Be Net Aware

You sometimes have to admire the sheer cheek of some of the scammers especially with the latest phishing attempt for HSBC customers. The e-mail had the subject “Protect Yourself Against Internet Fraud” and tells you that it is instigating a special fraud prevention exercise which if you don’t participate in you get yourself suspended.

As normal there are 2 tell tale signs that this is a Phishing e-mail aside from me not having a HSBC account

1) It does not specify my name

2) On the text version the link points to a different site

From: HSBC Bank plc [mailto:secureservice@hsbc.co.uk]
Sent: 21 September 2009
Subject: Important: Protect yourself against Internet Fraud

<http://www.hsbc.co.uk/1/themes/html/hsbc_ukpersonal/images/hsbc_lo go_only.gif>

Dear Valued Customer,

HSBC Bank plc is carrying out a fraud prevention

exercise on all accounts to reduce and prevent Fraud on our online

system. All Verified Accounts will recieve a Special Anti-

Fraud Protection, Which will reduce all risks of Online Fraud.

Please click on Verify my account <http://www.dulgermobilya.com/includes/js/ThemeOffice/IBlogin.html> to continue Update.

your account information to the verification process.

Remember Failure to verify your account details will lead to account

suspension for security Reasons.

HSBC Internet Banking Supervisor,

© HSBC Bank plc 2002 – 2009

Sometimes the scammers try to be a little too clever and the e-mail goes wrong as is the case in the following e-mail where it appears that a html e-mail has been sent as text so you can see all the code, needless to say it is another failed Phishing attempt for alliance and leicester customers.

This e-mail aside from the From and Subject is exactly how it appears in my junk mail box.

From: Alliance & Leicester plc [mailto:helpdesk@alliance-leicester.co.uk]
Subject: Important Bank Mail

Content-Type: text/html

Content-Transfer-Encoding: 8bit

Return-Path: anonymous@plesk12.hospedagemdesites.ws

X-OriginalArrivalTime: 28 Aug 2009 11:47:52.0297 (UTC) FILETIME=[5FD7B590:01CA27D5]

<table width=”616″ align=”center” cellpadding=”0″ cellspacing=”0″ border=”0″ style=”font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#005baf;”>

<tr>

<td width=”616″ colspan=”5″ align=”center” style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_top.jpg) bottom left no-repeat;”><br><br></td>

</tr>

<tr>

<td width=”30″ align=”right” style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_left_top.gif) top right no-repeat;”><br></td>

<td width=”33″ align=”left”><br></td>

<td width=”479″ align=”right”><br>

<table cellpadding=”0″ cellspacing=”0″ width=”477″ align=”center” style=”font-family:Verdana, Arial, Helvetica, sans-serif; color:#818181; font-size:9px;”>

<tr>

</table>

</td>

<td width=”44″ align=”right”><br></td>

<td width=”30″ style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_right_top.gif) top left no-repeat;”><br></td>

</tr>

<tr>

<td width=”30″ align=”right” style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_left_tile.gif) top right repeat-y;”><br></td>

<td width=”556″ colspan=”3″><br><br><strong style=”font-size:1.2em;”><img src=”http://host.alliance-leicester.co.uk/service/images/alsantbanner.gif” width=”556″ height=”77″ alt=”Alliance & Leicester” style=”display:block;”></strong></td>

<td width=”30″ style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_right_tile.gif) top left repeat-y;”><br></td>

</tr>

</table>

<table width=”616″ align=”center” cellpadding=”0″ cellspacing=”0″ border=”0″ style=”font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#005baf;”>

<tr>

<td width=”30″ align=”right” style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_left_tile.gif) bottom right repeat-y;”><br></td>

<td width=”556″ colspan=”3″>

<div style=”border-left:1px solid #f5821f; border-right:1px solid #f5821f;”>

<table width=”554″ cellpadding=”0″ cellspacing=”0″ border=”0″ style=”font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px; color:#005baf;”>

<tr>

<td width=”32″ align=”left”><br></td>

<td width=”479″ align=”left”><br><br>

<div style=”font-size:12px; color:#005baf; text-align:right;”></div>

<br>

<strong style=”font-size:12px;”>Dear Valued Customer,</strong><br><br>

We recently have discovered that different computers have logged into your Alliance & Leicester account, and multiple password failures were present before the logons.

<br><br>

In this manner, for your security, your specified access account has been locked and needs to be reactivated, in order for it to remain active, please Use the link below to proceed and unlock your account.<br><br>We also want you to use this oppurtunity to upgrade your account to our new security with the Santander Group, one of the largest banks in the world by market capitalisation.<br><br>

<a href=”http://www.sh1908.org/bbs/data/100/Alliance.php” style=”color:#f58426;”>https://www.mybank.alliance-leicester.co.uk/index.asp?ct=mybankrhnlogin&</a><br><br>

By becoming part of the Santander Group, Alliance & Leicester has acquired strong backing, which is crucial in these difficult financial times.<br><br>

I am convinced that Abbey, Alliance & Leicester and Bradford & Bingley, as part of the Santander Group, will be a leading UK bank focused on giving you great service and

value-for-money products.<br><br>

Yours sincerely,<br><br>

<img src=”http://host.alliance-leicester.co.uk/service/sigs/emilio_botin.jpg” alt=”Signature of Emilio Botin” width=”118″ height=”70″ style=”display:block;”>

Chairman, Emilio Botin<br><br><br><br><br><br>

<div style=”background-color:#e5352c;”><img src=”http://host.alliance-leicester.co.uk/service/santander/welcome_msg.jpg” width=”475″ height=”49″ alt=”Alliance & Leicester is now part of the Santander Group, one of the largest banks in the world by market capitalisation.” style=”display:block;”></div><br>

</td>

<td width=”43″ align=”right”><br></td>

</tr>

</table>

</div>

</td>

<td width=”30″ style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_right_tile.gif) bottom left repeat-y;”><br></td>

</tr>

<tr>

<td width=”30″ align=”right” style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_left_btm.gif) bottom right no-repeat;”><br><br></td>

<td width=”556″ colspan=”3″>

<div style=”border-left:1px solid #f5821f; border-right:1px solid #f5821f;”>

<table width=”554″ cellpadding=”0″ cellspacing=”0″ border=”0″>

<tr>

<td width=”32″ align=”left”><br></td>

<td width=”479″ align=”left”><br><br></td>

<td width=”43″ align=”right”><br></td>

</tr>

</table>

</div>

</td>

<td width=”30″ style=”background:url(http://host.alliance-leicester.co.uk/service/images/shadow_right_btm.gif) bottom left no-repeat;”><br><br></td>

</tr>

<tr>

<td colspan=”5″ align=”center” style=”background:url(’http://host.alliance-leicester.co.uk/service/images/shadow_bottom.jpg’) top left no-repeat;”><br><br><br></td>

</tr>

<tr>

<td width=”30″ align=”right”><br></td>

<td width=”33″ align=”left”><br></td>

<td width=”479″ style=”color:#818181;”>

This message was sent to you as an Alliance & Leicester customer, to inform you regarding important information about your account.<br>

This email has been sent by Alliance & Leicester plc. Registered Office: Carlton Park, Narborough, Leicester LE19 0AL. Company No. 3263713. Registered in England. Alliance & Leicester plc is authorised and regulated by the Financial Services Authority. Our FSA register number is 189099.<br><br>

</td>

<td width=”44″ align=”right”><br></td>

<td width=”30″ align=”left”><br></td>

</tr>

</table>

</body>

</html><br><div align=’center’><img src=”http://host.alliance-leicester.co.uk/MEDIAndXS1nV9/al1710085939.gif” width=”10″ height=”10″></div>

</div>

</div>

Almost as if taunting me following my comments regarding the lack of Phishing e-mails, I got the same Phishing e-mail 3 times for Egg.

Aside from the poor English, it is a fairly convincing e-mail especially as it comes under the believable mass e-mail without personal details categories, but once again a quick look at the text version proves it to be fake, unless Egg have for some reason moved sites to firkumdik.dk.

From: Egg Banking plc [mailto:eggmoney@service.co.uk]
Subject: Egg Money Manager Update Notification

X-Priority: 1 X-MSmail-Priority: High X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441

go to Egg home <http://new.egg.com/visitor/0,,3_11060–View_819,00.html>

<http://new.egg.com/com.egg/images/globalnav/globalnav_toprow_bdr.gif>

*     We’ve made some update to Egg Money Manager, We always try to ensure a better  security for our customers. Due to the recent update, we recommend you to confirm your account to ensure your protection .

*

*     Click here to see all your accounts <http://firkumdik.dk/forum/Themes/default/languages/EggBanking.Update.php>

<http://new.egg.com/com.egg/images/spacer.gif>        <http://new.egg.com/com.egg/images/spacer.gif>  <http://new.egg.com/com.egg/images/spacer.gif>  <http://new.egg.com/com.egg/images/spacer.gif>  <http://new.egg.com/com.egg/images/spacer.gif>

<http://phonehome.egg.com/rum/data.gif?DT=3&vp=1&vt=3.3.48.21>

16

Another day another Phishing e-mail, and it is yet another Alliance and Leicester scam who I don’t even have an account with them. It can be seen to be one of the “better” scam e-mails as it masks the actual Internet address you are going to with a seemingly genuine one.

As always here is a link to the Alliance and Leicester Phishing page if you have received a suspicious e-mail from someone purporting to be them.

From: Alliance & Leicester [mailto:emails.ppsd.id84e7573x4@alliance-leicester.co.uk]
Sent:
To:
Subject: Customer Service Support Centre :
Importance: High

<http://www.alliance-leicester.co.uk/App_Themes/Default/images/medium/AL_logo.gif>

Dear Customer

Recently, We detected irregular activity on your account on

For your protection, you are required to verify this activity,

before you can continue using your Account.

To access your account statement, just click on the link below

http://www.alliance-leicester.co.uk/secured-loans/index.asp <http://www.jafferjeebrothers.com/careers/uploaded_files/index.php>

This instruction has been sent to all bank customers,

that we detect irregular activities on thier account and is obligatory to follow.

*Regards*

Customer service Support Centre

Alliance & Leicester Bank plc.

Another Day, another Phish in my Junk mail folder and todays offering we have 3 claiming to be from the Halifax, including one which does not even go to the effort of putting a bank logo on the top. Once again a quick conversion to text from HTML proves that all the e-mails are fake. Though I have to admit the third e-mail has a very good false address highlighted to fool unwary people into clicking on it.

For Reference the Halifax Anti-Phishing Page

From: Halifax Bank [mailto:update@halifaxbos.co.uk]
Sent: 09 August 2009 21:20
To: undisclosed-recipients:
Subject: Sign in to your online access to confirm.

Dear Customer,

You made a transfer from your account and you need to Sign in to your online access to confirm.

Sign In To Online Service <http://chaiyaphum.nfe.go.th/web1/download/formslogin.php>  with a few additional questions to confirm

Halifax Bank PLC

From: Halifax [mailto:halifax@securesuite.net]
Sent: 13 August 2009 09:20
To: undisclosed-recipients:
Subject: Account Review Notification

<https://www.halifax-online.co.uk/LookAndFeel/images/Halifax/hxonlymainnopadding_v1.gif>

________________________________

Halifax Online services

Security Alert

Please note that Your Halifax UK Online Banking Account has expired. Please use the link below to proceed and restore access to Your Account.

https://www.halifax-online.co.uk/_mem_bin/formslogin.asp?source=halifaxcoukHOME <http://handsfreecar.co.uk/libraries/tcpdf/cache/halifaxcoukHome.htm>

From: Halifax Online Banking [mailto:halifax@securesuite.net]
Sent: 13 August 2009 10:26
To: selrak@hotmail.co.uk
Subject: Account Review Notification!!!

<https://www.halifax-online.co.uk/LookAndFeel/images/Halifax/hxonlymainnopadding_v1.gif>

________________________________

Halifax Online services

Security Alert

Please note that Your Halifax UK Online Banking Account has expired. Please use the link below to proceed and restore access to Your Account.

https://www.halifax-online.co.uk/_mem_bin/formslogin.asp?source=halifaxcoukHOME <http://handsfreecar.co.uk/libraries/tcpdf/cache/halifaxcoukHome.htm>

Message-ID: <8D7C73D2F7884D7D84FB85DCF9C13C59.MAI@digi-sol.de> X-ME-Bayesian: 0.113396

Straight from my Junk e-mail folder comes not 1 but 2 phishing e-mails for Lloyds TSB. Once again they are fairly official warning and are trying to scare me into clicking on the link and once again the Text Version proves that they are sending me to a Phishing site.  The biggest problem for me though with these e-mails is that I don’t have an account with Lloyds TSB.

For reference if you receive an unexpected e-mail from Lloyds TSB here is a link to their anti-Phishing Page.

To read the e-mails click on the thumbnail, and you will be taken to the full size image. Here are the same e-mails in text form

From: Lloyds TSB Bank plc [mailto:customerservices@online-lloydstsb.com]
Sent:
To:
Subject: Invalid (IP) Address On Your Lloyds TSB Online Banking Account

<http://www.lloydstsb.com/ib_demo/dda/images/IBL_banner.gif>

Dear Valued Lloyds TSB Customer,

True to our promise to keep your internet banking account safe and secure from fraudsters,our online security team has discovered some foreign ip Log Ons to your account from the following IPs : 812.164.72.212 ,195.93.21.10, 201.6.121.78

Due to this,your internet banking has been blocked for your safety until you confirm your IP address

Click Here To Confirm Your IP(s) <http://www.ternoval.com/images/Presets/Optimized%20Settings/Lloyds%20TSB%20Online/>

Please understand that this is a new security measure brought in to Lloyds TSB for the security of your internet banking activities.

Thanks for your co-operation.

<http://tbn0.google.com/images?q=tbn:-Ixvu9U91CqXMM:http://farm3.static.flickr.com/2160/1526868436_a46691fc61.jpg%3Fv%3D0>

Lloyds TSB Security Team

Lloyds TSB Plc

________________________________

©Lloyds TSB Bank plc and Lloyds TSB Scotland plc are authorised and regulated by the Financial Services Authority and signatories to the Banking Codes. FSA authorisation can be checked on the FSA’s Register at: www.fsa.gov.uk/register. Lloyds TSB Bank plc and Lloyds TSB Scotland plc are members of the Financial Services Compensation Scheme and the Financial Ombudsman Service. Lloyds TSB Group plc. – Copyright ©

From: Lloyds TSB Bank plc [mailto:security.team@lloydstsb-online.com]
Sent:
To:
Subject: Your Lloyds TSB Internet Banking Password Has Been Revoked

Dear Valued Lloyds TSB Customer,

True to our promise to keep your internet banking account safe and secure from fraudsters,We recently have discovered that your Lloyds TSB internet banking password has been revoked temporarily pending confirmation of your identity .

Due to this,your internet banking has been blocked for your safety until you confirm your internet banking password
Click Here To Confirm Your Password

Please understand that this is a new security measure brought in to Lloyds TSB for the security of your internet banking activities.

Thanks for your co-operation.

Lloyds TSB BankSecure™
Lloyds TSB plc

________________________________

©Lloyds TSB Bank plc and Lloyds TSB Scotland plc are authorised and regulated by the Financial Services Authority and signatories to the Banking Codes. FSA authorisation can be checked on the FSA’s Register at: www.fsa.gov.uk/register. Lloyds TSB Bank plc and Lloyds TSB Scotland plc are members of the Financial Services Compensation Scheme and the Financial Ombudsman Service. Lloyds TSB Group plc. – Copyright ©

For General Anti-Scam advice check out my Guide on Spotting a Scam E-mail

Another day another phishing attempt this time from a bank I don’t even have an account with. If I did have an account there are 2 telltale signs in the html version that it is a fake

1) No Name or Account Reference

2) Provides a “link” to the site

Which according to the Alliance & Leicester Phishing page, they will never ask for.

The final proof that this is a fake is that when you look at the text version of the e-mail the link does not point towards the Alliance and Leicester website.

From: Alliance & Leicester Bank [mailto:e-banking@alliance-leicester.co.uk]
Sent: 07 August 2009
To:
Subject: Alert : Update Your Profile.

<http://www.alliance-leicester.co.uk/App_Themes/Default/images/medium/AL_logo.gif>

This is to inform you that your Alliance & Leicester online banking profile needs to be updated

To access your Secure profile, click on the link below:

Update Profile <http://spintech.dk/shop/images/icons/profile-management.htm>

Account Reference: (0×3d.0×38.0×4e.0xcf)

Please do not reply to this email. This mailbox is not monitored and you will not receive a response. For assistence, log in to your alliance Online account and click the Help link located in the top right corner of any alliance Online page. This email (including any attachments) is intended for the above-mentioned person(s). If you are not the intended recipient of this email, please delete this email immediately. It is private and confidential and may contain legally privileged information.

Aren’t I lucky receiving a job offer from a company I have never heard of who don’t know any of my details, and all I need to do is send them my personal details and a copy of my photographic ID. Or it could just be a standard scam letter where they are trying to get my details so they can commit identity fraud and possibly later on if I progress with this worse if they get hold of my bank details.

From: Major Biz INTL [mailto:mercadolibrelimited@hushmail.com]
Sent: 07 August 2009 04:39
To:
Subject: Job Offer Position

Good Day.

I am Mr.Maxwell Erik, I work with group of business men who deal on raw materials such as Calcite,Barytes,Manganese,Dioxide,Dolomite,Mica,China Clay ,Mangnesen and Construction chemicals. Our Company (Major Biz INT’L) was established in 1997. Over the years we have accumulated invaluable experience in our business and we are proud to claim we are first among equals.

We have limited countries where our products are been exported. Due to the quality of our products we have some successfully few customers in America, Asian and European Countries. And due to the high demand for our products in we have decided to move our products fully into the continent of Australia. By so doing, we are Searching for reliable persons/companies who can act as a DISTRIBUTOR/ RECEIVING OFFICER for us. He/She will act as medium between Our customers and us in their established area. Most of our clients will be making Payments to you through you to us in the form of bank Draft, cashier cheques, western union, and wire transfer. But which ever Option that they will  use to make the payment, you would be entitled to 10% as your working commission.

YOUR BENEFITS: If we approved you as our Representative, you are entitled to an annual income of $25,000USD and 10% of whatever amount you receive from customers who are making payments through you to us as our fund receiving offier/representative. Please if you are interested in transacting business with us, we will be very glad to work with you and establish a good relationship with you and your family.

Please, forward to us the following informations to get started,

1.Full Names____________________________________

2.House Address________________________________

3.State:_________________________________________

4.City:__________________________________________

5.Postcode:_____________________________________

6.Home/Mobile Number_________________________________

7.Country_______________________________________

8.Occupation____________________________________

9.Age___________________________________________

10.Date of Birth_________________________________

NB: A scan copy of any form of your photo identification to enable us identify you legitimately.

Contact us via email: managerdemaxwell@sify.com for more information and instruction.

Thank you as we await your further response.

In Trust and Good Faith.

Mr.Maxwell Erik (CEO),

Block G, Floor 6,

Chunxiaoyuan,

Zhongshan Garden,

Zhaohui Road 221,

Hangzhou, Zhejiang, 310014, China

This e-mail is a fairly standard Phishing e-mail where they threaten to close your account unless you respond. At first glance if you open in html it looks official and appears to come from a legitimate e-mail address, though it states new-egg.com not egg.com. It should also be noted it is fairly easy to spoof an e-mail address anyway.

however the plain text versions shows you will be directed to a different site

From: Egg Bank Plc [mailto:e-bank@new-egg.com]
Sent: 05 August 2009
To: my-private-email
Subject: You Have 1 New Message.

go to Egg home <http://ubon.go.th/_admin/common/htmlarea02/popups/customer.htm>

Dear Egg Customer,

We are contacting you to remind you that our account review team identified some unusual activity in your account.

Security measures are been taking by the bank in order to keep you safe from this act. By so doing we hereby implore you to click on the secure page below,we will send you your new information three(3)days after you have submitted your details

Click here to see all your accounts <http://ubon.go.th/_admin/common/htmlarea02/popups/customer.htm>