards, greeting cards from old friends, classmates, etc.

These are possible phishing emails, do not click on the link. Just ignore them.

Watch out for this "National City" phishing email.

Fortunately, we do not have any accounts at National City, so the email was dismissed as a scam immediately. However, we would like to warn others who may have received similar phishing emails with a link which "appears" to be from NationalCity but it is actually directed to another URL.

How can you find out? See the full story of a picture of what we saw.

There is a phishing email going around saying that you have purchased something from msn.com or some other big sites, and you can download the software from those legitimate links.

However, you did not buy anything from msn.com, or those sites. And you are smart by checking the outbound links to find that they are indeed legal links to real product sites. The domain name is also absolutely correct.

But something else is terribly wrong.

Local news at Hammonton report the rise in lottery and phishing scams targeting at elderly folks. Perhaps it was not the intention of the scammers to target at elderly people, but it just happens that some elderly people falls into the trap easier. Imagine an old man waiting in vain to win that MegaMillions top prize for the past years, and receiving an email saying that he has just won a lottery somewhere on earth. As for phishing scams, it is not easy to spot even for younger adults, let alone elderly folks.

-------------

HAMMONTON -- For the past seven months, authorities have seen a noted increase in telephone and Internet scam cases targeting seniors.

Police Detective John Panarello said the department's detective division has investigated 50 incidents, which could lead to the victims turning over valuable information such as credit card numbers, bank routing numbers and even Social Security numbers.

"There's a lot of variety of scams out there," Panarello said. "There's the telemarketers, Internet scams and check scams. It seems that they are going after the elderly residents here. They are getting targeted."

One of the first scams Panarello and fellow detectives Gerry Martinez and Joel Frederico investigated involved a fake lottery check.

"With the lottery scam, you'll get a check in the mail. It's a legitimate check, which is forged and stolen from a company. It says you've just won say $250,000 in a lottery. They send you a check for a portion of it," Panarello said.

One Hammonton woman recently received such a notice. With her "winning" notification letter, she received a check for $3,900.

"They said if you cash this check, send $2,200 back and you'll receive the remainder of your $250,000," Panarello said. "The subject cashed the check, turned around and sent them a check. The check bounced and they were out that $2,200."

Visit the site to read more...

We didn't expect eBay.com to have XSS (cross-site scripting) problem, when it is 'so big' and there had been so many phishing cases in the past. Phishing isn't a new issue for eBay and Paypal. The hole should be plugged by now.

-----------

Tom Spring, PC World

A PC World reader alerted me to a flaw on eBay's Web site that enabled a scam designed to trick people into handing over their personal information. eBay promptly patched the flaw last week, but experts I spoke with are wondering how long the fix will hold.

The flaw allowed a scammer to use an increasingly common type of attack called cross-site scripting, or XSS, to redirect people from an eBay listing to a spoofed eBay site. Though eBay may have plugged the hole for now, experts say, similar problems have surfaced in the past on eBay and other sites, and it's a safe bet they will again. The problem is not going away, and it will continue to cause visitors to eBay and other sites trouble for the foreseeable future.

A phishing email appears to be from "Bank of America". We did a "View Source" on the email and found the following link:

http://www.bankofamerica.com.onlinebankingid30344740.kaswert.info/session.cgi

This is a phishing site, which is in fact a subdomain of the domain kaswert.info, and not bankofamerica.com. Unsuspecting or careless victims may often read just the first part of the link after the http:// and failed to notice the end. In fact, it is important to determine the full domain name to be safe.