Phishing Scams - Protect Your Identity

« November 2004 | Main | March 2005 »

February 14, 2005

New Phishing Scam Targets Charter One Bank Customers

Today a random email popped up in our email box targeting Charter One customers. The hyperlink, of course, doesn't go to Charter One website, but to IP address 140.111.126.4.

Below is the email being sent (with all links removed)
--------------------------------------------------------------

Dear Charter One Bank customer,

We recently reviewed your account, and suspect that your Charter One Bank Internet Banking accountmay have been
accessed by an unauthorized third party.
Protecting the security of your account and of the Washington Mutual network is our primary concern. Therefore, as a
preventative measure, we have temporarily limited access to sensitive account features.

To restore your account access, please take the following steps to ensure that your account has not been compromised:

1. Login to your Charter One Bank Internet Banking account. In case you are not enrolled for Internet Banking, you will
have to fill in all the required information, including your name and you account number.

2. Review your recent account history for any unauthorized withdrawals or deposits, and check you account profile to
make sure not changes have been made. If any unauthorized activity has taken place on your account, report this to
Charter One Bank staff immediately.

To get started, please click the link below:

http://www.charterone.com/home/ [ ** the link redirected to a different website to "phish" for customer info. They hyperlink appeared to lead to charterone.com, but the underlink HTTP code directed you to another IP].

We apologize for any inconvenience this may cause, and appreciate your assistance in helping us maintain the integrity of
the entire Charter One Bank system. Thank you for attention to this matter.

Sincerely,

Charter One Bank Team

Posted by savsb at 12:29 PM

February 08, 2005

Ebay Users Are Latest "Phishing Scam" Target

Seems like a day doesn't go by that a new phishing scam is discovered. It usually always involves trolling for personal information by tricking the consumer into revealing their account number, password, or financial information.

E-bay looking "spoof sites" designed to gain access to customer's paypal accounts have been reported to authorities in the last few weeks. The URL used is www.ro.paypal.com -- which is similar to the official paypal website (www.paypal.com).

Remember to never click on links via email to visit any website where you enter sensitive passwords or sites that contain financial information. Always type the URL yourself in a new browser window after closing all others.

It's also an excellent idea to run a daily virus scan as well as a spyware scan.

Posted by savsb at 09:46 PM | Comments (0)

Security Flaw in Web Browsers Open Danger to Phishing Scams

Microsoft's Internet Explorer has long been criticized as having many flaws that allow hackers to exploit and take over victim's computers. Now, other browers are vulnerable to attack and, oddly enough, Microsoft's IE is non vulnerable to the newest method of attack, which exploits browers that allow International Domain Names (IDN). IDN domains allow special characters within the domain name.

For more information, check out this security alert from Security Labs:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=128

Posted by savsb at 09:41 PM