Banner Exchange

Google Search

8/27/07

Your account has been suspended! SCAM!

Okay, you sit down at your computer to check your email and you see this in "Your account has been suspended, blah, blah, blah". You guy reaction, crap. You open the email and there are instructions telling you to click on the link below and all your problems will go away. DON'T DO IT! Why? You may ask. Chances are it's a scam. Any company that does business on line or allows it's customers to sign up for on line accounts will never ask you to click on the link embedded in an email. If they do, they are stupid and are opening themselves and their customers up to scams. How they work, simple a person gets the scam mail and clicks on the link in the email. Now just because a link may look like www.yourbank.com does not mean you will be taken to your bank's homepage. The embedded link you click on can be a totally different web page all together. Remember an embedded link is used to link a website to words in an email, web page, or document, it does not have to words displayed do not have to be the same name as the website it's linked to for example Click Here Sure there maybe a website out that www.clickhere.com but if you click on the link here your coming back to this post. What the scammer does is place the words (www.bankofamerica.com) in the email but links the words to their own site which can look like a real site. However, if someone were to look in their URL address of the page the url could read something like this http://www.pogs.aspx. Below is a list of tale, tale signs the suspension email is bogus.

1. The email is pretty basic and does not have any company logos or branding. Example no company logos and or the font is different then other real communications you see. Most companies have standards right down to the type of font they use.

2. The email is from a company you've never had an account with.

3. Email instructs you to click on the link embedded in the email.

4. The TO: email address is not your email address or it says UNDISCLOSED RECIPIENTS

5. The misspelling of words, especially in job titles.

6. Conflicting reasons why this highly important email was sent.


Also, here are some examples of the scam mails. You'll notice my commentary in green.

Halifax Bank Account Suspension notice scam
X-AOL-UID: 3162.430522728
X-AOL-DATE: Mon, 27 Aug 2007 3:57:39 PM Eastern Daylight Time
Return-Path:
Received: from rly-mf07.mail.aol.com (rly-mf07.mail.aol.com [172.20.29.177]) by air-mf06.mail.aol.com (v119.7) with ESMTP id MAILINMF061-97146d32c85285; Mon, 27 Aug 2007 15:57:38 -0400
Received: from terahost.de (terahost.de [86.110.94.3]) by rly-mf07.mail.aol.com (v119.7) with ESMTP id MAILRELAYINMF077-97146d32c85285; Mon, 27 Aug 2007 15:56:54 -0400
Received: (qmail 11540 invoked by uid 33); 27 Aug 2007 21:55:46 +0200
Date: 27 Aug 2007 21:55:46 +0200
Message-ID: <20070827195546.11537.qmail@terahost.de>
To: barrudaki@aol.com
Subject: Online Banking Suspended: Update Your Online Service
From: Halifax Bank
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-AOL-IP: 86.110.94.3
X-Mailer: Unknown (No Version)

You'll notice this email has logos in it, however they are linked from the actual site as opposed to being embedded in the email. This means the scammer linked the logos instead of saving them to a hard drive for reference, this is because the referenced logos would identify which computer was used to embed them so the scam just links to the logo instead.

Online Logo

Dear Valued HALIFAX Costumer:

Due to concerns, for the safety and integrity of the HALIFAX
account we have issued this warning message.

It has come to our attention that your Halifax account information needs to be
updated as part of our continuing
commitment to protect your account and to
reduce the instance of fraud on our website.
If you could please take 5-10 minutes
out of your online experience and update your personal records you will not run into
any future problems with the online service.

Once you have updated your account records your HALIFAX account
service will not be interrupted
and will continue as normal.

To update your HALIFAX records click on the following link:
http://www.halifax-online.co.uk/onlineservices/login.asp
If you right click on the link and select Properties you will see the real web page you are sent to, for this example the web page is http://aefona.org////language/formslogin.htm
IMPORTANT:

If you do not confirm your current IP address until August 25, 2007, your account will be SUSPENDED for security reasons and we will send you a new Access Code by post which you will need to reactivate your online banking service access. You will receive this within seven days if your current IP address is not confirmed.

James T. Hopkins
Online Security Advisor,
Halifax Bank PLC.

NOTE:
You will be required to login to you account. Please ensure that you do not do this in a public internet cafe.

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your Halifax Bank PLC account and choose the "Help" link on any page.
© HALIFAX Bank PLC 2007. All Rights Reserved.

I don't have an account with Halifax bank and the link in the email goes to somewhere not even remotely associated with Halifax Bank. Next please.

AOL account email scam
X-AOL-UID: 3331.408319955
X-AOL-DATE: Sat, 25 Aug 2007 6:15:21 AM Eastern Daylight Time
Return-Path:
Received: from rly-xa01.mx.aol.com (rly-xa01.mail.aol.com [172.20.64.37]) by air-xa02.mail.aol.com (v119.7) with ESMTP id MAILINXA21-4746d001332eb; Sat, 25 Aug 2007 06:15:20 -0400
Received: from 64.12.137.249 (toroon12-1177864165.sdsl.bell.ca [70.52.199.229]) by rly-xa01.mx.aol.com (v119.7) with ESMTP id MAILRELAYINXA11-4746d001332eb; Sat, 25 Aug 2007 06:15:17 -0400
Received: from [70.143.209.13] by 64.12.137.249 with SMTP; Sat, 25 Aug 2007 05:09:18 -0600
Message-ID:
From: "AOL SERVICE"
Reply-To: "AOL SERVICE"
To: barrelstoturn@aol.com
Subject: AOL Service
Date: Sat, 25 Aug 2007 05:09:18 -0600
X-Mailer: Microsoft Outlook Express 6.00.2462.0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="D_CAF86CBCFD20_437D"
X-Priority: 3
X-AOL-IP: 70.52.199.229

We found out that your AOL Billing information's records are out of date.
This requires an update of your billing information. Please take a several
minutes from your online experience and update your billing records. You
will not have any problems in future with our online services.
However, your refusal to update your records will be finished in your
account termination.

Please update your records right now.
As you have updated your account records your AOL Sessions will not be interrupted.
Please click the link below to update your billing records:

http://my.aol.com/_cqr/login/?login92374201d098f40fhu=us1

Sincerely,

America Online, Inc.

Okay, any correspondence I get from AOL in regards to me giving up account information has never asked me to click on a link in the email. Not only that there's no logo and nothing that would indicate it is legit. The scammer didn't bother to try and hide the URL destination that well, but just for giggles here were the link really sends you http://my.aol.com.id-39jgr9e83.frgfs.com:8080/aol.com/promocode.htm?84197HNIF4F43NF837NF4378NF3874GBDJKWENRU9132NFEJWOLBW1027GB1ASH0ET5N3JGKREBW73
The other thing my AOL is free I don't have any billing information to give them. Also this is being sent to my AOL account which is within the AOL email system which means only the name AOL SERVICE would show up in the FROM: address not "AOL SERVICE" service@my-aol.com NEXT!


Paypal Scam Email
X-AOL-UID: 3277.432957798
X-AOL-DATE: Tue, 21 Aug 2007 4:42:23 PM Eastern Daylight Time
Return-Path:
Received: from rly-db02.mx.aol.com (rly-db02.mail.aol.com [172.19.130.77]) by air-db02.mail.aol.com (v119.7) with ESMTP id MAILINDB024-aac46cb4e1d1c6; Tue, 21 Aug 2007 16:42:20 -0400
Received: from jocum.org.br (jocum.org.br [204.200.196.47]) by rly-db02.mx.aol.com (v119.7) with ESMTP id MAILRELAYINDB022-aac46cb4e1d1c6; Tue, 21 Aug 2007 16:42:05 -0400
Received: from User ([209.12.93.66])
(authenticated bits=0)
by jocum.org.br (8.13.6.20060614/8.13.6) with ESMTP id l7LB1GU1075946;
Tue, 21 Aug 2007 11:01:17 GMT
Message-Id: <200708211101.l7LB1GU1075946@jocum.org.br>
Reply-To:
From: "service@paypal.com"
Subject: Important Notification
Date: Tue, 21 Aug 2007 06:05:07 -0600
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
To: undisclosed-recipients:;
X-AOL-IP: 204.200.196.47

Dear PayPal Customer,

This email is to inform you, that we had to block your PayPal Account access because we had to upgrade our servers in order to remove online fraud.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times. We have noticed some unusual activity related to our servers that indicates that other parties may have access and, or control of your informations in your account.

First it was server updates now it's unusual activity on my account, which is it? The least these scammers can do is decide which lame excuse to use.

Please follow this link to confirm your account access information :

https://www.paypal.com/us/cgi-bin/webscr?_cmd=login-run

Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to upgrade your account as instructed above.

Thank you for your time and consideration in this matter .

Sincerely,
PayPal Account Departement.Yes the whole paypal account departEment is sincerely concerned about my account.



© Copyright 2007, PayPal. All Rights Reserved.
e-mail id : 1211ppl1


No company logo, asking for recipient to click on embedded link which really goes to http://www.sru.ac.th/bud/file/bay/a.htm, the whole email looks nothing like something you would get from paypal. Hell, if you do get a real email from Paypal regarding your account consider yourself part of the privileged from what I understand it's hard to get Paypal to contact you about anything that doesn't involved a auto-canned response.


Until next time be safe.

No comments:

Post a Comment

Complaints? Comments? Concerns?