Kitz Forum
Computer Software => Security => Topic started by: mr_chris on January 08, 2008, 06:55:40 PM
-
I know most people here are probably aware of "phishing" scams... emails pretending to be from a legitimate source, usually banks etc, tricking you into visiting a page that looks identical to what you're used to seeing, and "validating" your details... usually in broken english, with a website address that looks like "yourbank.online.vds.e02.dodgychinese.hosting.cn/..."
There seems to be a new wave of them that are starting to get a bit more sophisticated. I've had a couple in the last few days pretending to be from all sorts of banks, and got one today that was "from" the Halifax.
The website address is http://i-halifax.com/ and as of ten minutes ago it was still working - it appears to have died now though. I have deliberately made the link non-clickable so you have to know exactly what you've done if you visit the site - I don't want to be responsible!!!
It was a direct clone of the halifax online banking page, and given the address used, I thought it was worth saying something about.
Just be aware, folks... these scams are getting clever. Learn the address of your online banking website and ALWAYS check it in the browser bar. If necessary write it on a post-it and stick it to the side of your monitor so you remember to check it every time you visit your bank's website!!
Banks will never (in my experience) ask you to visit their site directly from an email. If you do get an email asking to visit a site, you can always ring up your bank and check - they'd rather you do that than ring them to say you've been scammed!
Just a heads up :)
-
Good advice.
-
Banks will never (in my experience) ask you to visit their site directly from an email.
Just been chatting to kitz - and she reminded me that Egg do send out emails linking to their site.
But... these are more like "your statement is ready" type of emails rather than "Validate your secure detail for us so we can continuing to offer you security service"
Banks will never email you asking you to verify security details, no matter how convincing they make the reasons sound. They already have your info and enough security to know who you are!
-
The simplest and most sensible way is to have your bank site bookmarked and use that as the only point of entry to the site.
and if in doubt, give them a quick phone call first. :)
-
I had a Halifax bogus site in my spam folder about this time last year.The alarm bells started ringing when a)centre was spelt center and b) it said if I did not update my security details by 29th feb ( there was no 29th feb last year)my card would not be valid.I then logged on to the offical halifax site and there was a link to send them the bogus address for them to follow up and delete it once sent to them.
-
I've never had any problems, but then again I don't bank with any of the big players.
-
>> I've never had any problems, but then again I don't bank with any of the big players.
Same here for my main account... and that's what I thought up until a month or so ago...
when I was quite surprised to see a phishing mail with my banks name on.
-
I'm with one of the smaller banks and few weeks ago I got this email with the title "Your xxx account has been suspended" Well did I panic, well no I just pressed the Junk button on Thunderbird mail browser.
I don't even open these type of email at all .
I do Like 'Floydoid' does always use a bookmark to start up my bank site details.
-
What worries me is how do these phishing types know which bank you use?
-
By and large they don't. I've had several phishing emails purporting to come from banks I have no connection with at all, and never a single one from the banks I actually have accounts with.
-
Thanks Eric, that's rather comforting to know. :)
-
Yep, they even try to gain your confidence by saying something like "This is an automatically generated email. If you are not a customer of BigNameBank plc you may safely ignore this email."
It's amazing (and frightening) how many people will simply accept whatever pops up on their computer screen without any thought as to WHY its there! This is who these emails are targeted towards, and unfortunately, they appear to be still working :(
-
Hi all,just be on the lookout,I've just had 2 phishing emails in my bulk mail folder.One from Abbey National and one from RBS(Royal Bank of Scotland)They arrived within half an hour of each other telling me my accounts had been suspended and click on the link to update security details. :no:I don't bank with either.
-
The simplest way of doing this (if you have your own domain) is to create an email address for each bank account.
eg: me_mybank1@mydomain.com, me_mybank2@mydomain.com
Now you simply ensure that you NEVER give that address out to anyone other than your bank. Phishing is of course still possible but should be pretty easy to spot if it does occur.
I do the same for general internet shopping too - eg dabs_shopping@mydomain.com - which is very helpful for spotting who is leaking your email address.
-
Hi all,just had another phishing email supposedly from RBS (Royal Bank of Scotland).My mail scanner picked it up as another site posing as RBS.The site was, jobvina.com.Its Vietnamese?I googled it and it was flagged up green by Mcafee site advisor?Didn't actually click on to the site,but just forwarded the email to RBS security dept.Don't even bank with them.
-
I know it's not the same thing but.
Goldfish Bank Ltd have been taken over (AGAIN) this time by Barclays Bank PLC.
So in the near future don't be surprised if and when accessing your "Goldfish" on-line account if the words Barclays crops up.
This is perfectly genuine.
(I truly have forgotten the amount of times this card/bank has changed owners)
-
I have a had a couple purporting to be from French institutions, but they are all in English !!!!! ???
-
I don't know if it's phishing but oldfogy and I have both received e-mails purporting to be from UPS saying they were unable to deliver a postal package to us, with a tracking number and an attachment. As the reply address was tequila com I smelled bad phish. I don't know what happens if you open the attachment, which claims to be a copy invoice to print, but it can't be good.
Edit:
I have removed the link that you posted so that no one tries it out of curiosity
dave
-
Ian,
If you open the attachment within the email.
YOU GET A VIRUS ON YOUR PC
******************************************************************
And a new VIRUS one that is also dong the rounds is:
http://www.theregister.co.uk/2008/07/22/fake_alonso_car_crash_trojan/
The fake news story, supposedly from Spanish daily El Pais, has two-time motor racing champion seriously injured on Tuesday in an accident in the norther city of Bilbao. The bogus story, distributed via spam emails, links to a video clip depicting what appears to be a spectacular blaze. The clip installs malware onto the PC of those falling for the ruse.
-
I don't know if it's phishing but oldfogy and I have both received e-mails purporting to be from UPS saying they were unable to deliver a postal package to us, with a tracking number and an attachment. As the reply address was tequila com I smelled bad phish. I don't know what happens if you open the attachment, which claims to be a copy invoice to print, but it can't be good.
Edit:
I have removed the link that you posted so that no one tries it out of curiosity
dave
I had this one the other day and I just clicked my 'junk' button on Thunderbird email browser. :D