2007-02-24T22:24:00.000-08:00

Beware of These Email Bank Scams

One of the most popular identity theft scams is to send spam
to potential victims advising them that they need to visit a
financial service's Web site to update or confirm their
personal information.

Naturally, the URL in the scam email sends the victim to a
phony Web site, and when the victim has divulged his or her
personal and credit card information, the scammer can make off
with lots of cash -- and perhaps the victim's identity as
well.

Later in this issue you'll read about how scammers are
targeting Best Buy and eBay users with similar schemes, but
this section describes the latest forged emails purporting to
be from banks. Don't be fooled...

1. Citibank c2it

The scam: You're a user of the c2it money transfer service
from Citibank, and you receive an email saying that your
account has been placed on hold for security measure
maintenance. You're asked to visit a Web site to confirm your
account information.

Tip-offs that it's a scam: Not many. It's a professional
looking email, with a Citibank logo. One tip is that the
return header is from a Hotmail address. Another tip is that,
if you click the submit button, the link takes the user to a
site owned by the Harvard-Smithsonian Center for Astrophysics.

More information:
http://www.eweek.com/article2/0,3959,1102980,00.asp

2. Bank of America

The scam: You're a customer of the Bank of America, and you
receive an email from custommersupport@bankofamerica.com with
a subject line "Security Server Update." It informs you that
because of a 'technical update' you need to reactivate your
account by visiting a URL and re-entering your personal
information.

Tip-offs that it's a scam: It contains many spelling and
grammar errors. As well, the URL leads to a broken Web site
(it has been taken down).

More information:
http://www.eweek.com/article2/0,3959,1085456,00.asp

3. First Union Bank

The scam: You're a customer of First Union, and you receive an
email from bankaccount@firstunion.com telling you that First
Union has lost your online banking user name and password. The
email tells you to go to a Web site and re-enter the
information.

This one is particularly nasty, because simply visiting the
Web site downloads a 'backdoor' Trojan program to your
computer that can give scammers the ability to control your
computer remotely.

Tip-offs that it's a scam: The URL given is a firstunion.com
address. Wachovia.com is now the Internet address for both
First Union and Wachovia customers.

More information:
http://www.eweek.com/article2/0,3959,1068233,00.asp

How can you avoid getting scammed this way?

1. First, be calm. Most of us receiving an email like this
might be alarmed that our account was frozen or our credit
card information had been stolen. But by being calm, you can
make sure you assess the situation rationally instead of just
following the instructions in the email.

2. Recognize that legitimate companies never request this
information via email. When you get this kind of email,
realize the chances are excellent that it's a scam.

3. Go to the official Web site for the financial institution
directly by typing its URL in the address bar of a Web
browser, *not* by clicking any hyperlink in an email. If there
is a real problem, it will most likely be on the home page.

4. If you're still uncertain, email or call the company's
customer support department, and ask them to confirm the
email's authenticity. They will then tell you what to do next.

~~~

Best Buy 'Fraud Alert' Spam

We got more requests to alert our subscribers about this scam
than any other scam this year.

A colleague first alerted us to this one when he received an
email with the alarming subject line "Best Buy Order #XXXXXXX.
Fraud Alert."

The email informed him that someone apparently had made an
online order using his credit card information at the Best Buy
Web site. The email requested him to visit a 'special Fraud
Department' page at the Best Buy Web site where he could
confirm or decline the transaction by providing him with the
correct information.

To make it look more official, details of the supposed
transaction were provided, along with an official-looking
visible URL:
http://www.BestBuy.com/fraud_department.html.

This is a new twist on the identity theft scam. If he'd gone
to the URL, he'd have gone to a Web site not linked to Best
Buy. And if he'd entered his personal information, the scammer
would have had another victim.

But you may wonder how this could work, if the URL was going
to www.BestBuy.com?

That's one of the tricks the scammers now use.

Scammers send this email using HTML format (displayed as
'Rich Text' in Outlook, Outlook Express, Mac OS X mail, etc.).
That way, they can make the hidden hyperlink different from
the visible text on top of it.

In reality, if you clicked on that URL, you'd be going to a
scammer Web site (they use multiple sites to try and stay
ahead of the FTC).

To avoid getting scammed, see the tips in the previous
section.

Hackers Masquerade As Best Buy To Steal Credit-Card Details

==> http://news.zdnet.co.uk/story/0,,t269-s2136319,00.html

~~~

eBay Account Verification Scam

Audri actually received one of these emails, supposedly from
eBay, the other day. It's another variation on the 'verify
your account information' online scam.

The email included the eBay logo, and links to the actual eBay
User Agreement and Privacy Policy. Seems like scammers are
getting even more bold these days.

The text of the email explains that eBay is "undertaking a
period review of our member accounts," and that as a result,
you have to go to their Web site and fill out the required
information.

Needless to say, the visible Web site URL, which does look
somewhat official
http://arribba.cgi3.ebay.com/aw-cgi/
ebayISAPI.dll?UpdateInformationConfirm&bpuser=1
takes you to the scammer's Web site linked with a hidden URL,
using the same techniques described above in the Best Buy
scam.

As always, you should be *very* suspicious of any email asking
you to verify your account information, no matter how official
it looks.

You should see a big red flag if the URL you're being asked to
visit starts with 'http://' rather than 'https://'. The extra
's' stands for secure, which means your information will be
transmitted through a secure connection. That was one of the
tip-offs that this was a scam.

Second, if you need to access your account, go to the Web site
directly without using any link from the email (for example,
type http://www.ebay.com in a Web browser window). Then, when
you log on to your account, you can be sure you're using the
official site.

And lastly, if you have any question as to whether an email
like this is legit (and 99% of the time, it isn't), contact
the site and ask them. You can contact eBay about Rules and
Safety at:

==> http://pages.ebay.com/help/basics/select-RS.html

These scams will continue to get more, and more sophisticated. Use the above
information to avoid being scammed!

Back to officialscambusters.com

More information on email/Identity theft scams, Read carefully!