Phishing!

Phishing!

UPDATE – 3rd December 2013!

Today I received a message proporting to be from Royal Mail saying that a parcel could not be delivered! It was a fake! I also had a message advising that there was a problem with my mailserver and that a backup of my mail had been made and was attached! It was a .zip file! It was also a fake! Be aware! Be Very Aware!

They have tried a new twist with the’ Royal Mail’ scam!

Apparently UK Customs and Border Protection (This is the US name with UK stuffed on the front so it is nothing to do with the UK at all!) have detained my ‘package’  The RM International Mail Branch will notify me, in writing, etc… when I have completed the attached form (a .zip file!).

Yeah right! Delete it! do NOT open the attachment!

Well! They are really trying to grab my hard earned cash! I’ve had 2 emails from “Mastercard” in the last hour advising “Important notification for A Mastercard holder” NOTE the ‘A’ Mastercard owner.

“We’ve detected unusual activity on your Bank debit card . Your UK Bank debit card has been temporarily blocked, please fill document in attachment and contact us”

Yeah! Like I’m stoopid. They are deleted, of course.

They just don’t give up – the thieving bastards!

The latest scam is one from ‘Virgin Media’ – saying the monthly bil direct debit had not gone through and would we please re-supply banking details!!! As you will all know Virgin will never ask for these details so DELETE this email without even opening it!

As the festive season approaches more and more organisations start to try and relieve us of our hard earned money.

No, I don’t mean the banks, power suppliers, payday loan sharks or even the supermarkets. Yes, they all do their level best to squeeze as much out of us as is within law BUT there are many others who do not regard the law as a barrier to their activity.

I refer to those engaged in phishing. This is the process of encouraging the gullible to visit web sites that look official and enticing them to enter security details relating to bank accounts etc..

Another approach is to send an email that looks respectable, but demands immediate action. This often refers to a money transaction (“This amount has been paid from your account – click here to correct it if this is not a valid payment”) or some service has failed to complete (“We were unable to deliver a parcel at 11:30 on the 26th November, if you don’t respond in 24 hours the parcel will be returned to sender – Please follow the instructions in the attached document”). The attached ‘document’ is a zip file containing either a virus, trojan or malware program designed to capture any useful data on your computer.

A third method is to advise that ‘they’ need to verify your security details! AS IF!!!

In the last few days I have been told at least 8 times that DHL have been unable to deliver a parcel.

In the same period I have also been advised that relatively small amounts have been paid out of my bank account(s). I expect more of the same in the run up to Xmas!

The thieving bastards try any and every way to get hold of your money! Be aware, Be very aware.

What to do?

  1.  DO NOT open any doubtful emails, even out of curiosity, delete them and then empty your mail trash bin.
  2. Remember that no reputable organisation will send you an email requiring you to go somewhere and enter your log in details.
  3. No reputable organisation will ask you to verify your details – they obviously have them or they would not be able to contact you in the first place!
  4. NEVER EVER follow a link in an email that is asking for data! If the email is from an organisation that you may have a legitimate reason to use, then use your browser and type in the proper company URL (ebay.co.uk, amazon.co.uk etc..) from your own ‘Bookmarks’ or personal records.
  5. In the unlikely event that your bank, PayPal or Amazon etc. require a response they will address you by name not ‘Dear Sir’ or no salutation at all.
  6. If in doubt – DELETE!

This is from the DHL web site –

“Please be advised that if you received an email suggesting that DHL is attempting to deliver a package requesting that you open the email attachment in order to affect delivery, this email is fraudulent, the package does not exist and the attachment may be a computer virus.

Please do not open the attachment or click any links. This email and attachment do not originate from DHL. For examples of recent email scams, please see our http://www.dhl.co.uk/en/legal/fraud_awareness.html”.

The PayPal site has a section on how to protect yourself against phishing –

 “How to protect yourself from fake emails.

When you aren’t sure if you can trust an email claiming to be from PayPal, here are 2 guidelines that can help you to spot the real from the fake:

  • PayPal emails will always use your first and last name, or your business’s name.

  • PayPal emails will never ask for your personal or account information such as credit or debit card numbers, bank account details, driver’s license number, email addresses, or passwords.

https://www.paypal.com/us/webapps/helpcenter/article/?articleID=94034&m=SRE.

Amazon UK have a section on security –

 Identify False (Spoof or Phishing) E-mails

If you receive an e-mail asking you for personal information or directing you to a site other than Amazon.co.uk, or asking you to pay outside of Amazon Marketplace, it could be a “spoof” or “phishing” e-mail and should be considered as fraudulent.

Genuine Amazon e-mails come from an e-mail address ending in “@amazon.co.uk” or “@amazon.com”. If you receive an e-mail in a different format i.e. amazon-security@hotmail.com, you can be sure that it’s fraudulent.

Some phishing e-mails contain links to websites that contain the word “amazon” somewhere in the URL but will take you to a completely different website. If you hover over the link you often can see the underlying URL which will be in a different format to those linked to within the Amazon sites.

If you click though on a phishing e-mail and are taken to a page looking like “Your Account” or anything that asks you to verify or change your personal details, you should consider it as fraudulent.

Source – http://www.amazon.co.uk/gp/help/customer/display.html?nodeId=200406970.

Even HM Revenue & Customs have advice on how to protect yourself against phishing!

Recognising and reporting phishing/bogus emails

What is a phishing email?

Phishing is the fraudulent act of emailing a person in order to obtain their personal/financial information such as passwords, credit card or bank account details. These emails often include a link to a bogus website encouraging you to enter your personal details.

The guidance below may help you to recognise a phishing email.

Remember:

  • HM Revenue & Customs (HMRC) will never send notifications of a tax rebate by email, or ask you to disclose personal or payment information by email.

  • To be completely safe from phishers, do not select links in emails. If in doubt, close your browser, reopen it, and type the web address for the site you want to visit directly into the address bar.

Read the complete article here – http://www.hmrc.gov.uk/security/reporting.htm

HSBC have this to say about phishing –

“What is phishing?

Phishing involves fraudsters using methods such as sending e-mails that requests the recipient to update or to verify their personal and financial information, including date of birth, login information, account details, credit card numbers, PINs etc. Usually, these e-mails claim to come from a legitimate organisation such as a bank, or online retailer.

The e-mail will contain a link that takes you to a spoof website that looks identical (or very similar) to the organisation’s genuine site. The fraudster can then capture personal data like passwords as you type it in or download malware onto your computer.”

Source – http://www.hsbc.com/utilities/online-security/secure-email-and-tls/secure-mail-anti-phishing.

In Summary:

If you are in any doubt about an email – don’t take a risk! Just Google it! e.g. If you get an email from ‘samplebusinessname’ that you are unsure of just fire up your browser and search’ samplebusinessname phishing and see what it tells you!

Please note:

I have not ‘hyper-linked’ any of the URL’s above so that you can clearly see where they are pointed. For more information either go directly to the sites yourself and follow the menu options they offer or cut ‘n paste the ones above.

As a final note on this subject – I strongly suggest that you DO NOT click the little ‘Remember Me’ option on your login(s). I notice that Gmail is automatically set to ‘Remember Me’. I suggest that you un-tick any others that you come across. I know it’s a pain having to remember all the different details but it ain’t ‘alf so bad as loosing your hard earned cash!