The first e-mail appears to be from eBay:
Oohhh this looks bad. Someone is saying they ordered a Macintosh / Apple PowerBook G4 15-in Laptop! that I sold on Ebay, and they did not get it, and they are threatening to go to the police if I don’t “Respond Now”.
I have never had a Macintosh / Apple PowerBook G4, and I have never sold anything on Ebay, but they have a nice link that I can click on, and explain that to them. Should I click on it? Absolutely not!!! If I did click on it I would not be taken to the Ebay site, but rather to http://74.8.152.35/manual/misc./perf-dic.html. Usually sites like these are overseas, but in this case it is in Gardena, California. The site must not have been up for long, because by the time I tried clicking on it the site itself was down (The requested URL /manual/misc./perf-dic.html was not found on this server), but still my Trend Micro PC-cillin software and my Firefox browser both warned me this was probably a phishing site.
Had the site still been up, and had PC-cillin and Fox not warned me (and if I did not notice the IP address rather than ebay’s site), it would have prompted me to enter my ebay login and password, and maybe even my Paypal login information, and if I had been foolish enough to provide them, no telling what might have been bought using my ebay identity and shipped to another country.
I got another, this time for a Nokia N73 (whatever that is), and clicking on it would go to http://mujweb.cz/www/safeharbour-ebay/signin.htm. CZ is the Czech Republic, and I don’t speak or read Czech, but if any of you do, the screen I got was
Firefox warned me about it; PC-cillin did not catch this one.
I got a message supposedly from Customer Care with a subject PLEASE PROTECT YOUR COX.NET ACCOUNT FROM BEING CLOSED. The message said:
Greetings to you,
This is to formally notify you that we are presently working on the cox.net, and this can close your webmail account with cox.net completely. To avoid this, please send your surname and password to cox.net customer care email address:protectcox5webmail@yahoo.com ,so that your account can be protected.
Your immediate response is highly needed.
Well I certainly don’t want my cox.net email account closed, but I will guarantee you that Cox would never send me an email asking for my login and password, and they certainly would not use a yahoo.com email address. They would use a Cox address, and not cox.net, which their customers get, but rather cox.com. I did not respond, and guess what, my email still works.
I got a message supposedly from Amazon Account Update [account-update@amazon.com] which said:
Greetings from Amazon.com.
Click the link below to reset your password using our secure server: https://www.amazon.com/gp/css/account/forgot-password/redeem-forgotten- password-token.html? token=jj3UWH51X4XBGT7aGkq0viRnA%2FAGsHd6O3BoeCn%2F%2BM%3D
If clicking doesn’t seem to work, you can copy and paste the link into your browser’s address window, or retype it there. Once you have returned to Amazon.com, we will give instructions for resetting your password.
Thank you for visiting Amazon.com!
Gee, they were nice, providing me the link to click on. But I never forgot my password, and if I clicked on the message I would not go to amazon.com but rather to http://selllerstuss.com.p10.hostingprod.com/ama/.
The phishing site was not up when I tried (403 Forbidden) but PC-cillin warned me that it was a probable phishing site.
I got an email supposedly from Western Union [service@westernunion.com] telling me:
In an effort to protect your Western Union account security, we have suspended your account until such time that it can be safely restored to you. We have taken this action because your password may have been compromised. Sometimes this happens when members respond to an email asking for personal information. Although those emails appear to come from Western Union, they are really sent by people attempting to gain access to your account. Although we cannot disclose our investigative procedures that led to this conclusion, please know that we took this action in order to maintain the safety of your account.
Please change the password that you use on the EMAIL account that you have registered to your Western Union account. Make sure that it is also different from the password that you use on your Western Union account. By doing this we can ensure that you are the only one that can access any further communication we may have with you.
Once you have taken steps to secure your email, please contact our Live Help team for assistance restoring access to your account. You can reach the Account Theft Live Help team by clicking on the link below:
Click here to update your account
(To complete the verification process you must fill in all the required fields)
Please Note: If your account informations are not updated within the next 72 hours, then we will assume this account is fraudulent and will be suspended. We apologize for this inconvenience, but the purpose of this verification is to ensure that your account has not been fraudulently used and to combat fraud.
Thank you for your attention on this serious matter. We apologize for any delay in resolving this situation.
These scammers went to a lot of trouble on this one. If I had clicked on the link it would have taken me, not to westernunion.com, but rather to http://www.vvestern-union.com/asp/regLogin.asp.
They registered their own domain name with two “v” rather than one “w”, and with a dash between vvestern and union. Needless to say I did not fall for it.
I got a similar message informing me “The German American Bancorp Online department temporary disabled your account.” Well that is OK with me, since I don’t have an account with that bank, and if I had one, and had been foolish enough to click on it, rather than going to http://www.germanamericanbancorp.com/bancorp/activate.html it would have gone to http://fang.omni.com.au/system/index.html (a German bank in Australia???).Bank of America © [service@bankofamerica.com] supposedly sent me a message with a subject “Phishing: Update Your Account” (yes it is a phishing attempt; nice of them to reveal that. I wonder if my email program added that word.) I was told that “Technical services of the Bank of America are carrying out a planned software upgrade.” and I needed to click on a link for http://www.bankofamerica.com/finance-wu/upgrade/users/bofa/index.htm but it really would take me to http://mail.chavibd.com/%20/BankofAmerica/cgi-bin/sso.login.controller/SignIn/.
Wasn’t PayPal nice (NOT!!!). Department Of PayPal [service@paypal.com] informed me that “64.10.160.4 tryed to access your account 3 times” (I believe there is an extra “a” in Department, and we spell it “tried”) and they blocked it, but all I have to do is click on a link (which would take me to http://www.thaijaidee.com/chat/.www.paypal.com/cgi-bin/webscr.php?cmd=_login-run and enter my information. Anyone want to guess how long it would have taken for my credit card to have been maxed out?
I got a message from PayPal [accounts@paypal.com] “You’ve added an additional email address to your account. If you don’t agree with this email nmroth1@verizon.net and if you need assistance with your account, click here and login.” Well that certainly is not my email address, and I did not change my email address, but if I had clicked where they wanted me to, it would have taken me to http://www.visitaalpsicologo.com/backend/tmp/.pp/tmp/ where I would have been prompted for my login and password, and probably given an opportunity to remove that address. But while I was doing it, my credit card would have gotten maxed out.
Service@paypal.com supposedly said “our system found incompatible information which seems to be no longer the same with your current credit card information that we have on file.” And they gave me a chance to “To securely update and confirm your credit card identity information please click on the link bellow: https://www.paypal.com/cgi-bin/webscr?cmd=_login_” But that is not where the link would have taken me. It went to http://69.149.109.154:82/ www.paypal.com/cgi-bin/webscr_cmd=_login-run/index.php.
If you ever get an email saying something is wrong and giving you a link to fix it, delete the email. It probably is a scam. Especially if when you click on the link, you are asked to enter your password or other private data. Don’t do it!!!!!
I have a lot more of these, but we are running out of space, so stay tuned until next month when we will look at some more Scam Alerts.