Hi, everyone,
This e-mail came from my brother, who works for Microsoft in their anti-virus division. He asked me to e-mail this to my friends, FYI.
**************************************************
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 1, No. 9. September 8, 2004
**************************************************
Major threat this month: Phishing attacks that seem to come from
Citibank, Paypal, Citizens Bank and US Bank
Phishing attacks have been doubling every month. In a phishing attack,
the thieves pretend to be sending you to a reputable site like Citibank
and ask for your private data, so they can steal your money or your
identity. Recent research reports that one in twenty people are fooled
by these types of attacks, which is why the thieves keep at it. One of
our goals is to make sure you don't get caught in the scams.
Also this month, graphical spam is increasing. Spammers send you a
picture of the offer instead of the text of the offer, so that your
company or internet provider's spam blockers are powerless to stop them
even if they use very bad language.
The attacks discussed here are the tip of the iceberg.
To be safe:
1. DON'T open email attachments from anyone unless you know the
sender and you were expecting the attachment.
2. DON'T click on links in emails or web sites unless you can
guarantee the email came from someone who is not trying to fool
you and that the web site is actually the site you think it is.
3. DON'T disclose private information unless you initiated the need
to do so.
What To Avoid This Month
I. Emails from people trying to get you to divulge private details.
These are often trying to steal your identity (and your money)
I.1 Maintenance Update (from Citibank)
I.2 PayPal account limited
I.3 Citizens Bank Fraud Verification Process
I.4 Citibank with various subjects and possibly a time stamp
I.5 Attn: Citibank Update
I.6 "notice: US Bank"
II. Opening attachments that have interesting subjects and provocative
text in the body of the email. Several viruses (Beagle, MyDoom, Netsky)
are still spreading rapidly because they fool you into thinking they
come from a friend and have data you want to see. Remember: do not open
unexpected attachments without checking with the sender to be sure the
attachment is safe. If you break this rule, you will hurt a lot of other
people - people you know - because your infected computer will send
viruses to people in your address book.
******************************
More Details About The Phishing Attacks
I. Emails from people trying to steal your identity (and your money)
I.1 Maintenance Update (from Citibank)
The bait:
An email that looks as if it comes from Citibank saying the
company "could not verify your current information," and
asking you to update it.
What it tries to make you do:
Click on a link and tell them your credit Card information,
social security number, date of birth and mother's maiden name.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/09-02-04_Citibank_(Citiban
k.com_Maintenance_upgrade).html>
I.2 PayPal account limited
The bait:
An email that looks as if it comes from PayPal and says,
"We suspect that your PayPal account may have been accessed by an
unauthorized third party."
What it tries to make you do:
Click on a link and tell them your email and your PayPal password.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/09-01-04_Paypal_(PayPal_ac
count_Limited).html>
I.3 Citizens Bank Fraud Verification Process
The bait:
An email that looks as if it comes from Citizens Bank saying they
suspect your account may have been accessed by an unauthorized
third party.
What it tries to make you do:
Click on a link and tell them your ATM or debit card number
and password.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-31-04_Citizens_Bank_(Ci
tizen_Bank_Fraud_Verification_Process).html>
I.4. Citibank with various subjects and possibly a time stamp
The bait:
An email that looks as if it comes from Citibank saying, they
are updating their software and asking you to click on what looks
like a real Citibank url.
What it tries to make you do:
Click anywhere on the image (the entire scam is a single image)
and then provide a wealth of very private information ranging
from your ATM card and PIN to your mother's maiden name.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-27-04_Citibank_(various
_subjects,_image-only_email).html>
I.5. Attn: Citibank Update
The bait:
"Click here" link in an email that seems to come from Citibank
saying that they noticed one or more attempt to log into your
account from a foreign IP address.
What it tries to make you do:
Click on a link and tell them your ATM card number and PIN and
username and password.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-26-04_Citibank_(Attn_Ci
tibank_Update).html>
I.6 "notice: US Bank"
The bait:
An email that seems to come from US Bank asking you to login.
What it tries to make you do:
When you click on the login button, it asks for your ATM Card
number and PIN.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-25-04_US_Bank_(Notice_U
s__BANK).html>
==end==
Copyright 2004, The SANS Institute. http://www.sans.org
Permission is granted to copy and redistribute this material to whomever
it will help.
This e-mail came from my brother, who works for Microsoft in their anti-virus division. He asked me to e-mail this to my friends, FYI.
**************************************************
OUCH: The Report On Identity Theft and Attacks On Computer Users
Volume 1, No. 9. September 8, 2004
**************************************************
Major threat this month: Phishing attacks that seem to come from
Citibank, Paypal, Citizens Bank and US Bank
Phishing attacks have been doubling every month. In a phishing attack,
the thieves pretend to be sending you to a reputable site like Citibank
and ask for your private data, so they can steal your money or your
identity. Recent research reports that one in twenty people are fooled
by these types of attacks, which is why the thieves keep at it. One of
our goals is to make sure you don't get caught in the scams.
Also this month, graphical spam is increasing. Spammers send you a
picture of the offer instead of the text of the offer, so that your
company or internet provider's spam blockers are powerless to stop them
even if they use very bad language.
The attacks discussed here are the tip of the iceberg.
To be safe:
1. DON'T open email attachments from anyone unless you know the
sender and you were expecting the attachment.
2. DON'T click on links in emails or web sites unless you can
guarantee the email came from someone who is not trying to fool
you and that the web site is actually the site you think it is.
3. DON'T disclose private information unless you initiated the need
to do so.
What To Avoid This Month
I. Emails from people trying to get you to divulge private details.
These are often trying to steal your identity (and your money)
I.1 Maintenance Update (from Citibank)
I.2 PayPal account limited
I.3 Citizens Bank Fraud Verification Process
I.4 Citibank with various subjects and possibly a time stamp
I.5 Attn: Citibank Update
I.6 "notice: US Bank"
II. Opening attachments that have interesting subjects and provocative
text in the body of the email. Several viruses (Beagle, MyDoom, Netsky)
are still spreading rapidly because they fool you into thinking they
come from a friend and have data you want to see. Remember: do not open
unexpected attachments without checking with the sender to be sure the
attachment is safe. If you break this rule, you will hurt a lot of other
people - people you know - because your infected computer will send
viruses to people in your address book.
******************************
More Details About The Phishing Attacks
I. Emails from people trying to steal your identity (and your money)
I.1 Maintenance Update (from Citibank)
The bait:
An email that looks as if it comes from Citibank saying the
company "could not verify your current information," and
asking you to update it.
What it tries to make you do:
Click on a link and tell them your credit Card information,
social security number, date of birth and mother's maiden name.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/09-02-04_Citibank_(Citiban
k.com_Maintenance_upgrade).html>
I.2 PayPal account limited
The bait:
An email that looks as if it comes from PayPal and says,
"We suspect that your PayPal account may have been accessed by an
unauthorized third party."
What it tries to make you do:
Click on a link and tell them your email and your PayPal password.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/09-01-04_Paypal_(PayPal_ac
count_Limited).html>
I.3 Citizens Bank Fraud Verification Process
The bait:
An email that looks as if it comes from Citizens Bank saying they
suspect your account may have been accessed by an unauthorized
third party.
What it tries to make you do:
Click on a link and tell them your ATM or debit card number
and password.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-31-04_Citizens_Bank_(Ci
tizen_Bank_Fraud_Verification_Process).html>
I.4. Citibank with various subjects and possibly a time stamp
The bait:
An email that looks as if it comes from Citibank saying, they
are updating their software and asking you to click on what looks
like a real Citibank url.
What it tries to make you do:
Click anywhere on the image (the entire scam is a single image)
and then provide a wealth of very private information ranging
from your ATM card and PIN to your mother's maiden name.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-27-04_Citibank_(various
_subjects,_image-only_email).html>
I.5. Attn: Citibank Update
The bait:
"Click here" link in an email that seems to come from Citibank
saying that they noticed one or more attempt to log into your
account from a foreign IP address.
What it tries to make you do:
Click on a link and tell them your ATM card number and PIN and
username and password.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-26-04_Citibank_(Attn_Ci
tibank_Update).html>
I.6 "notice: US Bank"
The bait:
An email that seems to come from US Bank asking you to login.
What it tries to make you do:
When you click on the login button, it asks for your ATM Card
number and PIN.
Where you can see how it actually appears:
<http://www.antiphishing.org/phishing_archive/08-25-04_US_Bank_(Notice_U
s__BANK).html>
==end==
Copyright 2004, The SANS Institute. http://www.sans.org
Permission is granted to copy and redistribute this material to whomever
it will help.
